Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser redirect

Started by jnmarz30 , Oct 31 2011 08:18 PM

  • This topic is locked This topic is locked

#1
jnmarz30
Posted 31 October 2011 - 08:18 PM

jnmarz30

    Member

  • Member
  • PipPip
  • 16 posts
I am constantly getting redirected to other websites when clicking on searches in google or other search engines. I followed the steps in the Google Redirect and nothing was removed. When I ran TDSSKiller nothing was found, it ran completely. Below is my output of OTM and GooredFix

OTM:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Downloads\cmd.bat deleted successfully.
C:\Users\Nick\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nick
->Temp folder emptied: 215293 bytes
->Temporary Internet Files folder emptied: 46847555 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43863642 bytes
->Flash cache emptied: 8589 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8526992 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 95.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nick
->Flash cache emptied: 456 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10312011_215235

Files moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nick\AppData\Local\Temp\~DF7C89508897796ECF.TMP moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\1152131841@x23[1].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\dwReconcile[1].aspx moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\fbc6pse-i-17643740-10326[1].eot moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\iframe[2].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\login_status[1].php moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\programguide[1].txt moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SY16PA2P\sandbox[1].php moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0JFSQ6M\1903516215@x23[1].htm moved successfully.
File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0JFSQ6M\3661840[1].htm not found!
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0JFSQ6M\fbc6pse-i-17643741-10327[1].eot moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0JFSQ6M\mtvn-dest[1].htm moved successfully.
File C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1RGVAWL\3661527[1].htm not found!
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1RGVAWL\6181744637[1].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1RGVAWL\emily[2].html moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1RGVAWL\redirect_v93_cim_11_15_5[1].html moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1RGVAWL\themasthead-223055-03-30-2010[1].mp4 moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\1670608587@x23[1].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\about[1].txt moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\fw-nonplayer-banner[4].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\fw-nonplayer-banner[5].htm moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\tech[1].txt moved successfully.
C:\Users\Nick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92PBI4R1\xd_receiver[1].htm moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Nick\AppData\Local\Mozilla\Firefox\Profiles\0ddflzfc.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

GooredFix

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:01 on 31/10/2011 (Nick)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [18:20 22/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:49 16/05/2011]

C:\Users\Nick\Application Data\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\
[email protected] [04:17 03/06/2011]
{7e24c860-7331-4363-bbf8-c560a09efe51} [01:55 27/10/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox" [01:56 28/10/2011]

-=E.O.F=-

Thank you for any assistance you can offer.
  • 0

Advertisements

#2
Homburg
Posted 01 November 2011 - 03:54 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello jnmarz30 and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.

Please do the following:


Step 1:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in 

    netsvcs
%SYSTEMDRIVE%\*.exe
%USERPROFILE%\..|smtmp;true;true;true /FP
/md5start
explorer.*
winlogon.*
Userinit.*
svchost.*
sptd.*
ipsec.*
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Please remember to post both the OTL scan log and the aswMBR scan log

Homburg
  • 0

#3
jnmarz30
Posted 01 November 2011 - 07:57 PM

jnmarz30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello Homburg,

Thank you for assisting me and good luck with your training!

I ran both scans and I will post the output below:

OTL:

OTL logfile created on: 11/1/2011 9:26:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 54.98% Memory free
7.60 Gb Paging File | 5.82 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 404.60 Gb Free Space | 89.40% Space Free | Partition Type: NTFS
Drive D: | 7.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICKSLAPTOP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/10/28 18:17:44 | 000,181,712 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/10/28 18:17:40 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2011/06/14 13:23:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/22 16:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/03 12:41:06 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/27 22:20:08 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/07/02 01:27:14 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/07/02 01:27:12 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/30 04:11:44 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/28 18:17:40 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2011/06/14 13:23:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 13:40:00 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
DRV:64bit: - [2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/05/12 17:22:18 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/05/12 04:44:17 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/10 17:46:06 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/23 16:29:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/03/23 16:29:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 14:36:46 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/20 00:49:26 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV:64bit: - [2010/01/20 00:49:26 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/09/26 12:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/09/26 12:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2011/10/27 21:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 12:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/28 22:18:06 | 000,000,000 | ---D | M]

[2011/07/18 15:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/10/26 21:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions
[2011/10/26 21:55:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51}
[2011/06/03 00:17:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\[email protected]
[2011/06/03 00:17:13 | 000,001,919 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\searchplugins\bing-zugo.xml
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 12:41:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/10/03 12:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/10/31 21:58:45 | 000,000,138 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {145B445E-ABAD-4915-99B0-E243BE976E5f} - C:\Users\Nick\AppData\Local\ShellAdmin.dll (Microsoft Corporation)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [AppleBackupOnline] C:\ProgramData\AppleBackupOnline.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: netflix.com ([movies] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B92D423-8611-4057-BD20-924E7D32BC5C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31D54A3-7432-41F0-AFC3-839D8B1C745A}: DhcpNameServer = 50.20.0.20 50.20.0.21
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -C:\windows\SysWow64\UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/03 11:25:53 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


