Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomeware - West Yorkshire Police


  • This topic is locked This topic is locked
15 replies to this topic

#1 Dancin Homer

Dancin Homer

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 September 2012 - 06:52 AM

Hi Guys, I've run the following programs to try and remove this infection but it's still there; rkill 1st, combofix (in safe-mode), malwarebytes (full), hitman pro & trojan remover.

Would be much appreciated if someone could help ;)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by neil at 14:30:36 on 2012-09-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8082.6553 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcawfwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120913122021.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Conime] %windir%\system32\conime.exe
dRun: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - C:\windows\SysWow64\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D80E7C60-1E9F-4CED-98D4-03681597038D} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D80E7C60-1E9F-4CED-98D4-03681597038D}\14F4C42424D2034343241423 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120913122021.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Conime] %windir%\system32\conime.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\92osivq9.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\windows\system32\DRIVERS\iusb3hcs.sys --> C:\windows\system32\DRIVERS\iusb3hcs.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 NBVol;Nero Backup Volume Filter Driver;C:\windows\system32\DRIVERS\NBVol.sys --> C:\windows\system32\DRIVERS\NBVol.sys [?]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\windows\system32\DRIVERS\NBVolUp.sys --> C:\windows\system32\DRIVERS\NBVolUp.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-13 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-13 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-13 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-9-13 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-9-13 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-4 687400]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\iusb3hub.sys --> C:\windows\system32\DRIVERS\iusb3hub.sys [?]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\windows\system32\DRIVERS\iusb3xhc.sys --> C:\windows\system32\DRIVERS\iusb3xhc.sys [?]
R3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-9-13 225216]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 0028621347535239mcinstcleanup;McAfee Application Installer Cleanup (0028621347535239);C:\Users\neil\AppData\Local\Temp\002862~1.EXE -cleanup -nolog --> C:\Users\neil\AppData\Local\Temp\002862~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-2-17 250056]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-3 276248]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-2-10 112080]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-6-27 57216]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-9-13 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-13 12:47:37	9310152	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{890DAA47-3B7F-4C3F-B24D-EAA75888851B}\mpengine.dll
2012-09-13 12:39:14	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-09-13 11:35:43	--------	d-----w-	C:\Users\neil\AppData\Local\Mozilla
2012-09-13 11:19:48	--------	d-----w-	C:\Program Files (x86)\McAfee
2012-09-13 10:53:39	160280	----a-r-	C:\windows\System32\drivers\mfeapfk.sys.1452.deleteme
2012-09-13 10:53:38	647080	----a-r-	C:\windows\System32\drivers\mfehidk.sys.c9b3.deleteme
2012-09-12 12:28:05	9310152	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-12 12:05:47	--------	d-----w-	C:\ProgramData\HitmanPro
2012-09-12 11:46:05	--------	d-----w-	C:\Users\neil\AppData\Local\temp
2012-09-12 10:48:16	25928	----a-w-	C:\windows\System32\drivers\mbam.sys
2012-09-12 10:48:16	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-12 09:27:17	--------	d-----w-	C:\Program Files (x86)\GridinSoft Trojan Killer
2012-09-12 08:07:43	950128	----a-w-	C:\windows\System32\drivers\ndis.sys
2012-09-12 08:07:42	41472	----a-w-	C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 08:07:39	574464	----a-w-	C:\windows\System32\d3d10level9.dll
2012-09-12 08:07:39	490496	----a-w-	C:\windows\SysWow64\d3d10level9.dll
2012-09-12 08:07:37	376688	----a-w-	C:\windows\System32\drivers\netio.sys
2012-09-12 08:07:37	288624	----a-w-	C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 08:07:37	1913200	----a-w-	C:\windows\System32\drivers\tcpip.sys
2012-09-10 12:20:43	--------	d-----r-	C:\Program Files (x86)\Skype
2012-09-10 12:00:16	--------	d-----w-	C:\windows\System32\wbem\repository
2012-09-10 11:35:30	927800	------w-	C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C4FE651-C020-49B5-A0C0-F1881BA8DEBD}\gapaengine.dll
2012-09-10 11:28:29	--------	d-----w-	C:\Program Files (x86)\Microsoft Security Client
2012-09-10 11:28:27	--------	d-----w-	C:\Program Files\Microsoft Security Client
2012-09-10 11:27:51	--------	d-----w-	C:\Users\neil\AppData\Roaming\Malwarebytes
2012-09-10 11:27:43	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-09-10 11:27:18	--------	d-----w-	C:\windows\pss
2012-09-10 10:57:32	98816	----a-w-	C:\windows\sed.exe
2012-09-10 10:57:32	518144	----a-w-	C:\windows\SWREG.exe
2012-09-10 10:57:32	256000	----a-w-	C:\windows\PEV.exe
2012-09-10 10:57:32	208896	----a-w-	C:\windows\MBR.exe
2012-09-09 07:53:37	--------	d-----w-	C:\Users\neil\AppData\Roaming\TOSHIBA Online Product Information
2012-09-09 07:38:19	8199504	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-09-09 07:38:13	9310152	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ACBAE4C-8B02-4BF2-AC46-F07434E29941}\mpengine.dll
2012-09-09 07:36:37	--------	d-----w-	C:\Users\neil\AppData\Roaming\BullGuard
2012-09-09 07:35:12	--------	d-----w-	C:\ProgramData\BullGuard
2012-09-06 18:50:31	--------	d-----w-	C:\Users\neil\AppData\Roaming\AVG2013
2012-09-06 18:48:51	--------	d-----w-	C:\Users\neil\AppData\Roaming\TuneUp Software
2012-09-06 18:47:24	--------	d-----w-	C:\ProgramData\AVG2013
2012-09-06 18:47:24	--------	d-----w-	C:\$AVG
2012-09-06 18:25:52	--------	d--h--w-	C:\ProgramData\Common Files
2012-09-06 18:25:52	--------	d-----w-	C:\Users\neil\AppData\Local\MFAData
2012-09-06 18:25:52	--------	d-----w-	C:\Users\neil\AppData\Local\Avg2013
2012-09-06 18:25:52	--------	d-----w-	C:\ProgramData\MFAData
2012-09-06 13:43:36	--------	d-----w-	C:\Users\neil\AppData\Local\Nero_AG
2012-09-06 13:38:00	--------	d-----w-	C:\Users\neil\AppData\Roaming\WildTangent
2012-09-06 13:24:23	--------	d-----w-	C:\found.000
2012-09-06 13:11:05	--------	d-----w-	C:\ProgramData\hkvnkebkhsqlumw
2012-08-17 09:45:02	552960	----a-w-	C:\windows\System32\drivers\bthport.sys
2012-08-16 08:53:26	503808	----a-w-	C:\windows\System32\srcore.dll
2012-08-16 08:53:25	43008	----a-w-	C:\windows\SysWow64\srclient.dll
2012-08-16 08:53:17	751104	----a-w-	C:\windows\System32\win32spl.dll
2012-08-16 08:53:16	67072	----a-w-	C:\windows\splwow64.exe
2012-08-16 08:53:16	559104	----a-w-	C:\windows\System32\spoolsv.exe
2012-08-16 08:53:16	492032	----a-w-	C:\windows\SysWow64\win32spl.dll
2012-08-16 08:53:10	59392	----a-w-	C:\windows\System32\browcli.dll
2012-08-16 08:53:10	41984	----a-w-	C:\windows\SysWow64\browcli.dll
2012-08-16 08:53:10	136704	----a-w-	C:\windows\System32\browser.dll
2012-08-16 08:53:01	3148800	----a-w-	C:\windows\System32\win32k.sys
2012-08-16 08:52:57	956928	----a-w-	C:\windows\System32\localspl.dll
2012-08-15 10:28:37	--------	d-----w-	C:\windows\SysWow64\kodak
2012-08-15 10:26:49	--------	d-----w-	C:\windows\SysWow64\spool
.
==================== Find3M  ====================
.
2012-08-15 10:58:53	70344	----a-w-	C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:58:53	426184	----a-w-	C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-01 12:57:19	1409	----a-w-	C:\windows\SysWow64\tmpAC1A4.FOT
2012-08-01 12:57:19	1409	----a-w-	C:\windows\SysWow64\tmp9E1A4.FOT
2012-08-01 12:57:19	1409	----a-w-	C:\windows\SysWow64\tmp802A4.FOT
2012-08-01 12:57:19	1409	----a-w-	C:\windows\SysWow64\tmp652A4.FOT
2012-08-01 12:49:19	8552	----a-w-	C:\windows\SysWow64\drivers\asctrm.sys
2012-08-01 12:49:12	24576	----a-w-	C:\windows\SysWow64\prefscpl.cpl
2012-06-29 03:56:34	2312704	----a-w-	C:\windows\System32\jscript9.dll
2012-06-29 03:49:11	1392128	----a-w-	C:\windows\System32\wininet.dll
2012-06-29 03:48:07	1494528	----a-w-	C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49	173056	----a-w-	C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48	2382848	----a-w-	C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58	1800704	----a-w-	C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01	1129472	----a-w-	C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59	1427968	----a-w-	C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43	142848	----a-w-	C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45	2382848	----a-w-	C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:31:11.55 ===============


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 14 September 2012 - 09:25 AM

Hello Dancin Homer,

Welcome to the forum.

Please copy and paste the log without putting them into the code box.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 14 September 2012 - 10:01 AM

Thank you Farbar for your very quick reply; unfortunately I won't have access to this laptop til Monday (as I didn't expect a response so quickly!)

I will post this ASAP and sorry about the delay.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 14 September 2012 - 10:06 AM

You are most welcome and no worries for the delay. Please post the log when you have access to the laptop.

Have a nice weekend Dancin Homer.:)

#5 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 September 2012 - 04:48 AM

Hi Farbar, here is the results of your scan as requested, Many Thanks;

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 17-09-2012 10:34:57
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-02-06] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-02-16] (Toshiba Europe GmbH)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKU\cathy\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\cathy\...\Run: [uprhctzchllmjuv] C:\ProgramData\uprhctzc.exe [x]
HKU\cathy\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-02-16] (Google Inc.)
HKU\cathy\...\Run: [TaskSchdPS] C:\Users\cathy\AppData\Local\Microsoft\Windows\4660\TaskSchdPS.exe [101376 2012-09-13] ()
HKU\cathy\...\Winlogon: [Shell] explorer.exe,C:\Users\cathy\AppData\Roaming\msconfig.dat
HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
HKU\neil\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-16] (TOSHIBA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\cathy-temp\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) ===================

2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()
2 Kodak AiO Status Monitor Service; "C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [777728 2012-06-19] (Eastman Kodak Company)
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502064 2012-08-23] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199304 2012-05-25] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210616 2012-05-25] (McAfee, Inc.)
2 mfevtp; "C:\windows\system32\mfevtps.exe" [162224 2012-05-25] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-10] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-05] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [355096 2012-01-05] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [786200 2012-01-05] (Intel Corporation)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [x]
4 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [x]
3 catchme; \??\C:\ComboFix120912\catchme.sys [x]
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [x]
3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [x]
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [x]
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [x]
3 mfeavfk01; [x]
3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
3 Tosrfcom; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-09-17 10:34 - 2012-09-17 10:34 - 00000000 ____D C:\FRST
2012-09-13 07:56 - 2012-09-15 09:05 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\Microsoft Games
2012-09-13 05:44 - 2012-09-13 05:44 - 00000000 ____D C:\Users\cathy-temp\AppData\Roaming\Adobe
2012-09-13 05:43 - 2012-09-13 05:45 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\Google
2012-09-13 05:43 - 2012-09-13 05:43 - 00000000 ____D C:\Users\cathy-temp\AppData\Roaming\Google
2012-09-13 05:28 - 2012-09-13 05:28 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\Eastman Kodak Company
2012-09-13 05:25 - 2012-09-13 05:26 - 00000000 ____D C:\Users\cathy-temp\Desktop\Cathy
2012-09-13 05:25 - 2012-09-13 00:10 - 00000005 ____A C:\Users\cathy-temp\Desktop\crt_rewind.out
2012-09-13 05:25 - 2012-08-19 04:32 - 00000401 ____A C:\Users\cathy-temp\Desktop\CD Drive - Shortcut.lnk
2012-09-13 05:25 - 2012-08-06 05:02 - 00000355 ____A C:\Users\cathy-temp\Desktop\Computer - Shortcut.lnk
2012-09-13 05:25 - 2012-08-01 04:21 - 00000136 ____A C:\Users\cathy-temp\Desktop\Spider Solitaire - Shortcut.lnk
2012-09-13 05:25 - 2012-08-01 04:21 - 00000136 ____A C:\Users\cathy-temp\Desktop\Solitaire - Shortcut.lnk
2012-09-13 05:10 - 2012-09-13 05:10 - 00057560 ____A C:\Users\cathy-temp\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-13 05:10 - 2012-09-13 05:10 - 00000000 ____D C:\Users\cathy-temp\AppData\Roaming\Apple Computer
2012-09-13 05:10 - 2012-09-13 05:10 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\TOSHIBA
2012-09-13 05:10 - 2012-09-13 05:10 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\SRS Labs
2012-09-13 05:09 - 2012-09-13 05:43 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\VirtualStore
2012-09-13 05:09 - 2012-09-13 05:09 - 00000020 ___SH C:\Users\cathy-temp\ntuser.ini
2012-09-13 05:09 - 2012-08-15 02:32 - 00000000 ____D C:\Users\cathy-temp\AppData\Local\Eastman_Kodak_Company
2012-09-13 05:09 - 2012-08-15 02:24 - 00000000 ____D C:\Users\cathy-temp\AppData\Roaming\KODAK AiO Home Center1216903460
2012-09-13 05:09 - 2012-07-26 01:54 - 00000000 ____D C:\Users\cathy-temp\AppData\Roaming\Macromedia
2012-09-13 04:34 - 2012-09-13 04:34 - 00031786 ____A C:\ComboFix.txt
2012-09-13 03:35 - 2012-09-13 03:50 - 00000000 ____D C:\Users\neil\AppData\Roaming\Mozilla
2012-09-13 03:35 - 2012-09-13 03:35 - 00000000 ____D C:\Users\neil\AppData\Local\Mozilla
2012-09-13 03:21 - 2012-09-16 05:16 - 00001835 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk
2012-09-13 03:20 - 2012-09-13 03:20 - 00000000 ____D C:\Program Files\McAfee.com
2012-09-13 03:20 - 2012-09-13 03:20 - 00000000 ____D C:\Program Files\McAfee
2012-09-13 03:20 - 2012-09-13 03:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2012-09-13 03:20 - 2012-09-13 03:20 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2012-09-13 03:20 - 2012-02-22 04:29 - 00647208 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00487296 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfefirek.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00289664 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfewfpk.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00229528 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00160792 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00100912 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00075936 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfenlfk.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00065264 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\cfwids.sys
2012-09-13 03:20 - 2012-02-22 04:29 - 00010248 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeclnk.sys
2012-09-13 03:19 - 2012-09-15 02:47 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-09-13 02:53 - 2011-10-15 08:16 - 00647080 ___RA (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys.c9b3.deleteme
2012-09-13 02:53 - 2011-10-15 08:16 - 00160280 ___RA (McAfee, Inc.) C:\Windows\System32\Drivers\mfeapfk.sys.1452.deleteme
2012-09-13 02:44 - 2012-09-13 02:44 - 00000000 ____D C:\Users\cathy\AppData\Roaming\hellomoto
2012-09-13 00:10 - 2012-09-13 00:10 - 00000005 ____A C:\Users\cathy\Desktop\crt_rewind.out
2012-09-12 04:05 - 2012-09-12 04:05 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-09-12 02:48 - 2012-09-12 02:49 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 02:48 - 2012-09-12 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-12 02:48 - 2012-09-07 08:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-12 02:47 - 2012-09-12 02:47 - 00002836 ____A C:\Users\neil\Desktop\Rkill.txt
2012-09-12 01:27 - 2012-09-12 01:53 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-09-12 00:07 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 00:07 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 00:07 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 00:07 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 00:07 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 00:07 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 00:07 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-10 04:29 - 2012-09-10 04:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-09-10 04:20 - 2012-09-10 04:21 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Skype
2012-09-10 04:20 - 2012-09-10 04:20 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-09-10 04:18 - 2012-09-12 04:10 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-10 03:33 - 2012-09-10 03:33 - 00000000 ____D C:\Users\cathy\AppData\Roaming\Malwarebytes
2012-09-10 03:28 - 2012-09-10 03:56 - 00002127 ____A C:\Windows\epplauncher.mif
2012-09-10 03:28 - 2012-09-10 03:28 - 00735230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-10 03:28 - 2012-09-10 03:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-10 03:28 - 2012-09-10 03:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-09-10 03:27 - 2012-09-10 03:27 - 00000000 ____D C:\Windows\pss
2012-09-10 03:27 - 2012-09-10 03:27 - 00000000 ____D C:\Users\neil\AppData\Roaming\Malwarebytes
2012-09-10 03:27 - 2012-09-10 03:27 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-10 02:57 - 2012-09-13 04:35 - 00000000 ____D C:\Qoobox
2012-09-10 02:57 - 2012-09-10 03:03 - 00000000 ____D C:\Windows\erdnt
2012-09-10 02:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-10 02:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-10 02:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-10 02:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-10 02:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-10 02:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-10 02:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-10 02:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-10 02:47 - 2012-09-10 02:47 - 00000544 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2012-09-09 00:08 - 2012-09-09 00:08 - 00001450 ____A C:\Users\neil\Desktop\Internet Explorer.lnk
2012-09-09 00:06 - 2012-09-09 00:12 - 00000000 ____D C:\Users\cathy\AppData\Roaming\BullGuard
2012-09-09 00:02 - 2012-09-09 00:02 - 00000136 ____A C:\Users\neil\Desktop\Spider Solitaire - Shortcut.lnk
2012-09-09 00:00 - 2012-09-09 00:00 - 00000002 ____A C:\Windows\msoffice.ini
2012-09-09 00:00 - 2012-09-09 00:00 - 00000000 ____D C:\Users\neil\Desktop\AOL Saved PFC
2012-09-08 23:53 - 2012-09-08 23:53 - 00000000 ____D C:\Users\neil\AppData\Roaming\TOSHIBA Online Product Information
2012-09-08 23:43 - 2012-09-10 02:41 - 00000488 ____A C:\Windows\System32\config\afw_hm.conf
2012-09-08 23:43 - 2012-09-10 02:41 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2012-09-08 23:36 - 2012-09-08 23:53 - 00000000 ____D C:\Users\neil\AppData\Roaming\BullGuard
2012-09-08 23:35 - 2012-09-10 02:47 - 00000000 ____D C:\Users\All Users\BullGuard
2012-09-08 23:30 - 2012-09-08 23:30 - 27313976 ____A C:\Users\Public\Desktop\BullGuard Internet Security Install.exe
2012-09-06 11:23 - 2012-09-06 11:23 - 00000000 ____D C:\Users\cathy\AppData\Roaming\AVG2013
2012-09-06 11:23 - 2012-09-06 11:23 - 00000000 ____D C:\Users\cathy\AppData\Local\Avg2013
2012-09-06 10:50 - 2012-09-06 10:50 - 00000000 ____D C:\Users\neil\AppData\Roaming\AVG2013
2012-09-06 10:48 - 2012-09-06 10:48 - 00000000 ____D C:\Users\neil\AppData\Roaming\TuneUp Software
2012-09-06 10:47 - 2012-09-06 10:49 - 00000000 ____D C:\Users\All Users\AVG2013
2012-09-06 10:47 - 2012-09-06 10:47 - 00000000 ____D C:\$AVG
2012-09-06 10:30 - 2012-09-06 10:37 - 06717808 ____A (Support.com ) C:\Users\neil\Downloads\ARO2012_bt (1).exe
2012-09-06 10:25 - 2012-09-10 03:47 - 00000000 ____D C:\Users\All Users\MFAData
2012-09-06 10:25 - 2012-09-06 11:07 - 00000000 ____D C:\Users\neil\AppData\Local\Avg2013
2012-09-06 10:25 - 2012-09-06 10:25 - 00000000 ____D C:\Users\neil\AppData\Local\MFAData
2012-09-06 10:24 - 2012-09-06 10:30 - 06717808 ____A (Support.com ) C:\Users\neil\Downloads\ARO2012_bt.exe
2012-09-06 10:23 - 2012-09-06 10:25 - 04411392 ____A (AVG Technologies) C:\Users\neil\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-06 05:43 - 2012-09-06 05:43 - 00000000 ____D C:\Users\neil\AppData\Local\Nero_AG
2012-09-06 05:42 - 2012-09-10 04:20 - 00000000 ____D C:\Users\neil\AppData\Roaming\Skype
2012-09-06 05:42 - 2012-09-06 05:42 - 00000000 ____D C:\Users\neil\AppData\Roaming\Nero
2012-09-06 05:38 - 2012-09-06 05:38 - 00000000 ____D C:\Users\neil\AppData\Roaming\WildTangent
2012-09-06 05:24 - 2012-09-06 05:24 - 00000000 ____D C:\found.000
2012-09-06 05:11 - 2012-09-12 03:42 - 00000000 ____D C:\Users\All Users\hkvnkebkhsqlumw
2012-08-24 05:08 - 2012-09-10 07:09 - 00000000 ____D C:\Users\cathy\AppData\Roaming\WildTangent
2012-08-19 04:32 - 2012-08-19 04:32 - 00000401 ____A C:\Users\cathy\Desktop\CD Drive - Shortcut.lnk