========== Files/Folders - Created Within 30 Days ==========

[2011/10/31 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\GooredFix Backups
[2011/10/31 21:52:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/30 21:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/10/30 20:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/28 18:17:36 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/10/28 18:17:36 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/10/28 18:17:36 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/10/28 18:17:36 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/10/28 18:17:36 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/10/28 18:17:34 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/10/28 18:17:34 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/10/28 18:17:34 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/10/28 18:17:34 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/10/28 18:17:34 | 000,103,888 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/10/28 18:17:34 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/10/28 18:17:34 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/10/27 22:20:13 | 000,202,320 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:13 | 000,143,824 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:13 | 000,099,024 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:57:07 | 000,257,872 | ---- | C] (CA, Inc.) -- C:\windows\SysNative\isafprod64.dll
[2011/10/27 21:57:07 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\windows\SysWow64\Isafprod.dll
[2011/10/27 21:57:07 | 000,141,136 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Isafeif64.dll
[2011/10/27 21:57:07 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Isafeif.dll
[2011/10/27 21:57:07 | 000,103,760 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Vetredir64.dll
[2011/10/27 21:57:07 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Vetredir.dll
[2011/10/27 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA
[2011/10/27 21:56:29 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2011/10/27 21:56:20 | 002,990,096 | ---- | C] (PureSight Technologies Ltd) -- C:\windows\SysWow64\winsflte.dll
[2011/10/27 21:56:17 | 000,000,000 | ---D | C] -- C:\windows\rnapxs
[2011/10/27 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2011/10/27 21:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2011/10/27 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/10/27 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2011/10/26 21:55:54 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Nick\AppData\Local\ShellAdmin.dll
[2011/10/26 21:55:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\AppleBackupOnline.dll
[2011/10/19 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Oct19
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Apple Computer
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple Computer
[2011/10/16 23:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/16 23:06:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/10/16 23:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/16 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple
[2011/10/16 23:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/16 23:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/11 10:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/10/10 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Windows Live
[2011/10/10 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9D4D333E-13EC-4C29-8C80-A6765D92B248}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DAD21B9D-4709-43F0-A0A1-85C25769D375}
[2011/10/09 10:51:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/10/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/11/01 21:28:45 | 000,000,384 | ---- | M] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/11/01 21:19:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 21:19:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/31 22:05:43 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 22:05:43 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/31 22:03:42 | 000,000,760 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/10/31 21:59:24 | 000,000,112 | ---- | M] () -- C:\windows\SysNative\drivers\kgpfr2.cfg
[2011/10/31 21:58:45 | 000,000,138 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/10/31 21:58:09 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/31 21:57:47 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 21:56:19 | 002,292,457 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/10/31 21:56:19 | 000,077,852 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/10/31 21:56:19 | 000,000,373 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/10/31 21:56:19 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/10/31 21:56:19 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/10/30 20:52:40 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/28 18:17:36 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/10/28 18:17:36 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/10/28 18:17:36 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/10/28 18:17:36 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/10/28 18:17:36 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/10/28 18:17:34 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/10/28 18:17:34 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/10/28 18:17:34 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/10/28 18:17:34 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/10/28 18:17:34 | 000,103,888 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/10/28 18:17:34 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/10/28 18:17:34 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/10/28 15:28:48 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/28 15:28:48 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/28 15:28:48 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:56:23 | 002,524,176 | ---- | M] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:23 | 001,744,912 | ---- | M] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/16 23:06:12 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/14 19:13:19 | 000,284,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/11 10:38:02 | 000,000,419 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:08:06 | 008,824,434 | ---- | M] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2011/10/31 21:59:24 | 000,000,112 | ---- | C] () -- C:\windows\SysNative\drivers\kgpfr2.cfg
[2011/10/31 21:59:02 | 000,000,760 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/10/30 21:34:07 | 000,000,280 | ---- | C] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/10/30 20:52:40 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/28 20:38:07 | 002,292,457 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/10/28 20:38:07 | 000,000,373 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/10/28 20:38:05 | 000,077,852 | ---- | C] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.dll
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysNative\cfgmig32.dll
[2011/10/27 21:57:12 | 000,263,504 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.exe
[2011/10/27 21:56:23 | 003,207,184 | ---- | C] () -- C:\windows\SysNative\mdmcls32.exe
[2011/10/27 21:56:21 | 004,108,304 | ---- | C] () -- C:\windows\SysWow64\win32cpr.dll
[2011/10/27 21:56:21 | 003,207,184 | ---- | C] () -- C:\windows\SysWow64\mdmcls32.exe
[2011/10/27 21:56:21 | 002,760,720 | ---- | C] () -- C:\windows\SysWow64\svcprs32.exe
[2011/10/27 21:56:21 | 002,524,176 | ---- | C] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:21 | 001,744,912 | ---- | C] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/27 21:56:21 | 000,289,296 | ---- | C] () -- C:\windows\SysNative\winsfinst.exe
[2011/10/27 21:56:21 | 000,098,320 | ---- | C] () -- C:\windows\SysWow64\winsfinst.exe
[2011/10/16 23:06:12 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/16 23:04:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/11 10:38:02 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:07:45 | 008,824,434 | ---- | C] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/05 23:01:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/02 22:45:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/05/22 14:22:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/19 10:46:50 | 000,000,235 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\devices.xml
[2011/05/19 10:46:50 | 000,000,012 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\settings.xml
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2011/06/13 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ICAClient
[2011/06/03 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PDFlite
[2011/10/31 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SoftGrid Client
[2011/05/19 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Tific
[2011/05/16 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Toshiba
[2011/06/05 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TP
[2011/05/16 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinBatch
[2011/10/20 21:24:53 | 000,032,596 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.ADML >
[2009/07/13 22:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 16:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 22:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 22:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: SVCHOST.EXE.MUI >
[2009/07/13 22:26:44 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\windows\SysNative\en-US\svchost.exe.mui
[2009/07/13 22:26:44 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
[2009/07/13 22:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
[2009/07/13 22:02:24 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui

< MD5 for: SVCHOST.EXE-8049FA24.PF >
[2011/11/01 21:33:13 | 000,008,328 | ---- | M] () MD5=5E43D7E36EE7C76531B2812C561B0793 -- C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2009/07/13 22:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\windows\SysNative\en-US\userinit.exe.mui
[2009/07/13 22:26:28 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe597d2ec03996d\userinit.exe.mui
[2009/07/13 22:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2009/07/13 22:03:34 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui

< MD5 for: WINLOGON.ADML >
[2009/07/13 22:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 17:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 09:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 22:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 22:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
[2009/07/13 16:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/03 12:41:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/03 12:41:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/03 12:41:04 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/10/26 04:10:47 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/20 00:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/20 00:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/14 23:45:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/10/27 22:07:48 | 001,207,686 | ---- | M] () -- C:\caisslog.txt
[2011/10/31 21:57:47 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/10/31 21:57:57 | 4083,007,488 | -HS- | M] () -- C:\pagefile.sys
[2011/05/17 07:12:52 | 000,154,544 | ---- | M] () -- C:\splash.bmp
[2011/10/31 22:05:06 | 000,079,888 | ---- | M] () -- C:\TDSSKiller.2.6.14.0_31.10.2011_22.03.37_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< End of report >

Extras:

OTL Extras logfile created on: 11/1/2011 9:26:00 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 54.98% Memory free
7.60 Gb Paging File | 5.82 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 404.60 Gb Free Space | 89.40% Space Free | Partition Type: NTFS
Drive D: | 7.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICKSLAPTOP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3A591D1-C991-4722-B40D-C4A80C2A6D05}" = HIPS
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CAAPH2" = APH placeholder
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"eTrust Suite Personal" = CA Internet Security Suite
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A05B328-35EB-4CED-B16F-62FA5A2642E6}" =
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA1EA42A-B02E-4210-882C-717416D96E65}" = STOPzilla
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDFlite" = PDFlite (remove only)
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT089366" = Cake Mania - Lights, Camera, Action!™
"WT089368" = FATE - The Traitor Soul
"WT089379" = Mystery P.I. - The London Caper
"WT089381" = Slingo Supreme
"WT089386" = Governor of Poker 2 Premium Edition
"WT089395" = Plants vs. Zombies - Game of the Year

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2011 5:52:11 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 9/23/2011 6:32:28 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 9/23/2011 8:37:40 PM | Computer Name = NicksLaptop | Source = System Restore | ID = 8193
Description =

Error - 9/29/2011 12:38:59 PM | Computer Name = NicksLaptop | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 10/1/2011 9:05:57 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 10/1/2011 9:10:20 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 10/11/2011 11:29:42 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 10/11/2011 11:32:18 AM | Computer Name = NicksLaptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 7.0.1.4288 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ee8 Start
Time: 01cc882ad1fb04d3 Termination Time: 16 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 2f097b01-f41e-11e0-8648-e89a8f2fd587

Error - 10/13/2011 6:02:54 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

Error - 10/14/2011 5:25:07 AM | Computer Name = NicksLaptop | Source = Toshiba App Place | ID = 0
Description =

[ System Events ]
Error - 10/19/2011 9:21:52 PM | Computer Name = NicksLaptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 10/20/2011 9:24:52 PM | Computer Name = NicksLaptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:22:48 PM on ?10/?20/?2011 was unexpected.

Error - 10/21/2011 10:03:00 PM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/22/2011 8:40:42 AM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/22/2011 10:06:21 PM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/23/2011 12:16:02 PM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/24/2011 12:12:46 AM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/25/2011 10:13:18 AM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/26/2011 8:01:35 AM | Computer Name = NicksLaptop | Source = BROWSER | ID = 8032
Description =

Error - 10/26/2011 9:17:19 PM | Computer Name = NicksLaptop | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address C4-17-FE-61-A2-7F. Network operations
on this system may be disrupted as a result.


< End of report >

aswMBR:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-01 21:41:06
-----------------------------
21:41:06.314 OS Version: Windows x64 6.1.7600
21:41:06.314 Number of processors: 4 586 0x2505
21:41:06.330 ComputerName: NICKSLAPTOP UserName: Nick
21:41:08.420 Initialize success
21:45:48.550 AVAST engine defs: 11110103
21:46:09.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:09.626 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
21:46:09.657 Disk 0 MBR read successfully
21:46:09.657 Disk 0 MBR scan
21:46:09.673 Disk 0 Windows VISTA default MBR code
21:46:09.688 Service scanning
21:46:10.999 Modules scanning
21:46:10.999 Disk 0 trace - called modules:
21:46:11.045 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:46:11.045 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f9c060]
21:46:11.061 3 CLASSPNP.SYS[fffff880011c043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004973050]
21:46:12.387 AVAST engine scan C:\windows
21:46:14.368 AVAST engine scan C:\windows\system32
21:47:53.943 AVAST engine scan C:\windows\system32\drivers
21:48:06.688 AVAST engine scan C:\Users\Nick
21:48:07.468 File: C:\Users\Nick\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll **INFECTED** Win32:Kryptik-FKH [Trj]
21:48:47.982 File: C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}\{1939A9DC-B8BE-47C4-8025-483122B92244}Update\{1939A9DC-B8BE-47C4-8025-483122B92244}updt32.dll **INFECTED** Win32:Kryptik-FKH [Trj]
21:48:48.153 File: C:\Users\Nick\AppData\Local\ShellAdmin.dll **INFECTED** Win32:Trojan-gen
21:49:25.703 AVAST engine scan C:\ProgramData
21:49:26.623 File: C:\ProgramData\AppleBackupOnline.dll **INFECTED** Win32:Trojan-gen
21:50:14.952 Scan finished successfully
21:50:31.099 Disk 0 MBR has been saved successfully to "C:\Users\Nick\Desktop\MBR.dat"
21:50:31.114 The log file has been saved successfully to "C:\Users\Nick\Desktop\aswMBR.txt"
  • 0

#4
Homburg
Posted 02 November 2011 - 01:48 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

What are you using for an AntiVirus? I see you have some Norton files and CA on your laptop

Can you please do the following:


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]
[2011/10/26 21:55:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51}
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O4 - HKCU..\Run: [AppleBackupOnline] C:\ProgramData\AppleBackupOnline.dll (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

:Services

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files
ipconfig /flushdns /c
C:\Users\Nick\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll
C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}\{1939A9DC-B8BE-47C4-8025-483122B92244}Update\{1939A9DC-B8BE-47C4-8025-483122B92244}updt32.dll
C:\Users\Nick\AppData\Local\ShellAdmin.dll
C:\ProgramData\AppleBackupOnline.dll

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users (Important)
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Please delete the copy of TDSSkiller that you have and download the latest and run it:
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3:

Please remember to post the OTL fix log
New OTL QuickScan log
New TDSSkiller scan log

How is the Laptop running now?

Homburg
  • 0

#5
jnmarz30
Posted 02 November 2011 - 06:50 PM

jnmarz30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hello,

I am currently using CA as my virus protection. I had Norten until the free trial ran out. I thought I removed it but it must still be in the registry.
I followed your directions and now my laptop seems to be running much better. I did a few searches in Google and I did not get redirected at all. I will post the output files requested

OTL (fix):

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51}\defaults\preferences folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51}\defaults folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51}\chrome folder moved successfully.
C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\{7e24c860-7331-4363-bbf8-c560a09efe51} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AppleBackupOnline deleted successfully.
C:\ProgramData\AppleBackupOnline.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick\Downloads\cmd.bat deleted successfully.
C:\Users\Nick\Downloads\cmd.txt deleted successfully.
C:\Users\Nick\AppData\Local\Google\GoogleUpdate\Googleupdt32.dll moved successfully.
C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}\{1939A9DC-B8BE-47C4-8025-483122B92244}Update\{1939A9DC-B8BE-47C4-8025-483122B92244}updt32.dll moved successfully.
C:\Users\Nick\AppData\Local\ShellAdmin.dll moved successfully.
File\Folder C:\ProgramData\AppleBackupOnline.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nick
->Temp folder emptied: 49718536 bytes
->Temporary Internet Files folder emptied: 58198365 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 110134889 bytes
->Flash cache emptied: 2024 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11044 bytes

Total Files Cleaned = 208.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nick
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_201608

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nick\AppData\Local\Temp\~DF389E47730CC73888.TMP moved successfully.