==================== 3 Months Modified Files ==================

2012-09-17 01:29 - 2012-06-26 23:48 - 00865164 ____A C:\Windows\WindowsUpdate.log
2012-09-17 01:29 - 2012-02-16 18:24 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-17 01:29 - 2009-07-13 20:51 - 00047003 ____A C:\Windows\setupact.log
2012-09-17 01:28 - 2012-02-16 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 08:45 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-16 08:45 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-16 05:25 - 2012-02-16 18:24 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-16 05:16 - 2012-09-13 03:21 - 00001835 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk
2012-09-15 02:52 - 2009-07-13 21:13 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-15 02:47 - 2010-11-20 19:47 - 00025162 ____A C:\Windows\PFRO.log
2012-09-15 02:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-13 05:10 - 2012-09-13 05:10 - 00057560 ____A C:\Users\cathy-temp\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-13 05:09 - 2012-09-13 05:09 - 00000020 ___SH C:\Users\cathy-temp\ntuser.ini
2012-09-13 04:34 - 2012-09-13 04:34 - 00031786 ____A C:\ComboFix.txt
2012-09-13 04:13 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-09-13 03:21 - 2009-07-13 18:34 - 00000435 ____A C:\Windows\win.ini
2012-09-13 00:10 - 2012-09-13 05:25 - 00000005 ____A C:\Users\cathy-temp\Desktop\crt_rewind.out
2012-09-13 00:10 - 2012-09-13 00:10 - 00000005 ____A C:\Users\cathy\Desktop\crt_rewind.out
2012-09-12 04:10 - 2012-09-10 04:18 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-12 02:49 - 2012-09-12 02:48 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-12 02:47 - 2012-09-12 02:47 - 00002836 ____A C:\Users\neil\Desktop\Rkill.txt
2012-09-10 07:09 - 2012-06-27 00:13 - 00002752 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2012-09-10 04:29 - 2012-09-10 04:29 - 00002026 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-09-10 03:56 - 2012-09-10 03:28 - 00002127 ____A C:\Windows\epplauncher.mif
2012-09-10 03:28 - 2012-09-10 03:28 - 00735230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-09-10 02:47 - 2012-09-10 02:47 - 00000544 ____A C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2012-09-10 02:41 - 2012-09-08 23:43 - 00000488 ____A C:\Windows\System32\config\afw_hm.conf
2012-09-10 02:41 - 2012-09-08 23:43 - 00000004 ____A C:\Windows\System32\config\afw_db.conf
2012-09-09 00:08 - 2012-09-09 00:08 - 00001450 ____A C:\Users\neil\Desktop\Internet Explorer.lnk
2012-09-09 00:02 - 2012-09-09 00:02 - 00000136 ____A C:\Users\neil\Desktop\Spider Solitaire - Shortcut.lnk
2012-09-09 00:00 - 2012-09-09 00:00 - 00000002 ____A C:\Windows\msoffice.ini
2012-09-08 23:30 - 2012-09-08 23:30 - 27313976 ____A C:\Users\Public\Desktop\BullGuard Internet Security Install.exe
2012-09-07 08:04 - 2012-09-12 02:48 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-06 10:37 - 2012-09-06 10:30 - 06717808 ____A (Support.com ) C:\Users\neil\Downloads\ARO2012_bt (1).exe
2012-09-06 10:30 - 2012-09-06 10:24 - 06717808 ____A (Support.com ) C:\Users\neil\Downloads\ARO2012_bt.exe
2012-09-06 10:25 - 2012-09-06 10:23 - 04411392 ____A (AVG Technologies) C:\Users\neil\Downloads\avg_free_stb_all_2013_2667_cnet.exe
2012-09-05 02:59 - 2012-02-16 18:25 - 00002351 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-22 10:12 - 2012-09-12 00:07 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 00:07 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 00:07 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 00:07 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-19 04:32 - 2012-09-13 05:25 - 00000401 ____A C:\Users\cathy-temp\Desktop\CD Drive - Shortcut.lnk
2012-08-19 04:32 - 2012-08-19 04:32 - 00000401 ____A C:\Users\cathy\Desktop\CD Drive - Shortcut.lnk
2012-08-17 02:06 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-16 05:27 - 2012-08-16 05:26 - 00003984 ____A C:\Users\cathy\AppData\Local\installer.log
2012-08-15 02:58 - 2012-02-16 18:19 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 02:58 - 2012-02-16 18:19 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-15 02:31 - 2012-08-15 02:31 - 00002163 ____A C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2012-08-15 02:29 - 2012-08-15 02:29 - 00002082 ____A C:\Users\Public\Desktop\Get CleanPrint.lnk
2012-08-10 18:55 - 2012-08-10 18:55 - 00287474 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-08-10 18:55 - 2012-08-10 18:54 - 00292720 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-08-06 10:20 - 2012-08-06 10:20 - 00000236 ____A C:\Users\neil\AppData\Local\LaunchHomeCenter.log
2012-08-06 05:02 - 2012-09-13 05:25 - 00000355 ____A C:\Users\cathy-temp\Desktop\Computer - Shortcut.lnk
2012-08-06 05:02 - 2012-08-06 05:02 - 00000355 ____A C:\Users\cathy\Desktop\Computer - Shortcut.lnk
2012-08-06 04:59 - 2012-08-06 04:59 - 00000355 ____A C:\Users\neil\Desktop\Computer - Shortcut.lnk
2012-08-02 09:58 - 2012-09-12 00:07 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 00:07 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-02 04:32 - 2012-08-02 04:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2012-08-01 07:24 - 2012-08-01 07:24 - 00000136 ____A C:\Users\neil\Desktop\Mahjong Titans - Shortcut.lnk
2012-08-01 05:10 - 2012-08-01 05:10 - 00000290 ____A C:\Windows\wininit.ini
2012-08-01 05:10 - 2012-08-01 05:10 - 00000006 ____A C:\Windows\GsiRbt.txt
2012-08-01 05:10 - 2012-08-01 05:05 - 00050252 ____A C:\Windows\wwdslcfg.log
2012-08-01 05:10 - 2012-08-01 05:05 - 00000232 ____A C:\Windows\GsiSetup.log
2012-08-01 04:58 - 2012-08-01 04:58 - 00001642 ____A C:\Users\Public\Desktop\Click here to install AOL Broadband Check-Up.lnk
2012-08-01 04:57 - 2012-08-01 04:57 - 00001409 ____A C:\Windows\SysWOW64\tmpAC1A4.FOT
2012-08-01 04:57 - 2012-08-01 04:57 - 00001409 ____A C:\Windows\SysWOW64\tmp9E1A4.FOT
2012-08-01 04:57 - 2012-08-01 04:57 - 00001409 ____A C:\Windows\SysWOW64\tmp802A4.FOT
2012-08-01 04:57 - 2012-08-01 04:57 - 00001409 ____A C:\Windows\SysWOW64\tmp652A4.FOT
2012-08-01 04:50 - 2012-08-01 04:50 - 00001057 ____A C:\Windows\aolback.exe.lnk
2012-08-01 04:50 - 2012-08-01 04:46 - 00000916 ___AH C:\IPH.PH
2012-08-01 04:49 - 2012-08-01 04:49 - 00278528 ____A (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2012-08-01 04:49 - 2012-08-01 04:49 - 00157696 ____A (RealNetworks) C:\Windows\SysWOW64\rmoc3260.dll
2012-08-01 04:49 - 2012-08-01 04:49 - 00024576 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\prefscpl.cpl
2012-08-01 04:49 - 2012-08-01 04:49 - 00008552 ____A (Windows ® 2000 DDK provider) C:\Windows\SysWOW64\Drivers\asctrm.sys
2012-08-01 04:49 - 2012-08-01 04:49 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-08-01 04:49 - 2012-08-01 04:49 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-08-01 04:49 - 2012-08-01 04:49 - 00003595 ____A C:\Windows\SysWOW64\qtplugin.log
2012-08-01 04:49 - 2012-08-01 04:49 - 00001056 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-08-01 04:47 - 2012-08-01 04:47 - 00000335 ____A C:\Windows\nsreg.dat
2012-08-01 04:21 - 2012-09-13 05:25 - 00000136 ____A C:\Users\cathy-temp\Desktop\Spider Solitaire - Shortcut.lnk
2012-08-01 04:21 - 2012-09-13 05:25 - 00000136 ____A C:\Users\cathy-temp\Desktop\Solitaire - Shortcut.lnk
2012-08-01 04:21 - 2012-08-01 04:21 - 00000136 ____A C:\Users\cathy\Desktop\Spider Solitaire - Shortcut.lnk
2012-08-01 04:21 - 2012-08-01 04:21 - 00000136 ____A C:\Users\cathy\Desktop\Solitaire - Shortcut.lnk
2012-07-31 01:45 - 2012-07-31 01:45 - 00057560 ____A C:\Users\cathy\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-31 01:44 - 2012-07-31 01:44 - 00000020 ___SH C:\Users\cathy\ntuser.ini
2012-07-26 03:22 - 2012-07-26 03:22 - 00001757 ____A C:\Users\Public\Desktop\Browser Choice.lnk
2012-07-26 02:32 - 2012-07-26 02:32 - 00001790 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-26 02:30 - 2012-07-26 02:30 - 00002231 ____A C:\Users\Public\Desktop\KNOWHOW™ APP CENTRE.lnk
2012-07-26 02:28 - 2012-07-26 02:28 - 00001946 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-26 01:56 - 2012-07-26 01:56 - 00057560 ____A C:\Users\neil\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-26 01:55 - 2012-07-26 01:55 - 00001880 ____A C:\Users\Public\Desktop\Toshiba Warranty Registration.lnk
2012-07-26 01:54 - 2012-07-26 01:54 - 00000988 ____A C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
2012-07-26 01:54 - 2012-07-26 01:54 - 00000514 ____A C:\Users\Public\Desktop\eBay.lnk
2012-07-26 01:07 - 2012-07-26 01:07 - 00000020 ___SH C:\Users\neil\ntuser.ini
2012-07-18 10:15 - 2012-08-16 00:53 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-06 12:07 - 2012-08-17 01:45 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-16 00:53 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-16 00:53 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-16 00:53 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-16 00:53 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-16 00:53 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-04 12:26 - 2012-09-12 00:07 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-06-28 20:55 - 2012-08-17 01:44 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 20:09 - 2012-08-17 01:44 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 19:56 - 2012-08-17 01:44 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 19:49 - 2012-08-17 01:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 19:49 - 2012-08-17 01:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 19:48 - 2012-08-17 01:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 19:47 - 2012-08-17 01:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 19:45 - 2012-08-17 01:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 19:44 - 2012-08-17 01:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 19:43 - 2012-08-17 01:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 19:42 - 2012-08-17 01:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 19:40 - 2012-08-17 01:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 19:39 - 2012-08-17 01:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 19:35 - 2012-08-17 01:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 16:52 - 2012-08-17 01:44 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-28 16:27 - 2012-08-17 01:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-28 16:16 - 2012-08-17 01:44 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-28 16:09 - 2012-08-17 01:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-28 16:09 - 2012-08-17 01:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-28 16:08 - 2012-08-17 01:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-28 16:07 - 2012-08-17 01:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-28 16:06 - 2012-08-17 01:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-28 16:04 - 2012-08-17 01:44 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-28 16:04 - 2012-08-17 01:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-28 16:01 - 2012-08-17 01:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-28 16:01 - 2012-08-17 01:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-28 16:00 - 2012-08-17 01:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-28 15:57 - 2012-08-17 01:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 00:59 - 2009-07-13 20:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-06-27 00:57 - 2012-02-16 18:40 - 00000050 ____A C:\Windows\System32\Drivers\DCX.LOG
2012-06-27 00:49 - 2012-06-27 00:49 - 00001564 ____A C:\Users\Public\Desktop\Microsoft Office 2010.lnk
2012-06-27 00:45 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-06-27 00:45 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-06-27 00:42 - 2012-06-27 00:42 - 00002041 ____A C:\Users\Public\Desktop\Manual.lnk
2012-06-27 00:29 - 2012-06-27 00:29 - 00000422 ____A C:\Users\Public\Desktop\Toshiba Places.lnk
2012-06-27 00:09 - 2012-06-27 00:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2012-06-27 00:02 - 2012-06-27 00:02 - 00007886 ____A C:\Windows\DPINST.LOG
2012-06-27 00:02 - 2012-06-27 00:02 - 00001416 ____A C:\Windows\Synaptics.log
2012-06-27 00:02 - 2012-06-27 00:02 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-06-26 23:57 - 2012-06-26 23:57 - 00015878 ____A C:\Windows\System32\results.xml
2012-06-26 23:48 - 2012-02-17 02:00 - 00003652 ____A C:\Windows\TSSysprep.log

ZeroAccess:
C:\Users\cathy\AppData\Local\{cb1f0d72-36f3-8341-71e6-61a1bf60080b}
C:\Users\cathy\AppData\Local\{cb1f0d72-36f3-8341-71e6-61a1bf60080b}\L
C:\Users\cathy\AppData\Local\{cb1f0d72-36f3-8341-71e6-61a1bf60080b}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-17 01:43:39
Restore point made on: 2012-08-24 06:01:25
Restore point made on: 2012-09-06 10:46:34
Restore point made on: 2012-09-06 10:47:04
Restore point made on: 2012-09-08 23:35:43
Restore point made on: 2012-09-08 23:38:04
Restore point made on: 2012-09-10 03:36:57
Restore point made on: 2012-09-10 03:37:22
Restore point made on: 2012-09-10 03:41:40
Restore point made on: 2012-09-10 03:45:34
Restore point made on: 2012-09-10 04:04:07
Restore point made on: 2012-09-10 04:18:19
Restore point made on: 2012-09-12 03:37:02
Restore point made on: 2012-09-12 04:10:10
Restore point made on: 2012-09-15 02:35:06

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8081.8 MB
Available physical RAM: 7290.15 MB
Total Pagefile: 8080 MB
Available Pagefile: 7275.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (15918NH) (Fixed) (Total:578.83 GB) (Free:523.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (K2GB) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 578 GB 1501 MB
Partition 3 Primary 15 GB 580 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C 15918NH NTFS Partition 578 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1906 MB 0 B

==================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-09-06 12:43

==================== End Of Log =============================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 17 September 2012 - 05:17 AM

We will fix the active ransom and then remove any leftovers.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    HKU\cathy\...\Run: [uprhctzchllmjuv] C:\ProgramData\uprhctzc.exe [x]
    HKU\cathy\...\Run: [TaskSchdPS] C:\Users\cathy\AppData\Local\Microsoft\Windows\4660\TaskSchdPS.exe [101376 2012-09-13] ()
    C:\Users\cathy\AppData\Local\Microsoft\Windows\4660\TaskSchdPS.exe
    HKU\cathy\...\Winlogon: [Shell] explorer.exe,C:\Users\cathy\AppData\Roaming\msconfig.dat
    C:\Users\cathy\AppData\Roaming\msconfig.dat
    C:\Users\cathy\AppData\Local\{cb1f0d72-36f3-8341-71e6-61a1bf60080b}
    C:\Users\All Users\hkvnkebkhsqlumw 
    end
    

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Open your Malwarebytes' Anti-Malware.
  • First update it, to do that under the Update tab press "Check for Updates".
  • Under Scanner tab select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 September 2012 - 07:29 AM

Here are the logs; please note the three infections that MBAM find have been found and removed three times now, but reappear in less than a day?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2012 01
Ran by SYSTEM at 2012-09-17 12:57:11 Run:1
Running from G:\

==============================================

HKEY_USERS\cathy\Software\Microsoft\Windows\CurrentVersion\Run\\uprhctzchllmjuv Value deleted successfully.
HKEY_USERS\cathy\Software\Microsoft\Windows\CurrentVersion\Run\\TaskSchdPS Value deleted successfully.
C:\Users\cathy\AppData\Local\Microsoft\Windows\4660\TaskSchdPS.exe moved successfully.
HKEY_USERS\cathy\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\cathy\AppData\Roaming\msconfig.dat not found.
C:\Users\cathy\AppData\Local\{cb1f0d72-36f3-8341-71e6-61a1bf60080b} moved successfully.
C:\Users\All Users\hkvnkebkhsqlumw moved successfully.