Registry entries deleted on Reboot...

OTL (quick scan):

OTL logfile created on: 11/2/2011 8:25:14 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 55.23% Memory free
7.60 Gb Paging File | 5.76 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 404.56 Gb Free Space | 89.39% Space Free | Partition Type: NTFS
Drive D: | 7.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICKSLAPTOP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/10/28 18:17:44 | 000,181,712 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/10/28 18:17:40 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2011/06/14 13:23:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/22 16:40:00 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/09 10:51:54 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 12:41:06 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/27 22:20:08 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/07/02 01:27:14 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/07/02 01:27:12 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/30 04:11:44 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/10/28 18:17:40 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2011/06/14 13:23:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/12/21 01:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 13:40:00 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.5.60\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
DRV:64bit: - [2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/05/12 17:22:18 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/05/12 04:44:17 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/10 17:46:06 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/23 16:29:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/03/23 16:29:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 14:36:46 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/20 00:49:26 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV:64bit: - [2010/01/20 00:49:26 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/09/26 12:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/09/26 12:21:26 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]

IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2011/10/27 21:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 12:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/28 22:18:06 | 000,000,000 | ---D | M]

[2011/07/18 15:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/11/02 20:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions
[2011/06/03 00:17:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\[email protected]
[2011/06/03 00:17:13 | 000,001,919 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\searchplugins\bing-zugo.xml
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 12:41:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/10/03 12:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/11/02 20:21:02 | 000,000,138 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {145B445E-ABAD-4915-99B0-E243BE976E5f} - C:\Users\Nick\AppData\Local\ShellAdmin.dll File not found
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000..\Run: [AppleBackupOnline] rundll32.exe "C:\ProgramData\AppleBackupOnline.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..Trusted Domains: netflix.com ([movies] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B92D423-8611-4057-BD20-924E7D32BC5C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31D54A3-7432-41F0-AFC3-839D8B1C745A}: DhcpNameServer = 50.20.0.20 50.20.0.21
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - UmxWnp.Dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/03 11:25:53 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 20:16:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/31 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\GooredFix Backups
[2011/10/31 21:52:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/30 21:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/10/30 20:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/30 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/28 18:17:36 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/10/28 18:17:36 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/10/28 18:17:36 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/10/28 18:17:36 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/10/28 18:17:36 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/10/28 18:17:34 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/10/28 18:17:34 | 000,456,144 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/10/28 18:17:34 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/10/28 18:17:34 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/10/28 18:17:34 | 000,103,888 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/10/28 18:17:34 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/10/28 18:17:34 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/10/27 22:20:13 | 000,202,320 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:13 | 000,143,824 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:13 | 000,099,024 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:57:07 | 000,257,872 | ---- | C] (CA, Inc.) -- C:\windows\SysNative\isafprod64.dll
[2011/10/27 21:57:07 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\windows\SysWow64\Isafprod.dll
[2011/10/27 21:57:07 | 000,141,136 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Isafeif64.dll
[2011/10/27 21:57:07 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Isafeif.dll
[2011/10/27 21:57:07 | 000,103,760 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Vetredir64.dll
[2011/10/27 21:57:07 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Vetredir.dll
[2011/10/27 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA
[2011/10/27 21:56:29 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2011/10/27 21:56:20 | 002,990,096 | ---- | C] (PureSight Technologies Ltd) -- C:\windows\SysWow64\winsflte.dll
[2011/10/27 21:56:17 | 000,000,000 | ---D | C] -- C:\windows\rnapxs
[2011/10/27 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2011/10/27 21:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2011/10/27 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/10/27 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2011/10/19 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Oct19
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Apple Computer
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple Computer
[2011/10/16 23:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/16 23:06:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/10/16 23:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/16 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple
[2011/10/16 23:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/16 23:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/11 10:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/10/10 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Windows Live
[2011/10/10 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9D4D333E-13EC-4C29-8C80-A6765D92B248}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DAD21B9D-4709-43F0-A0A1-85C25769D375}
[2011/10/09 10:51:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/10/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/11/02 20:27:56 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 20:27:56 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/02 20:21:45 | 000,000,728 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/11/02 20:21:02 | 000,000,138 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/11/02 20:20:40 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/02 20:20:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/02 20:20:11 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/02 20:18:47 | 002,296,689 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/11/02 20:18:47 | 000,080,316 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/11/02 20:18:47 | 000,000,373 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/11/02 20:18:47 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/11/02 20:18:47 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/11/02 20:13:05 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 21:50:31 | 000,000,512 | ---- | M] () -- C:\Users\Nick\Desktop\MBR.dat
[2011/11/01 21:28:45 | 000,000,384 | ---- | M] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/10/30 20:52:40 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/28 18:17:36 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZComp5.dll
[2011/10/28 18:17:36 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZBase5.dll
[2011/10/28 18:17:36 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3HTUI5.dll
[2011/10/28 18:17:36 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3XDat5.dll
[2011/10/28 18:17:36 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\SZIO5.dll
[2011/10/28 18:17:34 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Base5.dll
[2011/10/28 18:17:34 | 000,456,144 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3DBA5.dll
[2011/10/28 18:17:34 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3UI5.dll
[2011/10/28 18:17:34 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Win325.dll
[2011/10/28 18:17:34 | 000,103,888 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Inet5.dll
[2011/10/28 18:17:34 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Svc5.dll
[2011/10/28 18:17:34 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\windows\SysWow64\IS3Hks5.dll
[2011/10/28 15:28:48 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/28 15:28:48 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/28 15:28:48 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:56:23 | 002,524,176 | ---- | M] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:23 | 001,744,912 | ---- | M] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/16 23:06:12 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/14 19:13:19 | 000,284,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/11 10:38:02 | 000,000,419 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:08:06 | 008,824,434 | ---- | M] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2011/11/02 20:21:17 | 000,000,728 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/11/01 21:50:31 | 000,000,512 | ---- | C] () -- C:\Users\Nick\Desktop\MBR.dat
[2011/10/30 21:34:07 | 000,000,384 | ---- | C] () -- C:\windows\SysWow64\drivers\kgpfr2.cfg
[2011/10/30 20:52:40 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/28 20:38:07 | 002,296,689 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/10/28 20:38:07 | 000,000,373 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/10/28 20:38:05 | 000,080,316 | ---- | C] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.dll
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysNative\cfgmig32.dll
[2011/10/27 21:57:12 | 000,263,504 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.exe
[2011/10/27 21:56:23 | 003,207,184 | ---- | C] () -- C:\windows\SysNative\mdmcls32.exe
[2011/10/27 21:56:21 | 004,108,304 | ---- | C] () -- C:\windows\SysWow64\win32cpr.dll
[2011/10/27 21:56:21 | 003,207,184 | ---- | C] () -- C:\windows\SysWow64\mdmcls32.exe
[2011/10/27 21:56:21 | 002,760,720 | ---- | C] () -- C:\windows\SysWow64\svcprs32.exe
[2011/10/27 21:56:21 | 002,524,176 | ---- | C] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:21 | 001,744,912 | ---- | C] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/27 21:56:21 | 000,289,296 | ---- | C] () -- C:\windows\SysNative\winsfinst.exe
[2011/10/27 21:56:21 | 000,098,320 | ---- | C] () -- C:\windows\SysWow64\winsfinst.exe
[2011/10/16 23:06:12 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/16 23:04:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/11 10:38:02 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:07:45 | 008,824,434 | ---- | C] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/05 23:01:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/02 22:45:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/05/22 14:22:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/19 10:46:50 | 000,000,235 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\devices.xml
[2011/05/19 10:46:50 | 000,000,012 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\settings.xml
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2011/06/13 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ICAClient
[2011/06/03 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PDFlite
[2011/11/02 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SoftGrid Client
[2011/05/19 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Tific
[2011/05/16 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Toshiba
[2011/06/05 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TP
[2011/05/16 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinBatch
[2011/10/20 21:24:53 | 000,032,596 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

TDS Killer:

20:37:52.0911 4980 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
20:37:53.0264 4980 ============================================================
20:37:53.0264 4980 Current date / time: 2011/11/02 20:37:53.0264
20:37:53.0264 4980 SystemInfo:
20:37:53.0265 4980
20:37:53.0265 4980 OS Version: 6.1.7600 ServicePack: 0.0
20:37:53.0265 4980 Product type: Workstation
20:37:53.0266 4980 ComputerName: NICKSLAPTOP
20:37:53.0266 4980 UserName: Nick
20:37:53.0266 4980 Windows directory: C:\windows
20:37:53.0266 4980 System windows directory: C:\windows
20:37:53.0266 4980 Running under WOW64
20:37:53.0267 4980 Processor architecture: Intel x64
20:37:53.0267 4980 Number of processors: 4
20:37:53.0267 4980 Page size: 0x1000
20:37:53.0267 4980 Boot type: Normal boot
20:37:53.0267 4980 ============================================================
20:37:53.0569 4980 Initialize success
20:38:45.0069 4656 ============================================================
20:38:45.0069 4656 Scan started
20:38:45.0069 4656 Mode: Manual; SigCheck; TDLFS;
20:38:45.0069 4656 ============================================================
20:38:45.0645 4656 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
20:38:45.0766 4656 1394ohci - ok
20:38:45.0915 4656 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:38:45.0954 4656 ACPI - ok
20:38:46.0087 4656 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:38:46.0160 4656 AcpiPmi - ok
20:38:46.0304 4656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:38:46.0343 4656 adp94xx - ok
20:38:46.0491 4656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:38:46.0525 4656 adpahci - ok
20:38:46.0660 4656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:38:46.0695 4656 adpu320 - ok
20:38:46.0830 4656 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:38:46.0903 4656 AFD - ok
20:38:47.0012 4656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:38:47.0030 4656 agp440 - ok
20:38:47.0156 4656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:38:47.0193 4656 aliide - ok
20:38:47.0301 4656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:38:47.0338 4656 amdide - ok
20:38:47.0448 4656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:38:47.0519 4656 AmdK8 - ok
20:38:47.0627 4656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:38:47.0693 4656 AmdPPM - ok
20:38:47.0802 4656 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:38:47.0842 4656 amdsata - ok
20:38:47.0959 4656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:38:47.0992 4656 amdsbs - ok
20:38:48.0104 4656 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:38:48.0138 4656 amdxata - ok
20:38:48.0249 4656 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:38:48.0337 4656 AppID - ok
20:38:48.0485 4656 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:38:48.0520 4656 arc - ok
20:38:48.0643 4656 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:38:48.0678 4656 arcsas - ok
20:38:48.0798 4656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:38:48.0888 4656 AsyncMac - ok
20:38:49.0012 4656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:38:49.0043 4656 atapi - ok
20:38:49.0181 4656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:38:49.0243 4656 b06bdrv - ok
20:38:49.0369 4656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:38:49.0420 4656 b57nd60a - ok
20:38:49.0609 4656 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
20:38:49.0728 4656 BCM43XX - ok
20:38:49.0884 4656 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:38:49.0975 4656 Beep - ok
20:38:50.0097 4656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:38:50.0141 4656 blbdrive - ok
20:38:50.0257 4656 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:38:50.0312 4656 bowser - ok
20:38:50.0428 4656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:38:50.0492 4656 BrFiltLo - ok
20:38:50.0595 4656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:38:50.0649 4656 BrFiltUp - ok
20:38:50.0783 4656 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\windows\system32\DRIVERS\BrSerIb.sys
20:38:50.0866 4656 BrSerIb - ok
20:38:50.0986 4656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:38:51.0051 4656 Brserid - ok
20:38:51.0163 4656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:38:51.0222 4656 BrSerWdm - ok
20:38:51.0341 4656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:38:51.0407 4656 BrUsbMdm - ok
20:38:51.0519 4656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:38:51.0579 4656 BrUsbSer - ok
20:38:51.0680 4656 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\windows\system32\DRIVERS\BrUsbSIb.sys
20:38:51.0727 4656 BrUsbSIb - ok
20:38:51.0843 4656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:38:51.0895 4656 BTHMODEM - ok
20:38:52.0034 4656 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:38:52.0123 4656 cdfs - ok
20:38:52.0236 4656 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:38:52.0292 4656 cdrom - ok
20:38:52.0420 4656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:38:52.0486 4656 circlass - ok
20:38:52.0583 4656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:38:52.0642 4656 CLFS - ok
20:38:52.0775 4656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:38:52.0834 4656 CmBatt - ok
20:38:52.0934 4656 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:38:52.0967 4656 cmdide - ok
20:38:53.0080 4656 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:38:53.0121 4656 CNG - ok
20:38:53.0244 4656 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
20:38:53.0286 4656 CnxtHdAudService - ok
20:38:53.0400 4656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:38:53.0435 4656 Compbatt - ok
20:38:53.0541 4656 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:38:53.0609 4656 CompositeBus - ok
20:38:53.0738 4656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:38:53.0773 4656 crcdisk - ok
20:38:53.0905 4656 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
20:38:53.0938 4656 ctxusbm - ok
20:38:54.0059 4656 dc3d (15c2afd86d8a58354fc100434c78b621) C:\windows\system32\DRIVERS\dc3d.sys
20:38:54.0115 4656 dc3d - ok
20:38:54.0240 4656 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:38:54.0299 4656 DfsC - ok
20:38:54.0428 4656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:38:54.0537 4656 discache - ok
20:38:54.0654 4656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:38:54.0694 4656 Disk - ok
20:38:54.0826 4656 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:38:54.0885 4656 drmkaud - ok
20:38:55.0003 4656 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:38:55.0050 4656 DXGKrnl - ok
20:38:55.0274 4656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:38:55.0417 4656 ebdrv - ok
20:38:55.0557 4656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:38:55.0609 4656 elxstor - ok
20:38:55.0723 4656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:38:55.0791 4656 ErrDev - ok