==== End of Fixlog ====


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
neil :: NEIL-TOSH [administrator]

17/09/2012 13:01:01
mbam-log-2012-09-17 (13-01-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248166
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\cathy\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\cathy\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\cathy\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 17 September 2012 - 07:44 AM

The malware returned because other entries were not removed. We will notice it if they returned again.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#9 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 September 2012 - 08:26 AM

Farbar, here's the results; Does your head not hurt looking at these?! ;) Thanks

14:04:08.0832 4580 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:04:25.0758 4580 ============================================================
14:04:25.0758 4580 Current date / time: 2012/09/17 14:04:25.0758
14:04:25.0758 4580 SystemInfo:
14:04:25.0758 4580
14:04:25.0758 4580 OS Version: 6.1.7601 ServicePack: 1.0
14:04:25.0758 4580 Product type: Workstation
14:04:25.0758 4580 ComputerName: NEIL-TOSH
14:04:25.0773 4580 UserName: neil
14:04:25.0773 4580 Windows directory: C:\windows
14:04:25.0773 4580 System windows directory: C:\windows
14:04:25.0773 4580 Running under WOW64
14:04:25.0773 4580 Processor architecture: Intel x64
14:04:25.0773 4580 Number of processors: 2
14:04:25.0773 4580 Page size: 0x1000
14:04:25.0773 4580 Boot type: Normal boot
14:04:25.0773 4580 ============================================================
14:04:28.0909 4580 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:28.0909 4580 Drive \Device\Harddisk1\DR1 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:04:28.0909 4580 ============================================================
14:04:28.0909 4580 \Device\Harddisk0\DR0:
14:04:28.0909 4580 MBR partitions:
14:04:28.0909 4580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x485AB800
14:04:28.0909 4580 \Device\Harddisk1\DR1:
14:04:28.0909 4580 MBR partitions:
14:04:28.0909 4580 ============================================================
14:04:28.0924 4580 C: <-> \Device\Harddisk0\DR0\Partition1
14:04:28.0924 4580 ============================================================
14:04:28.0924 4580 Initialize success
14:04:28.0924 4580 ============================================================
14:04:44.0181 4872 ============================================================
14:04:44.0181 4872 Scan started
14:04:44.0181 4872 Mode: Manual;
14:04:44.0181 4872 ============================================================
14:04:44.0415 4872 ================ Scan system memory ========================
14:04:44.0415 4872 System memory - ok
14:04:44.0415 4872 ================ Scan services =============================
14:04:44.0680 4872 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:04:44.0758 4872 1394ohci - ok
14:04:44.0805 4872 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:04:44.0852 4872 ACPI - ok
14:04:44.0899 4872 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:04:44.0946 4872 AcpiPmi - ok
14:04:45.0086 4872 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:04:45.0164 4872 AdobeARMservice - ok
14:04:45.0289 4872 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:04:45.0382 4872 AdobeFlashPlayerUpdateSvc - ok
14:04:45.0429 4872 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:04:45.0460 4872 adp94xx - ok
14:04:45.0523 4872 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
14:04:45.0523 4872 adpahci - ok
14:04:45.0554 4872 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:04:45.0554 4872 adpu320 - ok
14:04:45.0601 4872 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:04:45.0601 4872 AeLookupSvc - ok
14:04:45.0663 4872 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
14:04:45.0726 4872 AFD - ok
14:04:45.0757 4872 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
14:04:45.0757 4872 agp440 - ok
14:04:45.0804 4872 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
14:04:45.0819 4872 ALG - ok
14:04:45.0866 4872 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
14:04:45.0866 4872 aliide - ok
14:04:45.0882 4872 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
14:04:45.0882 4872 amdide - ok
14:04:45.0928 4872 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
14:04:45.0944 4872 AmdK8 - ok
14:04:45.0975 4872 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
14:04:45.0991 4872 AmdPPM - ok
14:04:46.0038 4872 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:04:46.0084 4872 amdsata - ok
14:04:46.0116 4872 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
14:04:46.0131 4872 amdsbs - ok
14:04:46.0147 4872 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:04:46.0194 4872 amdxata - ok
14:04:46.0225 4872 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
14:04:46.0287 4872 AppID - ok
14:04:46.0303 4872 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:04:46.0334 4872 AppIDSvc - ok
14:04:46.0350 4872 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
14:04:46.0396 4872 Appinfo - ok
14:04:46.0443 4872 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:04:46.0490 4872 Apple Mobile Device - ok
14:04:46.0537 4872 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
14:04:46.0552 4872 arc - ok
14:04:46.0568 4872 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
14:04:46.0584 4872 arcsas - ok
14:04:46.0599 4872 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:04:46.0615 4872 AsyncMac - ok
14:04:46.0630 4872 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
14:04:46.0630 4872 atapi - ok
14:04:46.0740 4872 [ B594EA0B79A9028DAA640A0F0DC41FE6 ] athr C:\windows\system32\DRIVERS\athrx.sys
14:04:46.0818 4872 athr - ok
14:04:46.0864 4872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:04:46.0927 4872 AudioEndpointBuilder - ok
14:04:46.0974 4872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
14:04:46.0989 4872 AudioSrv - ok
14:04:46.0989 4872 AVGIDSHA - ok
14:04:47.0036 4872 Avgloga - ok
14:04:47.0114 4872 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
14:04:47.0161 4872 AxInstSV - ok
14:04:47.0223 4872 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
14:04:47.0239 4872 b06bdrv - ok
14:04:47.0286 4872 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
14:04:47.0301 4872 b57nd60a - ok
14:04:47.0364 4872 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
14:04:47.0379 4872 BDESVC - ok
14:04:47.0410 4872 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
14:04:47.0410 4872 Beep - ok
14:04:47.0473 4872 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
14:04:47.0535 4872 BFE - ok
14:04:47.0582 4872 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
14:04:47.0660 4872 BITS - ok
14:04:47.0707 4872 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:04:47.0722 4872 blbdrive - ok
14:04:47.0800 4872 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:04:47.0847 4872 Bonjour Service - ok
14:04:47.0894 4872 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:04:47.0941 4872 bowser - ok
14:04:47.0988 4872 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
14:04:48.0003 4872 BrFiltLo - ok
14:04:48.0019 4872 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
14:04:48.0034 4872 BrFiltUp - ok
14:04:48.0066 4872 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
14:04:48.0097 4872 BridgeMP - ok
14:04:48.0112 4872 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
14:04:48.0175 4872 Browser - ok
14:04:48.0253 4872 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:04:48.0284 4872 Brserid - ok
14:04:48.0315 4872 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:04:48.0346 4872 BrSerWdm - ok
14:04:48.0378 4872 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:04:48.0378 4872 BrUsbMdm - ok
14:04:48.0393 4872 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:04:48.0393 4872 BrUsbSer - ok
14:04:48.0440 4872 [ D31303617FE09F5F788BC34EB8028FB5 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
14:04:48.0487 4872 BtFilter - ok
14:04:48.0534 4872 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
14:04:48.0549 4872 BthEnum - ok
14:04:48.0580 4872 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
14:04:48.0596 4872 BTHMODEM - ok
14:04:48.0627 4872 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
14:04:48.0658 4872 BthPan - ok
14:04:48.0705 4872 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
14:04:48.0768 4872 BTHPORT - ok
14:04:48.0799 4872 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
14:04:48.0814 4872 bthserv - ok
14:04:48.0846 4872 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
14:04:48.0908 4872 BTHUSB - ok
14:04:48.0924 4872 catchme - ok
14:04:48.0939 4872 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:04:48.0955 4872 cdfs - ok
14:04:48.0986 4872 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:04:49.0033 4872 cdrom - ok
14:04:49.0095 4872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
14:04:49.0173 4872 CertPropSvc - ok
14:04:49.0236 4872 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\windows\system32\drivers\cfwids.sys
14:04:49.0298 4872 cfwids - ok
14:04:49.0329 4872 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
14:04:49.0345 4872 circlass - ok
14:04:49.0376 4872 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
14:04:49.0392 4872 CLFS - ok
14:04:49.0516 4872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:04:49.0516 4872 clr_optimization_v2.0.50727_32 - ok
14:04:49.0563 4872 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:04:49.0579 4872 clr_optimization_v2.0.50727_64 - ok
14:04:49.0688 4872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:04:49.0766 4872 clr_optimization_v4.0.30319_32 - ok
14:04:49.0828 4872 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:04:49.0906 4872 clr_optimization_v4.0.30319_64 - ok
14:04:49.0938 4872 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:04:49.0969 4872 CmBatt - ok
14:04:50.0000 4872 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
14:04:50.0016 4872 cmdide - ok
14:04:50.0047 4872 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
14:04:50.0125 4872 CNG - ok
14:04:50.0156 4872 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
14:04:50.0156 4872 Compbatt - ok
14:04:50.0187 4872 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
14:04:50.0265 4872 CompositeBus - ok
14:04:50.0281 4872 COMSysApp - ok
14:04:50.0343 4872 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
14:04:50.0421 4872 cphs - ok
14:04:50.0468 4872 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
14:04:50.0468 4872 crcdisk - ok
14:04:50.0530 4872 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
14:04:50.0608 4872 CryptSvc - ok
14:04:50.0702 4872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
14:04:50.0718 4872 DcomLaunch - ok
14:04:50.0749 4872 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
14:04:50.0796 4872 defragsvc - ok
14:04:50.0811 4872 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:04:50.0874 4872 DfsC - ok
14:04:50.0936 4872 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
14:04:51.0014 4872 Dhcp - ok
14:04:51.0045 4872 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
14:04:51.0061 4872 discache - ok
14:04:51.0092 4872 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
14:04:51.0108 4872 Disk - ok
14:04:51.0139 4872 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:04:51.0217 4872 Dnscache - ok
14:04:51.0248 4872 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
14:04:51.0310 4872 dot3svc - ok
14:04:51.0326 4872 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
14:04:51.0373 4872 DPS - ok
14:04:51.0420 4872 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:04:51.0435 4872 drmkaud - ok
14:04:51.0451 4872 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:04:51.0513 4872 DXGKrnl - ok
14:04:51.0560 4872 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
14:04:51.0576 4872 EapHost - ok
14:04:51.0763 4872 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
14:04:51.0934 4872 ebdrv - ok
14:04:51.0966 4872 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
14:04:52.0012 4872 EFS - ok
14:04:52.0168 4872 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:04:52.0293 4872 ehRecvr - ok
14:04:52.0309 4872 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
14:04:52.0340 4872 ehSched - ok
14:04:52.0387 4872 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
14:04:52.0418 4872 elxstor - ok
14:04:52.0434 4872 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
14:04:52.0449 4872 ErrDev - ok
14:04:52.0496 4872 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
14:04:52.0496 4872 EventSystem - ok
14:04:52.0527 4872 ewusbmbb - ok
14:04:52.0527 4872 ew_hwusbdev - ok
14:04:52.0558 4872 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
14:04:52.0590 4872 exfat - ok
14:04:52.0621 4872 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
14:04:52.0636 4872 fastfat - ok
14:04:52.0699 4872 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
14:04:52.0777 4872 Fax - ok
14:04:52.0808 4872 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
14:04:52.0824 4872 fdc - ok
14:04:52.0870 4872 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
14:04:52.0870 4872 fdPHost - ok
14:04:52.0886 4872 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
14:04:52.0902 4872 FDResPub - ok
14:04:52.0917 4872 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:04:52.0917 4872 FileInfo - ok
14:04:52.0917 4872 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:04:52.0948 4872 Filetrace - ok
14:04:52.0995 4872 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
14:04:53.0011 4872 flpydisk - ok
14:04:53.0058 4872 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:04:53.0089 4872 FltMgr - ok
14:04:53.0182 4872 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
14:04:53.0245 4872 FontCache - ok
14:04:53.0307 4872 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:04:53.0385 4872 FontCache3.0.0.0 - ok
14:04:53.0416 4872 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:04:53.0416 4872 FsDepends - ok
14:04:53.0448 4872 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:04:53.0526 4872 Fs_Rec - ok
14:04:53.0557 4872 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:04:53.0604 4872 fvevol - ok
14:04:53.0635 4872 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:04:53.0635 4872 gagp30kx - ok
14:04:53.0713 4872 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:04:53.0791 4872 GamesAppService - ok
14:04:53.0838 4872 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:04:53.0869 4872 GEARAspiWDM - ok
14:04:53.0916 4872 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
14:04:53.0978 4872 GFNEXSrv - ok
14:04:54.0103 4872 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
14:04:54.0165 4872 gpsvc - ok
14:04:54.0228 4872 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:54.0306 4872 gupdate - ok
14:04:54.0337 4872 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:04:54.0337 4872 gupdatem - ok
14:04:54.0384 4872 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:04:54.0446 4872 gusvc - ok
14:04:54.0477 4872 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:04:54.0493 4872 hcw85cir - ok
14:04:54.0524 4872 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:04:54.0602 4872 HdAudAddService - ok
14:04:54.0633 4872 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:04:54.0680 4872 HDAudBus - ok
14:04:54.0711 4872 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
14:04:54.0742 4872 HidBatt - ok
14:04:54.0758 4872 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
14:04:54.0789 4872 HidBth - ok
14:04:54.0789 4872 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
14:04:54.0820 4872 HidIr - ok
14:04:54.0836 4872 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
14:04:54.0852 4872 hidserv - ok
14:04:54.0898 4872 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
14:04:54.0976 4872 HidUsb - ok
14:04:55.0023 4872 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
14:04:55.0117 4872 hkmsvc - ok
14:04:55.0132 4872 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:04:55.0164 4872 HomeGroupListener - ok
14:04:55.0226 4872 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:04:55.0288 4872 HomeGroupProvider - ok
14:04:55.0351 4872 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:04:55.0413 4872 HpSAMD - ok
14:04:55.0507 4872 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:04:55.0616 4872 HTTP - ok
14:04:55.0616 4872 huawei_enumerator - ok
14:04:55.0632 4872 hwdatacard - ok
14:04:55.0710 4872 [ E90DA42B87D684DEBFB73B38A718A006 ] HWDeviceService64.exe C:\ProgramData\DatacardService\HWDeviceService64.exe
14:04:55.0772 4872 HWDeviceService64.exe - ok
14:04:55.0788 4872 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:04:55.0834 4872 hwpolicy - ok
14:04:55.0881 4872 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:04:55.0897 4872 i8042prt - ok
14:04:55.0944 4872 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
14:04:55.0944 4872 iaStor - ok
14:04:55.0959 4872 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:04:56.0022 4872 iaStorV - ok
14:04:56.0178 4872 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:04:56.0256 4872 idsvc - ok
14:04:57.0098 4872 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
14:04:57.0550 4872 igfx - ok
14:04:57.0613 4872 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:04:57.0628 4872 iirsp - ok
14:04:57.0675 4872 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
14:04:57.0738 4872 IKEEXT - ok
14:04:57.0894 4872 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:04:57.0956 4872 IntcAzAudAddService - ok
14:04:58.0003 4872 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
14:04:58.0081 4872 IntcDAud - ok
14:04:58.0096 4872 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
14:04:58.0096 4872 intelide - ok
14:04:58.0159 4872 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:04:58.0174 4872 intelppm - ok
14:04:58.0221 4872 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:04:58.0237 4872 IPBusEnum - ok
14:04:58.0252 4872 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:04:58.0315 4872 IpFilterDriver - ok
14:04:58.0330 4872 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:04:58.0346 4872 iphlpsvc - ok
14:04:58.0362 4872 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:04:58.0424 4872 IPMIDRV - ok
14:04:58.0440 4872 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:04:58.0486 4872 IPNAT - ok
14:04:58.0564 4872 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:04:58.0642 4872 iPod Service - ok
14:04:58.0705 4872 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
14:04:58.0736 4872 IRENUM - ok
14:04:58.0736 4872 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:04:58.0736 4872 isapnp - ok
14:04:58.0767 4872 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:04:58.0814 4872 iScsiPrt - ok
14:04:58.0876 4872 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
14:04:58.0923 4872 iusb3hcs - ok
14:04:58.0954 4872 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
14:04:59.0001 4872 iusb3hub - ok
14:04:59.0032 4872 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
14:04:59.0095 4872 iusb3xhc - ok
14:04:59.0142 4872 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:04:59.0142 4872 kbdclass - ok
14:04:59.0188 4872 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:04:59.0235 4872 kbdhid - ok
14:04:59.0266 4872 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
14:04:59.0266 4872 KeyIso - ok
14:04:59.0438 4872 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
14:04:59.0578 4872 Kodak AiO Network Discovery Service - ok
14:04:59.0641 4872 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
14:04:59.0703 4872 Kodak AiO Status Monitor Service - ok
14:04:59.0719 4872 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:04:59.0766 4872 KSecDD - ok
14:04:59.0797 4872 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:04:59.0844 4872 KSecPkg - ok
14:04:59.0890 4872 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:04:59.0906 4872 ksthunk - ok
14:04:59.0953 4872 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
14:04:59.0984 4872 KtmRm - ok
14:05:00.0031 4872 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
14:05:00.0078 4872 LanmanServer - ok
14:05:00.0109 4872 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:05:00.0171 4872 LanmanWorkstation - ok
14:05:00.0202 4872 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:05:00.0218 4872 lltdio - ok
14:05:00.0265 4872 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
14:05:00.0296 4872 lltdsvc - ok
14:05:00.0312 4872 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
14:05:00.0327 4872 lmhosts - ok
14:05:00.0390 4872 [ AB41542FA180CB3317F597ED7E7D5C5D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:05:00.0468 4872 LMS - ok
14:05:00.0530 4872 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
14:05:00.0546 4872 LSI_FC - ok
14:05:00.0561 4872 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:05:00.0561 4872 LSI_SAS - ok
14:05:00.0592 4872 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
14:05:00.0592 4872 LSI_SAS2 - ok
14:05:00.0608 4872 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:05:00.0608 4872 LSI_SCSI - ok
14:05:00.0624 4872 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
14:05:00.0639 4872 luafv - ok
14:05:00.0873 4872 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
14:05:00.0967 4872 McAWFwk - ok
14:05:01.0092 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0107 4872 McMPFSvc - ok
14:05:01.0107 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0123 4872 mcmscsvc - ok
14:05:01.0248 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0263 4872 McNaiAnn - ok
14:05:01.0357 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0357 4872 McNASvc - ok
14:05:01.0528 4872 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
14:05:01.0560 4872 McODS - ok
14:05:01.0622 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0638 4872 McOobeSv - ok
14:05:01.0669 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:01.0684 4872 McProxy - ok
14:05:01.0762 4872 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:05:01.0762 4872 McShield - ok
14:05:01.0840 4872 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:05:01.0934 4872 Mcx2Svc - ok
14:05:01.0965 4872 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
14:05:01.0981 4872 megasas - ok
14:05:02.0012 4872 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
14:05:02.0028 4872 MegaSR - ok
14:05:02.0059 4872 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
14:05:02.0121 4872 MEIx64 - ok
14:05:02.0152 4872 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
14:05:02.0199 4872 mfeapfk - ok
14:05:02.0230 4872 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
14:05:02.0277 4872 mfeavfk - ok
14:05:02.0308 4872 mfeavfk01 - ok
14:05:02.0355 4872 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:05:02.0418 4872 mfefire - ok
14:05:02.0480 4872 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
14:05:02.0527 4872 mfefirek - ok
14:05:02.0558 4872 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
14:05:02.0620 4872 mfehidk - ok
14:05:02.0652 4872 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
14:05:02.0698 4872 mfenlfk - ok
14:05:02.0730 4872 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\windows\system32\drivers\mferkdet.sys
14:05:02.0776 4872 mferkdet - ok
14:05:02.0839 4872 [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp C:\windows\system32\mfevtps.exe
14:05:02.0886 4872 mfevtp - ok
14:05:02.0932 4872 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
14:05:02.0979 4872 mfewfpk - ok
14:05:03.0010 4872 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
14:05:03.0026 4872 MMCSS - ok
14:05:03.0073 4872 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
14:05:03.0088 4872 Modem - ok
14:05:03.0135 4872 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:05:03.0166 4872 monitor - ok
14:05:03.0213 4872 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:05:03.0229 4872 mouclass - ok
14:05:03.0260 4872 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:05:03.0307 4872 mouhid - ok
14:05:03.0354 4872 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:05:03.0400 4872 mountmgr - ok
14:05:03.0478 4872 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
14:05:03.0541 4872 MpFilter - ok
14:05:03.0572 4872 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
14:05:03.0619 4872 mpio - ok
14:05:03.0634 4872 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:05:03.0650 4872 mpsdrv - ok
14:05:03.0712 4872 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
14:05:03.0790 4872 MpsSvc - ok
14:05:03.0853 4872 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:05:03.0946 4872 MRxDAV - ok
14:05:03.0978 4872 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:05:04.0040 4872 mrxsmb - ok
14:05:04.0056 4872 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:05:04.0134 4872 mrxsmb10 - ok
14:05:04.0165 4872 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:05:04.0227 4872 mrxsmb20 - ok
14:05:04.0243 4872 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
14:05:04.0290 4872 msahci - ok
14:05:04.0336 4872 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:05:04.0399 4872 msdsm - ok
14:05:04.0446 4872 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
14:05:04.0492 4872 MSDTC - ok
14:05:04.0508 4872 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:05:04.0524 4872 Msfs - ok
14:05:04.0555 4872 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:05:04.0570 4872 mshidkmdf - ok
14:05:04.0586 4872 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:05:04.0586 4872 msisadrv - ok
14:05:04.0602 4872 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:05:04.0633 4872 MSiSCSI - ok
14:05:04.0633 4872 msiserver - ok
14:05:04.0695 4872 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:05:04.0695 4872 MSK80Service - ok
14:05:04.0726 4872 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:05:04.0742 4872 MSKSSRV - ok
14:05:04.0820 4872 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:05:04.0882 4872 MsMpSvc - ok
14:05:05.0007 4872 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:05:05.0023 4872 MSPCLOCK - ok
14:05:05.0038 4872 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:05:05.0054 4872 MSPQM - ok
14:05:05.0085 4872 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:05:05.0116 4872 MsRPC - ok
14:05:05.0148 4872 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:05:05.0148 4872 mssmbios - ok
14:05:05.0194 4872 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:05:05.0194 4872 MSTEE - ok
14:05:05.0226 4872 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
14:05:05.0241 4872 MTConfig - ok
14:05:05.0272 4872 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
14:05:05.0272 4872 Mup - ok
14:05:05.0319 4872 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
14:05:05.0366 4872 napagent - ok
14:05:05.0428 4872 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:05:05.0444 4872 NativeWifiP - ok
14:05:05.0538 4872 [ DFE14D63F0F649EE94A9E3442B7C8F2C ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
14:05:05.0600 4872 NAUpdate - ok
14:05:05.0647 4872 [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
14:05:05.0694 4872 NBVol - ok
14:05:05.0709 4872 [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
14:05:05.0755 4872 NBVolUp - ok
14:05:05.0825 4872 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
14:05:05.0835 4872 NDIS - ok
14:05:05.0882 4872 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:05:05.0897 4872 NdisCap - ok
14:05:05.0944 4872 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:05:05.0960 4872 NdisTapi - ok
14:05:05.0975 4872 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:05:06.0038 4872 Ndisuio - ok
14:05:06.0053 4872 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:05:06.0116 4872 NdisWan - ok
14:05:06.0116 4872 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:05:06.0178 4872 NDProxy - ok
14:05:06.0209 4872 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:05:06.0225 4872 NetBIOS - ok
14:05:06.0240 4872 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:05:06.0287 4872 NetBT - ok
14:05:06.0303 4872 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
14:05:06.0303 4872 Netlogon - ok
14:05:06.0365 4872 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
14:05:06.0412 4872 Netman - ok
14:05:06.0412 4872 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
14:05:06.0428 4872 netprofm - ok
14:05:06.0459 4872 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:05:06.0459 4872 NetTcpPortSharing - ok
14:05:06.0490 4872 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:05:06.0506 4872 nfrd960 - ok
14:05:06.0537 4872 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
14:05:06.0630 4872 NisDrv - ok
14:05:06.0646 4872 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:05:06.0708 4872 NisSrv - ok
14:05:06.0740 4872 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
14:05:06.0771 4872 NlaSvc - ok
14:05:06.0802 4872 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:05:06.0818 4872 Npfs - ok
14:05:06.0833 4872 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
14:05:06.0849 4872 nsi - ok
14:05:06.0880 4872 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:05:06.0880 4872 nsiproxy - ok
14:05:07.0036 4872 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:05:07.0130 4872 Ntfs - ok
14:05:07.0145 4872 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
14:05:07.0161 4872 Null - ok
14:05:07.0192 4872 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
14:05:07.0254 4872 nvraid - ok
14:05:07.0270 4872 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
14:05:07.0317 4872 nvstor - ok
14:05:07.0332 4872 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:05:07.0332 4872 nv_agp - ok
14:05:07.0379 4872 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:05:07.0395 4872 ohci1394 - ok
14:05:07.0457 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:05:07.0473 4872 p2pimsvc - ok
14:05:07.0504 4872 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
14:05:07.0520 4872 p2psvc - ok
14:05:07.0566 4872 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
14:05:07.0598 4872 Parport - ok
14:05:07.0644 4872 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
14:05:07.0691 4872 partmgr - ok
14:05:07.0722 4872 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
14:05:07.0754 4872 PcaSvc - ok
14:05:07.0800 4872 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
14:05:07.0863 4872 pci - ok
14:05:07.0925 4872 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
14:05:07.0925 4872 pciide - ok
14:05:07.0972 4872 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:05:07.0988 4872 pcmcia - ok
14:05:08.0003 4872 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
14:05:08.0019 4872 pcw - ok
14:05:08.0034 4872 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:05:08.0066 4872 PEAUTH - ok
14:05:08.0175 4872 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
14:05:08.0222 4872 PerfHost - ok
14:05:08.0284 4872 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
14:05:08.0346 4872 PGEffect - ok
14:05:08.0456 4872 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
14:05:08.0534 4872 pla - ok
14:05:08.0580 4872 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:05:08.0658 4872 PlugPlay - ok
14:05:08.0690 4872 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:05:08.0736 4872 PNRPAutoReg - ok
14:05:08.0752 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:05:08.0768 4872 PNRPsvc - ok
14:05:08.0846 4872 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:05:08.0924 4872 PolicyAgent - ok
14:05:08.0955 4872 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
14:05:08.0955 4872 Power - ok
14:05:09.0017 4872 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:05:09.0111 4872 PptpMiniport - ok
14:05:09.0126 4872 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
14:05:09.0142 4872 Processor - ok
14:05:09.0173 4872 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
14:05:09.0236 4872 ProfSvc - ok
14:05:09.0251 4872 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
14:05:09.0251 4872 ProtectedStorage - ok
14:05:09.0282 4872 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:05:09.0282 4872 Psched - ok
14:05:09.0345 4872 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
14:05:09.0407 4872 ql2300 - ok
14:05:09.0454 4872 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
14:05:09.0454 4872 ql40xx - ok
14:05:09.0485 4872 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
14:05:09.0516 4872 QWAVE - ok
14:05:09.0532 4872 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:05:09.0548 4872 QWAVEdrv - ok
14:05:09.0563 4872 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:05:09.0579 4872 RasAcd - ok
14:05:09.0610 4872 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:05:09.0626 4872 RasAgileVpn - ok
14:05:09.0657 4872 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
14:05:09.0684 4872 RasAuto - ok
14:05:09.0714 4872 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:05:09.0774 4872 Rasl2tp - ok
14:05:09.0794 4872 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
14:05:09.0857 4872 RasMan - ok
14:05:09.0888 4872 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:05:09.0904 4872 RasPppoe - ok
14:05:09.0919 4872 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:05:09.0935 4872 RasSstp - ok
14:05:09.0966 4872 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:05:10.0028 4872 rdbss - ok
14:05:10.0060 4872 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
14:05:10.0075 4872 rdpbus - ok
14:05:10.0091 4872 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:05:10.0091 4872 RDPCDD - ok
14:05:10.0122 4872 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:05:10.0122 4872 RDPENCDD - ok
14:05:10.0138 4872 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:05:10.0153 4872 RDPREFMP - ok
14:05:10.0184 4872 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:05:10.0231 4872 RDPWD - ok
14:05:10.0262 4872 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:05:10.0309 4872 rdyboost - ok
14:05:10.0356 4872 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
14:05:10.0418 4872 RemoteAccess - ok
14:05:10.0465 4872 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:05:10.0496 4872 RemoteRegistry - ok
14:05:10.0528 4872 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
14:05:10.0543 4872 RFCOMM - ok
14:05:10.0574 4872 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:05:10.0606 4872 RpcEptMapper - ok
14:05:10.0637 4872 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
14:05:10.0652 4872 RpcLocator - ok
14:05:10.0684 4872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
14:05:10.0684 4872 RpcSs - ok
14:05:10.0715 4872 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:05:10.0730 4872 rspndr - ok
14:05:10.0762 4872 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
14:05:10.0840 4872 RSUSBSTOR - ok
14:05:10.0886 4872 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
14:05:10.0933 4872 RTL8167 - ok
14:05:10.0949 4872 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
14:05:10.0949 4872 SamSs - ok
14:05:10.0964 4872 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:05:11.0011 4872 sbp2port - ok
14:05:11.0058 4872 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
14:05:11.0089 4872 SCardSvr - ok
14:05:11.0152 4872 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:05:11.0198 4872 scfilter - ok
14:05:11.0276 4872 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
14:05:11.0370 4872 Schedule - ok
14:05:11.0401 4872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
14:05:11.0401 4872 SCPolicySvc - ok
14:05:11.0448 4872 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:05:11.0526 4872 SDRSVC - ok
14:05:11.0573 4872 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:05:11.0604 4872 secdrv - ok
14:05:11.0651 4872 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
14:05:11.0698 4872 seclogon - ok
14:05:11.0729 4872 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
14:05:11.0729 4872 SENS - ok
14:05:11.0760 4872 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
14:05:11.0791 4872 SensrSvc - ok
14:05:11.0807 4872 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
14:05:11.0822 4872 Serenum - ok
14:05:11.0854 4872 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
14:05:11.0885 4872 Serial - ok
14:05:11.0916 4872 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
14:05:11.0932 4872 sermouse - ok
14:05:11.0978 4872 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
14:05:12.0056 4872 SessionEnv - ok
14:05:12.0072 4872 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:05:12.0088 4872 sffdisk - ok
14:05:12.0088 4872 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:05:12.0103 4872 sffp_mmc - ok
14:05:12.0119 4872 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:05:12.0166 4872 sffp_sd - ok
14:05:12.0197 4872 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
14:05:12.0212 4872 sfloppy - ok
14:05:12.0259 4872 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
14:05:12.0290 4872 SharedAccess - ok
14:05:12.0322 4872 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:05:12.0353 4872 ShellHWDetection - ok
14:05:12.0431 4872 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
14:05:12.0446 4872 SiSRaid2 - ok
14:05:12.0478 4872 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:05:12.0493 4872 SiSRaid4 - ok
14:05:12.0524 4872 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:05:18.0326 4872 SkypeUpdate - ok
14:05:18.0388 4872 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:05:18.0420 4872 Smb - ok
14:05:18.0466 4872 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:05:18.0482 4872 SNMPTRAP - ok
14:05:18.0498 4872 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
14:05:18.0498 4872 spldr - ok
14:05:18.0529 4872 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
14:05:18.0576 4872 Spooler - ok
14:05:18.0700 4872 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
14:05:18.0732 4872 sppsvc - ok
14:05:18.0747 4872 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:05:18.0763 4872 sppuinotify - ok
14:05:18.0794 4872 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
14:05:18.0856 4872 srv - ok
14:05:18.0888 4872 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:05:18.0950 4872 srv2 - ok
14:05:18.0950 4872 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:05:19.0012 4872 srvnet - ok
14:05:19.0075 4872 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:05:19.0075 4872 SSDPSRV - ok
14:05:19.0106 4872 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
14:05:19.0122 4872 SstpSvc - ok
14:05:19.0153 4872 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
14:05:19.0153 4872 stexstor - ok
14:05:19.0231 4872 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
14:05:19.0309 4872 stisvc - ok
14:05:19.0340 4872 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:05:19.0356 4872 swenum - ok
14:05:19.0387 4872 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
14:05:19.0449 4872 swprv - ok
14:05:19.0496 4872 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:05:19.0543 4872 SynTP - ok
14:05:19.0621 4872 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
14:05:19.0636 4872 SysMain - ok
14:05:19.0652 4872 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
14:05:19.0699 4872 TabletInputService - ok
14:05:19.0730 4872 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
14:05:19.0777 4872 TapiSrv - ok
14:05:19.0808 4872 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
14:05:19.0808 4872 TBS - ok
14:05:19.0870 4872 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:05:19.0933 4872 Tcpip - ok
14:05:19.0980 4872 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:05:19.0995 4872 TCPIP6 - ok
14:05:20.0026 4872 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:05:20.0089 4872 tcpipreg - ok
14:05:20.0104 4872 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
14:05:20.0151 4872 tdcmdpst - ok
14:05:20.0183 4872 TDEIO - ok
14:05:20.0198 4872 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:05:20.0198 4872 TDPIPE - ok
14:05:20.0229 4872 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:05:20.0276 4872 TDTCP - ok
14:05:20.0323 4872 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:05:20.0417 4872 tdx - ok
14:05:20.0463 4872 [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
14:05:20.0557 4872 TemproMonitoringService - ok
14:05:20.0557 4872 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:05:20.0604 4872 TermDD - ok
14:05:20.0635 4872 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
14:05:20.0697 4872 TermService - ok
14:05:20.0713 4872 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
14:05:20.0729 4872 Themes - ok
14:05:20.0760 4872 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
14:05:20.0760 4872 THREADORDER - ok
14:05:20.0822 4872 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:05:20.0900 4872 TMachInfo - ok
14:05:20.0900 4872 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
14:05:20.0963 4872 TODDSrv - ok
14:05:21.0041 4872 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:05:21.0119 4872 TosCoSrv - ok
14:05:21.0197 4872 [ A22DEB5EC05FEBFDCA1D3FF70FA1FF46 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
14:05:21.0275 4872 TOSHIBA Bluetooth Service - ok
14:05:21.0306 4872 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:05:21.0368 4872 TOSHIBA eco Utility Service - ok
14:05:21.0415 4872 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:05:21.0415 4872 TOSHIBA HDD SSD Alert Service - ok
14:05:21.0446 4872 [ B9FA0498F6CC596FFA5CF47A04CD1785 ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
14:05:21.0493 4872 tosrfbd - ok
14:05:21.0509 4872 Tosrfcom - ok
14:05:21.0524 4872 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
14:05:21.0571 4872 tosrfec - ok
14:05:21.0587 4872 [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
14:05:21.0633 4872 Tosrfhid - ok
14:05:21.0649 4872 [ AF8A0D2E2A41043A77CA77CCBDB8D9C2 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
14:05:21.0696 4872 Tosrfusb - ok
14:05:21.0743 4872 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
14:05:21.0821 4872 tos_sps64 - ok
14:05:21.0867 4872 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
14:05:21.0867 4872 TPCHSrv - ok
14:05:21.0899 4872 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
14:05:21.0930 4872 TrkWks - ok
14:05:21.0977 4872 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:05:22.0023 4872 TrustedInstaller - ok
14:05:22.0039 4872 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:05:22.0086 4872 tssecsrv - ok
14:05:22.0117 4872 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:05:22.0179 4872 TsUsbFlt - ok
14:05:22.0195 4872 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
14:05:22.0242 4872 TsUsbGD - ok
14:05:22.0273 4872 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:05:22.0320 4872 tunnel - ok
14:05:22.0367 4872 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:05:22.0398 4872 TVALZ - ok
14:05:22.0445 4872 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
14:05:22.0491 4872 TVALZFL - ok
14:05:22.0507 4872 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:05:22.0523 4872 uagp35 - ok
14:05:22.0554 4872 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:05:22.0647 4872 udfs - ok
14:05:22.0679 4872 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:05:22.0710 4872 UI0Detect - ok
14:05:22.0710 4872 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:05:22.0725 4872 uliagpkx - ok
14:05:22.0741 4872 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:05:22.0788 4872 umbus - ok
14:05:22.0819 4872 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
14:05:22.0835 4872 UmPass - ok
14:05:22.0866 4872 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
14:05:22.0866 4872 upnphost - ok
14:05:22.0897 4872 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:05:22.0944 4872 usbccgp - ok
14:05:22.0959 4872 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:05:22.0975 4872 usbcir - ok
14:05:23.0006 4872 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
14:05:23.0053 4872 usbehci - ok
14:05:23.0115 4872 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:05:23.0178 4872 usbhub - ok
14:05:23.0193 4872 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
14:05:23.0240 4872 usbohci - ok
14:05:23.0256 4872 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:05:23.0271 4872 usbprint - ok
14:05:23.0303 4872 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:05:23.0303 4872 usbscan - ok
14:05:23.0334 4872 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:05:23.0349 4872 USBSTOR - ok
14:05:23.0349 4872 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:05:23.0412 4872 usbuhci - ok
14:05:23.0427 4872 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
14:05:23.0490 4872 usbvideo - ok
14:05:23.0521 4872 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
14:05:23.0552 4872 UxSms - ok
14:05:23.0568 4872 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
14:05:23.0583 4872 VaultSvc - ok
14:05:23.0615 4872 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:05:23.0615 4872 vdrvroot - ok
14:05:23.0661 4872 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
14:05:23.0739 4872 vds - ok
14:05:23.0771 4872 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:05:23.0771 4872 vga - ok
14:05:23.0786 4872 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
14:05:23.0802 4872 VgaSave - ok
14:05:23.0817 4872 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:05:23.0880 4872 vhdmp - ok
14:05:23.0895 4872 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
14:05:23.0895 4872 viaide - ok
14:05:23.0911 4872 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:05:23.0958 4872 volmgr - ok
14:05:23.0973 4872 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:05:24.0036 4872 volmgrx - ok
14:05:24.0036 4872 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
14:05:24.0098 4872 volsnap - ok
14:05:24.0114 4872 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:05:24.0114 4872 vsmraid - ok
14:05:24.0176 4872 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
14:05:24.0285 4872 VSS - ok
14:05:24.0301 4872 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:05:24.0332 4872 vwifibus - ok
14:05:24.0379 4872 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:05:24.0410 4872 vwififlt - ok
14:05:24.0426 4872 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
14:05:24.0457 4872 W32Time - ok
14:05:24.0473 4872 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
14:05:24.0488 4872 WacomPen - ok
14:05:24.0504 4872 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:05:24.0566 4872 WANARP - ok
14:05:24.0566 4872 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:05:24.0566 4872 Wanarpv6 - ok
14:05:24.0629 4872 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:05:24.0691 4872 WatAdminSvc - ok
14:05:24.0738 4872 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
14:05:24.0847 4872 wbengine - ok
14:05:24.0878 4872 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:05:24.0909 4872 WbioSrvc - ok
14:05:24.0925 4872 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
14:05:24.0972 4872 wcncsvc - ok
14:05:25.0003 4872 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:05:25.0019 4872 WcsPlugInService - ok
14:05:25.0050 4872 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
14:05:25.0065 4872 Wd - ok
14:05:25.0128 4872 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:05:25.0143 4872 Wdf01000 - ok
14:05:25.0159 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
14:05:25.0190 4872 WdiServiceHost - ok
14:05:25.0190 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
14:05:25.0190 4872 WdiSystemHost - ok
14:05:25.0221 4872 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
14:05:25.0268 4872 WebClient - ok
14:05:25.0315 4872 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
14:05:25.0346 4872 Wecsvc - ok
14:05:25.0362 4872 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:05:25.0362 4872 wercplsupport - ok
14:05:25.0393 4872 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
14:05:25.0409 4872 WerSvc - ok
14:05:25.0440 4872 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:05:25.0471 4872 WfpLwf - ok
14:05:25.0471 4872 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:05:25.0487 4872 WIMMount - ok
14:05:25.0518 4872 WinDefend - ok
14:05:25.0533 4872 WinHttpAutoProxySvc - ok
14:05:25.0611 4872 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:05:25.0674 4872 Winmgmt - ok
14:05:25.0752 4872 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
14:05:25.0861 4872 WinRM - ok
14:05:25.0923 4872 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
14:05:25.0970 4872 Wlansvc - ok
14:05:26.0017 4872 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:05:26.0095 4872 wlcrasvc - ok
14:05:26.0189 4872 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:05:26.0251 4872 wlidsvc - ok
14:05:26.0267 4872 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
14:05:26.0282 4872 WmiAcpi - ok
14:05:26.0313 4872 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:05:26.0329 4872 wmiApSrv - ok
14:05:26.0376 4872 WMPNetworkSvc - ok
14:05:26.0407 4872 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
14:05:26.0454 4872 WPCSvc - ok
14:05:26.0485 4872 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:05:26.0516 4872 WPDBusEnum - ok
14:05:26.0532 4872 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:05:26.0547 4872 ws2ifsl - ok
14:05:26.0563 4872 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
14:05:26.0579 4872 wscsvc - ok
14:05:26.0579 4872 WSearch - ok
14:05:26.0657 4872 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
14:05:26.0719 4872 wuauserv - ok
14:05:26.0750 4872 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:05:26.0797 4872 WudfPf - ok
14:05:26.0828 4872 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:05:26.0844 4872 WUDFRd - ok
14:05:26.0859 4872 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:05:26.0906 4872 wudfsvc - ok
14:05:26.0922 4872 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
14:05:26.0969 4872 WwanSvc - ok
14:05:27.0000 4872 ================ Scan global ===============================
14:05:27.0031 4872 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
14:05:27.0109 4872 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
14:05:27.0187 4872 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
14:05:27.0203 4872 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
14:05:27.0249 4872 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
14:05:27.0249 4872 [Global] - ok
14:05:27.0249 4872 ================ Scan MBR ==================================
14:05:27.0265 4872 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
14:05:27.0452 4872 \Device\Harddisk0\DR0 - ok
14:05:27.0452 4872 [ 7C0621E4195F0EE59D9EC46CC448E0CE ] \Device\Harddisk1\DR1
14:05:30.0089 4872 \Device\Harddisk1\DR1 - ok
14:05:30.0089 4872 ================ Scan VBR ==================================
14:05:30.0182 4872 [ AD43E7E7664E640AAB12B8E5FE33ACB9 ] \Device\Harddisk0\DR0\Partition1
14:05:30.0182 4872 \Device\Harddisk0\DR0\Partition1 - ok
14:05:30.0182 4872 ============================================================
14:05:30.0182 4872 Scan finished
14:05:30.0182 4872 ============================================================
14:05:30.0198 0936 Detected object count: 0
14:05:30.0198 0936 Actual detected object count: 0