20:38:55.0906 4656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:38:55.0989 4656 exfat - ok
20:38:56.0100 4656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:38:56.0169 4656 fastfat - ok
20:38:56.0278 4656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:38:56.0349 4656 fdc - ok
20:38:56.0460 4656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:38:56.0497 4656 FileInfo - ok
20:38:56.0595 4656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:38:56.0647 4656 Filetrace - ok
20:38:56.0748 4656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:38:56.0779 4656 flpydisk - ok
20:38:56.0884 4656 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:38:56.0925 4656 FltMgr - ok
20:38:57.0039 4656 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:38:57.0075 4656 FsDepends - ok
20:38:57.0179 4656 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:38:57.0219 4656 Fs_Rec - ok
20:38:57.0334 4656 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:38:57.0378 4656 fvevol - ok
20:38:57.0482 4656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:38:57.0519 4656 gagp30kx - ok
20:38:57.0644 4656 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:38:57.0674 4656 GEARAspiWDM - ok
20:38:57.0799 4656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:38:57.0849 4656 hcw85cir - ok
20:38:57.0971 4656 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:38:58.0028 4656 HdAudAddService - ok
20:38:58.0144 4656 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:38:58.0209 4656 HDAudBus - ok
20:38:58.0325 4656 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:38:58.0362 4656 HECIx64 - ok
20:38:58.0457 4656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:38:58.0513 4656 HidBatt - ok
20:38:58.0617 4656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:38:58.0677 4656 HidBth - ok
20:38:58.0787 4656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:38:58.0849 4656 HidIr - ok
20:38:58.0958 4656 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:38:59.0017 4656 HidUsb - ok
20:38:59.0146 4656 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:38:59.0177 4656 HpSAMD - ok
20:38:59.0320 4656 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:38:59.0405 4656 HTTP - ok
20:38:59.0519 4656 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:38:59.0554 4656 hwpolicy - ok
20:38:59.0667 4656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:38:59.0714 4656 i8042prt - ok
20:38:59.0833 4656 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
20:38:59.0872 4656 iaStor - ok
20:38:59.0978 4656 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:39:00.0019 4656 iaStorV - ok
20:39:00.0426 4656 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:39:00.0775 4656 igfx - ok
20:39:00.0894 4656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:39:00.0922 4656 iirsp - ok
20:39:01.0035 4656 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:39:01.0089 4656 Impcd - ok
20:39:01.0221 4656 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:39:01.0273 4656 IntcDAud - ok
20:39:01.0383 4656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:39:01.0420 4656 intelide - ok
20:39:01.0527 4656 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:39:01.0596 4656 intelppm - ok
20:39:01.0732 4656 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:39:01.0836 4656 IpFilterDriver - ok
20:39:01.0956 4656 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:39:02.0013 4656 IPMIDRV - ok
20:39:02.0136 4656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:39:02.0264 4656 IPNAT - ok
20:39:02.0381 4656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:39:02.0421 4656 IRENUM - ok
20:39:02.0448 4656 is3srv - ok
20:39:02.0560 4656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:39:02.0598 4656 isapnp - ok
20:39:02.0696 4656 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:39:02.0744 4656 iScsiPrt - ok
20:39:02.0859 4656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:39:02.0899 4656 kbdclass - ok
20:39:03.0007 4656 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:39:03.0068 4656 kbdhid - ok
20:39:03.0175 4656 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\windows\system32\DRIVERS\kmxagent.sys
20:39:03.0216 4656 KmxAgent - ok
20:39:03.0320 4656 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\windows\system32\DRIVERS\KmxAMRT.sys
20:39:03.0353 4656 KmxAMRT - ok
20:39:03.0460 4656 KmxCF (54721e47b8350770332128fcffc7a460) C:\windows\system32\DRIVERS\KmxCF.sys
20:39:03.0496 4656 KmxCF - ok
20:39:03.0622 4656 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\windows\system32\DRIVERS\kmxcfg.sys
20:39:03.0672 4656 KmxCfg - ok
20:39:03.0765 4656 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\windows\system32\DRIVERS\KmxFile.sys
20:39:03.0795 4656 KmxFile - ok
20:39:03.0902 4656 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\windows\system32\DRIVERS\KmxFilter.sys
20:39:03.0940 4656 KmxFilter - ok
20:39:04.0038 4656 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\windows\system32\DRIVERS\kmxfw.sys
20:39:04.0082 4656 KmxFw - ok
20:39:04.0171 4656 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\windows\system32\DRIVERS\KmxSbx.sys
20:39:04.0209 4656 KmxSbx - ok
20:39:04.0312 4656 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:39:04.0360 4656 KSecDD - ok
20:39:04.0460 4656 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:39:04.0496 4656 KSecPkg - ok
20:39:04.0603 4656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:39:04.0684 4656 ksthunk - ok
20:39:04.0794 4656 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
20:39:04.0835 4656 L1C - ok
20:39:04.0949 4656 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:39:05.0047 4656 lltdio - ok
20:39:05.0193 4656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:39:05.0233 4656 LSI_FC - ok
20:39:05.0363 4656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:39:05.0400 4656 LSI_SAS - ok
20:39:05.0508 4656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:39:05.0545 4656 LSI_SAS2 - ok
20:39:05.0689 4656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:39:05.0719 4656 LSI_SCSI - ok
20:39:05.0838 4656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:39:05.0912 4656 luafv - ok
20:39:06.0027 4656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:39:06.0049 4656 megasas - ok
20:39:06.0158 4656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:39:06.0196 4656 MegaSR - ok
20:39:06.0291 4656 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:39:06.0388 4656 Modem - ok
20:39:06.0478 4656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:39:06.0531 4656 monitor - ok
20:39:06.0620 4656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:39:06.0657 4656 mouclass - ok
20:39:06.0759 4656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:39:06.0819 4656 mouhid - ok
20:39:06.0917 4656 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:39:06.0950 4656 mountmgr - ok