OTL logfile created on: 17/09/2012 14:08:06 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.89 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.70% Memory free
15.78 Gb Paging File | 13.92 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578.83 Gb Total Space | 523.92 Gb Free Space | 90.51% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: NEIL-TOSH | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 13:55:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/01/21 00:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/11/04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/03/14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/25 17:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/16 07:16:48 | 000,583,088 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/12/14 23:11:38 | 000,833,976 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/11/26 02:52:36 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/11/24 21:20:38 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/01/28 12:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/10 01:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/15 11:58:56 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/05/10 15:20:46 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/01/21 00:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/11/04 14:40:06 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/04/02 01:42:00 | 000,198,064 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011/03/14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2011/02/10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/10 15:11:04 | 014,759,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/01/30 22:14:00 | 000,304,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2012/01/05 11:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/05 11:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/05 11:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/30 08:25:10 | 002,799,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/12/19 20:15:10 | 000,411,920 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/12/17 01:24:00 | 000,079,040 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2011/12/06 11:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/12/01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/24 05:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/17 22:27:06 | 000,251,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/08/09 01:53:28 | 000,045,168 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/30 18:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/06/19 00:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/15 00:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 23:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/20 03:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BFB351F1-13A2-442D-811A-71CE2F97A39D}
IE:64bit: - HKLM\..\SearchScopes\{BFB351F1-13A2-442D-811A-71CE2F97A39D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {BFB351F1-13A2-442D-811A-71CE2F97A39D}
IE - HKLM\..\SearchScopes\{BFB351F1-13A2-442D-811A-71CE2F97A39D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={84F16873-EBA7-438A-8658-3C7D9D17E168}&mid=9e6f56ae2e5347d092e49d3bffdb48d8-fd64b00638ccfbb2b911ef0497b22876b0554bc0&lang=en&ds=AVG&pr=pr&d=2012-09-10 12:38:51&v=12.2.5.33&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\..\SearchScopes\{BFB351F1-13A2-442D-811A-71CE2F97A39D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB495
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={32AA0BD5-8BA8-4131-ABBE-FA51CB74FCD0}&mid=9e6f56ae2e5347d092e49d3bffdb48d8-fd64b00638ccfbb2b911ef0497b22876b0554bc0&lang=en&ds=AVG&pr=pr&d=2012-09-06 19:48:42&v=12.2.5.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\..\SearchScopes\{BFB351F1-13A2-442D-811A-71CE2F97A39D}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enGB495GB496
IE - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/01 13:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/10 13:29:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/09/13 12:21:23 | 000,000,000 | ---D | M]

[2012/09/13 12:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Extensions
[2012/09/13 12:50:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\neil\AppData\Roaming\Mozilla\Firefox\Profiles\92osivq9.default\extensions
[2012/07/26 11:27:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/03 18:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/10 12:38:46 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/12/03 18:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 18:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\neil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.4_0\

O1 HOSTS File: ([2012/09/12 12:43:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120913122021.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120913122021.dll (McAfee, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3518789708-1090890537-801750722-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3518789708-1090890537-801750722-1001..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
O4 - Startup: C:\Users\cathy-temp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3518789708-1090890537-801750722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3518789708-1090890537-801750722-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D80E7C60-1E9F-4CED-98D4-03681597038D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/30 09:28:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/17 19:34:43 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/17 14:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/13 13:39:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/13 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Mozilla
[2012/09/13 12:35:43 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\Mozilla
[2012/09/13 12:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/09/13 12:20:21 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeclnk.sys
[2012/09/13 12:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/09/13 12:20:08 | 000,647,208 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfehidk.sys
[2012/09/13 12:20:08 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfefirek.sys
[2012/09/13 12:20:08 | 000,289,664 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfewfpk.sys
[2012/09/13 12:20:08 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeavfk.sys
[2012/09/13 12:20:08 | 000,160,792 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys
[2012/09/13 12:20:08 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mferkdet.sys
[2012/09/13 12:20:08 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfenlfk.sys
[2012/09/13 12:20:08 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\cfwids.sys
[2012/09/13 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/09/13 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/09/13 12:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/13 12:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/09/13 11:53:39 | 000,160,280 | R--- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfeapfk.sys.1452.deleteme
[2012/09/13 11:53:38 | 000,647,080 | R--- | C] (McAfee, Inc.) -- C:\windows\SysNative\drivers\mfehidk.sys.c9b3.deleteme
[2012/09/12 13:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/12 12:46:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/12 12:46:05 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\temp
[2012/09/12 11:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/12 11:48:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/12 11:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/12 10:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/09/12 09:07:42 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 09:07:39 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/12 09:07:37 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/09/12 09:07:37 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 13:28:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/10 13:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/10 13:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/10 13:20:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/10 12:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/10 12:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/10 12:27:51 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Malwarebytes
[2012/09/10 12:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 12:27:18 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/09/10 11:57:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/10 11:57:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/10 11:57:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/10 11:57:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/10 11:57:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/09/09 09:00:11 | 000,000,000 | ---D | C] -- C:\Users\neil\Desktop\AOL Saved PFC
[2012/09/09 08:53:37 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\TOSHIBA Online Product Information
[2012/09/09 08:36:37 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\BullGuard
[2012/09/09 08:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BullGuard
[2012/09/06 19:50:31 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\AVG2013
[2012/09/06 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\TuneUp Software
[2012/09/06 19:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/06 19:47:24 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/09/06 19:25:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/06 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\MFAData
[2012/09/06 19:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/06 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\Avg2013
[2012/09/06 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Local\Nero_AG
[2012/09/06 14:42:45 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Nero
[2012/09/06 14:42:29 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\Skype
[2012/09/06 14:38:00 | 000,000,000 | ---D | C] -- C:\Users\neil\AppData\Roaming\WildTangent
[2012/09/06 14:24:23 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2012/09/17 14:04:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 14:04:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 14:04:24 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/09/17 14:03:04 | 000,729,688 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/17 14:03:04 | 000,630,560 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/17 14:03:04 | 000,111,612 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/17 14:00:05 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/17 13:58:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/17 13:57:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/17 13:57:30 | 2060,820,479 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/17 10:29:13 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/12 12:43:51 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/12 11:49:39 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 16:09:12 | 000,002,752 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2012/09/10 13:29:34 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/10 12:56:04 | 000,002,127 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/10 12:28:31 | 000,735,230 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/10 11:47:23 | 000,000,544 | ---- | M] () -- C:\windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/09/09 09:08:42 | 000,001,450 | ---- | M] () -- C:\Users\neil\Desktop\Internet Explorer.lnk
[2012/09/09 09:02:14 | 000,000,136 | ---- | M] () -- C:\Users\neil\Desktop\Spider Solitaire - Shortcut.lnk
[2012/09/09 09:00:11 | 000,000,002 | ---- | M] () -- C:\windows\msoffice.ini
[2012/09/09 08:30:38 | 027,313,976 | ---- | M] () -- C:\Users\Public\Desktop\BullGuard Internet Security Install.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/05 11:59:57 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/22 19:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
[2012/08/22 19:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS

========== Files Created - No Company Name ==========

[2012/09/13 12:21:27 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/09/12 11:48:17 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 13:29:34 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/10 12:28:37 | 000,002,127 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/09/10 12:28:33 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/10 12:28:31 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/09/10 11:57:32 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/10 11:57:32 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/10 11:57:32 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/10 11:57:32 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/10 11:57:32 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/10 11:47:23 | 000,000,544 | ---- | C] () -- C:\windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/09/09 09:08:42 | 000,001,450 | ---- | C] () -- C:\Users\neil\Desktop\Internet Explorer.lnk
[2012/09/09 09:02:14 | 000,000,136 | ---- | C] () -- C:\Users\neil\Desktop\Spider Solitaire - Shortcut.lnk
[2012/09/09 09:00:11 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2012/09/09 08:30:05 | 027,313,976 | ---- | C] () -- C:\Users\Public\Desktop\BullGuard Internet Security Install.exe
[2012/08/01 14:10:53 | 000,000,290 | ---- | C] () -- C:\windows\wininit.ini
[2012/08/01 14:05:47 | 000,160,951 | ---- | C] () -- C:\windows\SysWow64\drivers\gtipdsp_.bin
[2012/08/01 13:50:06 | 000,001,057 | ---- | C] () -- C:\windows\aolback.exe.lnk
[2012/08/01 13:47:01 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2012/06/27 09:10:39 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/05/10 15:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 14:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 20:51:06 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 20:51:04 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 20:51:04 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