20:39:07.0036 4656 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:39:07.0075 4656 mpio - ok
20:39:07.0168 4656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:39:07.0259 4656 mpsdrv - ok
20:39:07.0353 4656 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:39:07.0411 4656 MRxDAV - ok
20:39:07.0514 4656 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:39:07.0568 4656 mrxsmb - ok
20:39:07.0679 4656 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:39:07.0748 4656 mrxsmb10 - ok
20:39:07.0842 4656 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:39:07.0903 4656 mrxsmb20 - ok
20:39:07.0997 4656 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
20:39:08.0036 4656 msahci - ok
20:39:08.0134 4656 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:39:08.0174 4656 msdsm - ok
20:39:08.0277 4656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:39:08.0348 4656 Msfs - ok
20:39:08.0448 4656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:39:08.0515 4656 mshidkmdf - ok
20:39:08.0608 4656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:39:08.0638 4656 msisadrv - ok
20:39:08.0751 4656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:39:08.0813 4656 MSKSSRV - ok
20:39:08.0918 4656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:39:08.0981 4656 MSPCLOCK - ok
20:39:09.0096 4656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:39:09.0172 4656 MSPQM - ok
20:39:09.0264 4656 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:39:09.0317 4656 MsRPC - ok
20:39:09.0406 4656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:39:09.0436 4656 mssmbios - ok
20:39:09.0541 4656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:39:09.0632 4656 MSTEE - ok
20:39:09.0730 4656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:39:09.0777 4656 MTConfig - ok
20:39:09.0874 4656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:39:09.0916 4656 Mup - ok
20:39:10.0045 4656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:39:10.0114 4656 NativeWifiP - ok
20:39:10.0234 4656 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:39:10.0286 4656 NDIS - ok
20:39:10.0382 4656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:39:10.0471 4656 NdisCap - ok
20:39:10.0576 4656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:39:10.0665 4656 NdisTapi - ok
20:39:10.0774 4656 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:39:10.0857 4656 Ndisuio - ok
20:39:10.0954 4656 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:39:11.0041 4656 NdisWan - ok
20:39:11.0154 4656 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:39:11.0252 4656 NDProxy - ok
20:39:11.0349 4656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:39:11.0447 4656 NetBIOS - ok
20:39:11.0542 4656 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:39:11.0635 4656 NetBT - ok
20:39:11.0754 4656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:39:11.0791 4656 nfrd960 - ok
20:39:11.0921 4656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:39:12.0009 4656 Npfs - ok
20:39:12.0103 4656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:39:12.0194 4656 nsiproxy - ok
20:39:12.0345 4656 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:39:12.0404 4656 Ntfs - ok
20:39:12.0493 4656 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:39:12.0602 4656 Null - ok
20:39:12.0715 4656 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:39:12.0762 4656 nvraid - ok
20:39:12.0878 4656 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:39:12.0917 4656 nvstor - ok
20:39:13.0025 4656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:39:13.0065 4656 nv_agp - ok
20:39:13.0165 4656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:39:13.0230 4656 ohci1394 - ok
20:39:13.0338 4656 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:39:13.0382 4656 Parport - ok
20:39:13.0467 4656 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:39:13.0512 4656 partmgr - ok
20:39:13.0603 4656 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
20:39:13.0645 4656 pci - ok
20:39:13.0736 4656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:39:13.0779 4656 pciide - ok
20:39:13.0876 4656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:39:13.0908 4656 pcmcia - ok
20:39:14.0002 4656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:39:14.0038 4656 pcw - ok
20:39:14.0144 4656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:39:14.0240 4656 PEAUTH - ok
20:39:14.0383 4656 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:39:14.0430 4656 PGEffect - ok
20:39:14.0557 4656 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:39:14.0666 4656 PptpMiniport - ok
20:39:14.0760 4656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:39:14.0827 4656 Processor - ok
20:39:14.0945 4656 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:39:15.0027 4656 Psched - ok
20:39:15.0151 4656 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
20:39:15.0196 4656 QIOMem - ok
20:39:15.0338 4656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:39:15.0405 4656 ql2300 - ok
20:39:15.0507 4656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:39:15.0554 4656 ql40xx - ok
20:39:15.0661 4656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:39:15.0733 4656 QWAVEdrv - ok
20:39:15.0863 4656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:39:15.0945 4656 RasAcd - ok
20:39:16.0060 4656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:39:16.0145 4656 RasAgileVpn - ok
20:39:16.0252 4656 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:39:16.0341 4656 Rasl2tp - ok
20:39:16.0453 4656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:39:16.0549 4656 RasPppoe - ok
20:39:16.0646 4656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:39:16.0752 4656 RasSstp - ok
20:39:16.0852 4656 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:39:16.0943 4656 rdbss - ok
20:39:17.0040 4656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:39:17.0096 4656 rdpbus - ok
20:39:17.0195 4656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:39:17.0270 4656 RDPCDD - ok
20:39:17.0376 4656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:39:17.0446 4656 RDPENCDD - ok
20:39:17.0554 4656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:39:17.0630 4656 RDPREFMP - ok
20:39:17.0723 4656 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:39:17.0825 4656 RDPWD - ok
20:39:17.0933 4656 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
20:39:17.0975 4656 rdyboost - ok
20:39:18.0099 4656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:39:18.0179 4656 rspndr - ok
20:39:18.0302 4656 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
20:39:18.0341 4656 RSUSBSTOR - ok
20:39:18.0443 4656 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:39:18.0481 4656 sbp2port - ok
20:39:18.0572 4656 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:39:18.0651 4656 scfilter - ok
20:39:18.0765 4656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:39:18.0851 4656 secdrv - ok