< End of report >



OTL Extras logfile created on: 17/09/2012 14:08:06 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.89 Gb Total Physical Memory | 6.29 Gb Available Physical Memory | 79.70% Memory free
15.78 Gb Paging File | 13.92 Gb Available in Paging File | 88.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578.83 Gb Total Space | 523.92 Gb Free Space | 90.51% Space Free | Partition Type: NTFS
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: NEIL-TOSH | User Name: neil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A2FF4-F55B-4222-8457-3C261E3B1D5B}" = lport=445 | protocol=6 | dir=in | app=system |
"{029AE177-4FEF-4D66-8764-2B7CE2D59146}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06FC2E17-6819-49F0-A1A1-35402D17AA4F}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{100EB157-B603-4FF0-A2EB-EB607A852ECD}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{253022BC-1BB8-4F96-A1F8-148441642D20}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2DDA2BCE-D0D0-4957-862B-B9DB9BC40C21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36AB40AC-53AC-4FE9-B665-BEFE990F06CE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C00CE55-937C-4EF1-A6FD-17912EFB4996}" = lport=138 | protocol=17 | dir=in | app=system |
"{434A0DC4-C0BF-4AE4-BB3B-D484CD3D2559}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{4A93C59A-4D0A-4183-8ECA-D209E89C56E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{504B8B07-F4E9-4CF1-AE7A-7BFC6B4202D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{521EC205-86B7-456F-98FF-FFD7BF35B9D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{682AADE9-8664-4C39-9798-4B4D161DBE98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74AE8C08-D988-4861-86A2-E16598F2032E}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{7A0EB818-089C-4BD6-8F92-CE0214EAB4A3}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F2606FC-39BC-4AA8-973C-357D151337A8}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{935A2EAC-6EEE-4116-85D8-C96D56D8D80E}" = rport=445 | protocol=6 | dir=out | app=system |
"{949A56B3-4EA5-44C2-95D1-F35AA549C151}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{9AB96C90-F69B-492A-837D-C0712739CA41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1A9EF7C-5B8E-44DB-BC54-C41C37AF12E3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B3940711-447C-4359-A72C-03BD93C1062B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B577A4B5-0E94-4269-9476-D61600E6392B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B7809463-F15D-4052-9E60-EC5B2C3C2D46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B90D38A1-6418-4391-803F-3AEC780CC3E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C7E8326B-5618-4AD0-BF7C-162F9D888D9C}" = rport=137 | protocol=17 | dir=out | app=system |
"{DDF016F1-AF85-4ACA-B78A-611448D6D6C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0AF0AD2-AD42-49B4-9B7C-93DECC04D748}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F469D815-0D36-45AB-BF53-EBFD0C65FCBA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F4DECC0A-BEF8-47DC-BC6D-70D0E14A943A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F74BF9B3-FACE-459F-8943-A84AB66FBCFE}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE79FC64-B084-4405-B902-D06E7E4EBE71}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE33B4-B8E7-460C-BEEA-8988E0B6109E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{04CA53FE-0F2C-4267-B5E0-934076F76620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0862D624-DF51-48A8-B1BA-8D7919403ECE}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{09A70EBF-81B7-4B3F-95DB-7490219564BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10240D88-EC12-49FD-99B3-1D3604FD9381}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1294718A-025F-4C24-BF97-0B9C755D3F18}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12D20BA8-5AF4-4C68-BF9B-A2E1136B55C8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{1D0AC0BF-F3A6-409F-9AAA-9E86627EAF67}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{1DF82F3A-8145-4628-BD82-4303A1E281A8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{27B2E556-FCEE-42E5-B08A-F3405B4A78BC}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{2C013D65-3CCD-4068-BE9E-A8CEF1D9A993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E2FD54-1DB8-4EEF-870C-D60D0DAFCB0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{343316E9-BB39-4A2E-998A-EB6FA480156A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{354D0081-8008-4EC8-8F21-D8EB842DD589}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37A704EF-DEC3-4849-A35E-6B2E254D8CDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F464444-AE6A-4E56-83F4-E3146F08E334}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{3F741F08-72A0-4C79-AA2B-41AF98C0D538}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{526DBC25-CB1C-4C40-8E2D-7957F69BD7B9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{58016C6A-7266-441D-8B9D-10058B68EFC9}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{609C2DA8-1D04-41DF-B09E-14B105B00206}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{70D83A29-233A-4E32-9B42-8F457E82FD18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{834E24DD-8799-4C87-B0DF-174C202C0E30}" = protocol=6 | dir=out | app=system |
"{843273B9-E915-4890-B69C-CB2818921749}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{892D2AB8-E162-494F-9B21-5BE133DCCBA8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8B425A6E-F89E-4E7D-8667-43C350D10342}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8D52D422-C9E4-4A86-B9E0-EBC21D5ACA72}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{952C38A6-C3EF-4D2F-A24B-DD5741ADA237}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9A2853BD-26DA-4C1C-AEF5-DD6F4EC2928A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{9A631E51-B482-4166-8E0E-25CE5D9FD91D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{9A9BB660-0F6B-4959-AE84-ABEC3B50146F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B3D3574-5003-4B0A-A65F-74AA697ABF4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A3BD1821-594B-4266-8915-B84DE0F5E31D}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{A605AD94-22C2-4BA2-BCBE-FD96F4173423}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B49B10AE-7B48-4F2E-A210-CE54203CBDCA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B7154285-5D59-4225-B4DB-61493E0871B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB9C4DFE-6F76-42FA-8B61-3B2F4BE7BDC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF5EB716-FA23-4ECC-93D2-5717838A4CF2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C285BED6-2C8D-46B9-BDA3-723A95BF4FE6}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{C9EB992A-8F33-414A-B7E2-293EE0E2E7A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE4F39DF-9B34-457D-800B-03F2F68E46A9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EED9A2D5-0CB8-45AB-BDDB-A4F869819BBE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3E94D24-C8AB-47CB-A11F-768321553761}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{FA94BC4D-9955-4BF1-B979-BCEE4D1643A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2C486987-D447-4E36-8D61-86E48E24199C}" = TOSHIBA eco Utility
"{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}" = Premium Sound HD
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{216DF734-6004-42C7-AFC9-A81DFD344BA8}" = Nero BurnRights 11
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2290A680-4083-410A-ADCC-7092C67FC052}" = TOSHIBA Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3C349576-B3B4-6708-F73C-DC2932065357}" = BBC iPlayer Desktop
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{461F6F0D-7173-4902-9604-AB1A29108AF2}" = TOSHIBA Places Icon Utility
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D2122D0-66F7-4A53-96FC-079C900B1CAF}" = Nero BurnRights 11 Help (CHM)
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}" = Nero 11 Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"KNOWHOW™ APP CENTRE 22447" = KNOWHOW™ APP CENTRE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee Internet Security
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1f48981e-276f-4f60-b1c6-ab633a327877" = Cake Mania
"WTA-20e6ca5a-f23e-46ab-892a-3b0e62698d01" = Virtual Villagers 4 - The Tree of Life
"WTA-23353755-eb2f-4c3f-9292-70200c565b9f" = Insaniquarium Deluxe
"WTA-45b5489b-f6fa-40e0-9534-997b4c61ab8f" = Aloha TriPeaks
"WTA-528ffe47-647e-488d-8417-f6cbe5f9187e" = Polar Bowler
"WTA-638aeecb-b653-4b53-a4c1-be6e40a057f0" = Bejeweled 3
"WTA-8bf93c38-0f38-4027-9227-173be2b839b6" = Plants vs. Zombies - Game of the Year
"WTA-926fd3d9-d8ea-4357-84b6-425922bd0e73" = Chuzzle Deluxe
"WTA-a2160ab8-2b5e-4960-a99e-68c0ec7fd1f7" = Jewel Quest Solitaire 2
"WTA-ab5307bf-5778-4b33-961a-4b2640b68850" = Mystery P.I. - The London Caper
"WTA-bd47f1e1-3928-4a23-b6cc-c32dacb9041c" = Agatha Christie - Death on the Nile

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/08/2012 06:06:44 | Computer Name = neil-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 19/08/2012 09:02:47 | Computer Name = neil-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 23/08/2012 10:54:27 | Computer Name = neil-TOSH | Source = WinMgmt | ID = 10
Description =

Error - 23/08/2012 10:54:32 | Computer Name = neil-TOSH | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.3:5353 19 3.1.168.192.in-addr.arpa.
PTR neil-TOSH-2.local.

Error - 23/08/2012 10:54:32 | Computer Name = neil-TOSH | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 17 3.1.168.192.in-addr.arpa.
PTR neil-TOSH.local.

Error - 23/08/2012 16:56:14 | Computer Name = neil-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/08/2012 16:56:14 | Computer Name = neil-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2200

Error - 23/08/2012 16:56:14 | Computer Name = neil-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2200

Error - 24/08/2012 09:07:57 | Computer Name = neil-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: GameConsole-wt.exe, version: 4.0.11.31,
time stamp: 0x4edebd8c Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting
process id: 0x2118 Faulting application start time: 0x01cd81f9682d5a80 Faulting application
path: C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe Faulting module
path: C:\windows\SysWOW64\ntdll.dll Report Id: b89f557c-edec-11e1-9709-4c72b93fa12b

Error - 25/08/2012 04:09:46 | Computer Name = neil-TOSH | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: Flash32_11_3_300_271.ocx, version: 11.3.300.271,
time stamp: 0x5026ff3f Exception code: 0xc0000005 Fault offset: 0x000b9aa4 Faulting
process id: 0x2474 Faulting application start time: 0x01cd8296955169f7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx Report Id: 3b012836-ee8c-11e1-9709-4c72b93fa12b

[ System Events ]
Error - 10/09/2012 07:31:45 | Computer Name = neil-TOSH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 10/09/2012 07:31:45 | Computer Name = neil-TOSH | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID=187316&clcid=0x409&arch=x64&eng=0.0.0.0&sig=0.0.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 10/09/2012 07:42:26 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 10/09/2012 07:42:33 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 10/09/2012 07:46:10 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 10/09/2012 07:46:16 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7024
Description = The AVG Firewall service terminated with service-specific error %%-536805289.

Error - 10/09/2012 07:47:44 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for DeleteFlag with the following
error: %%5

Error - 10/09/2012 07:49:05 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA

Error - 10/09/2012 07:53:54 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA

Error - 10/09/2012 08:00:41 | Computer Name = neil-TOSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA


< End of report >

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 17 September 2012 - 08:56 AM

My eyes hurt more than my head.:)

The ESET scan might take a couple of hours.

  • Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please update your Java to the latest version. See : http://www.java.com/en/download/help/java_update.xml

    Then uninstall any old Java if present.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.
  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • ESET Online Scanner:

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Vista and Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

    • Please go here then click on: Posted Image

      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

    • Select the option YES, I accept the Terms of Use then click on: Posted Image
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats and the option Scan archives are checked.
    • Now click on Advanced Settings and select the following:
    • Enable Anti-Stealth Technology
    • Now click on: Posted Image
    • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Press the BACK button.
    • Press Finish
    • Copy and paste that log as a reply to this topic.
    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 17 September 2012 - 08:58 AM

Please do the following before running ESET. You can do it right away before those steps or between them.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either McAfee or Microsoft Security Essentials.

#12 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 September 2012 - 09:40 AM

Steps 1, 2 & 3 done.

Java updated from 6.30 to 7.7 and only 56Mb of "junk" removed!

Currently running ESET ;)

I always intended having one anti-virus, MSE was installed due to account issues with McAfee (they say I have one - but I don't!). MSE was going to be uninstalled once account issue resolved. I have removed McAfee and disabled MSE for ESET scan.

So in the meantime, thank you very much for your help so far and I hope most people appreciate the effort you go to, to help them out!

#13 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 17 September 2012 - 10:53 AM

Results of ESET scan:

C:\FRST\Quarantine\TaskSchdPS.exe a variant of Win32/Kryptik.ALUU trojan cleaned by deleting - quarantined
C:\Users\cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3M6SUBYJ\889292622b75459f36ea46ac9f3548d3_stat[1].js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R5RMWN0F\889292622b75459f36ea46ac9f3548d3_stat[1].js HTML/Iframe.B.Gen virus deleted - quarantined

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,723 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:29 PM

Posted 17 September 2012 - 11:56 AM

It looks good and you are good to go. :thumbup2:

  • Please run OTL.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove OTL, and will require a reboot.
  • You may delete any tool or log we used from your computer.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing Dancin Homer. :)

#15 Dancin Homer

Dancin Homer
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:03:29 PM

Posted 18 September 2012 - 04:27 AM

Thank you so much Farbar - you have been an unbelievable help, which is greatly appreciated ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users