20:39:18.0961 4656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:39:19.0018 4656 Serenum - ok
20:39:19.0120 4656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:39:19.0166 4656 Serial - ok
20:39:19.0275 4656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:39:19.0326 4656 sermouse - ok
20:39:19.0431 4656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:39:19.0491 4656 sffdisk - ok
20:39:19.0587 4656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:39:19.0654 4656 sffp_mmc - ok
20:39:19.0754 4656 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:39:19.0810 4656 sffp_sd - ok
20:39:19.0910 4656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:39:19.0953 4656 sfloppy - ok
20:39:20.0087 4656 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:39:20.0134 4656 Sftfs - ok
20:39:20.0263 4656 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:39:20.0309 4656 Sftplay - ok
20:39:20.0414 4656 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:39:20.0454 4656 Sftredir - ok
20:39:20.0562 4656 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:39:20.0600 4656 Sftvol - ok
20:39:20.0733 4656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:39:20.0780 4656 SiSRaid2 - ok
20:39:20.0870 4656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:39:20.0913 4656 SiSRaid4 - ok
20:39:21.0006 4656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:39:21.0087 4656 Smb - ok
20:39:21.0209 4656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:39:21.0252 4656 spldr - ok
20:39:21.0379 4656 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:39:21.0439 4656 srv - ok
20:39:21.0539 4656 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:39:21.0611 4656 srv2 - ok
20:39:21.0723 4656 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
20:39:21.0776 4656 SrvHsfHDA - ok
20:39:21.0912 4656 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
20:39:21.0992 4656 SrvHsfV92 - ok
20:39:22.0101 4656 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
20:39:22.0168 4656 SrvHsfWinac - ok
20:39:22.0284 4656 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:39:22.0346 4656 srvnet - ok
20:39:22.0453 4656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:39:22.0498 4656 stexstor - ok
20:39:22.0607 4656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:39:22.0651 4656 swenum - ok
20:39:22.0762 4656 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:39:22.0815 4656 SynTP - ok
20:39:22.0834 4656 szkg5 - ok
20:39:22.0971 4656 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
20:39:23.0031 4656 Tcpip - ok
20:39:23.0172 4656 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
20:39:23.0246 4656 TCPIP6 - ok
20:39:23.0339 4656 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:39:23.0413 4656 tcpipreg - ok
20:39:23.0516 4656 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:39:23.0561 4656 tdcmdpst - ok
20:39:23.0651 4656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:39:23.0725 4656 TDPIPE - ok
20:39:23.0818 4656 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:39:23.0902 4656 TDTCP - ok
20:39:23.0999 4656 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:39:24.0086 4656 tdx - ok
20:39:24.0189 4656 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:39:24.0226 4656 TermDD - ok
20:39:24.0365 4656 Tosrfcom - ok
20:39:24.0468 4656 tosrfec (11699d47b3491d86249c168496d55c92) C:\windows\system32\DRIVERS\tosrfec.sys
20:39:24.0516 4656 tosrfec - ok
20:39:24.0612 4656 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:39:24.0710 4656 tssecsrv - ok
20:39:24.0814 4656 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:39:24.0921 4656 tunnel - ok
20:39:25.0036 4656 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:39:25.0084 4656 TVALZ - ok
20:39:25.0172 4656 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:39:25.0213 4656 TVALZFL - ok
20:39:25.0307 4656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:39:25.0361 4656 uagp35 - ok
20:39:25.0451 4656 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
20:39:25.0528 4656 udfs - ok
20:39:25.0628 4656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:39:25.0656 4656 uliagpkx - ok
20:39:25.0796 4656 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:39:25.0880 4656 umbus - ok
20:39:25.0985 4656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:39:26.0035 4656 UmPass - ok
20:39:26.0142 4656 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:39:26.0200 4656 usbccgp - ok
20:39:26.0313 4656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:39:26.0374 4656 usbcir - ok
20:39:26.0477 4656 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:39:26.0558 4656 usbehci - ok
20:39:26.0663 4656 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:39:26.0732 4656 usbhub - ok
20:39:26.0825 4656 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:39:26.0888 4656 usbohci - ok
20:39:26.0981 4656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:39:27.0036 4656 usbprint - ok
20:39:27.0146 4656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:39:27.0215 4656 usbscan - ok
20:39:27.0307 4656 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:39:27.0359 4656 USBSTOR - ok
20:39:27.0460 4656 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:39:27.0535 4656 usbuhci - ok
20:39:27.0647 4656 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:39:27.0712 4656 usbvideo - ok
20:39:27.0833 4656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:39:27.0874 4656 vdrvroot - ok
20:39:27.0982 4656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:39:28.0041 4656 vga - ok
20:39:28.0143 4656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:39:28.0229 4656 VgaSave - ok
20:39:28.0322 4656 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:39:28.0371 4656 vhdmp - ok
20:39:28.0465 4656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:39:28.0502 4656 viaide - ok
20:39:28.0610 4656 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:39:28.0662 4656 volmgr - ok
20:39:28.0761 4656 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:39:28.0803 4656 volmgrx - ok
20:39:28.0897 4656 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:39:28.0941 4656 volsnap - ok
20:39:29.0047 4656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:39:29.0101 4656 vsmraid - ok
20:39:29.0195 4656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:39:29.0255 4656 vwifibus - ok
20:39:29.0362 4656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:39:29.0441 4656 vwififlt - ok
20:39:29.0539 4656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:39:29.0621 4656 WacomPen - ok
20:39:29.0719 4656 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:39:29.0790 4656 WANARP - ok
20:39:29.0801 4656 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:39:29.0855 4656 Wanarpv6 - ok
20:39:29.0972 4656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:39:30.0016 4656 Wd - ok
20:39:30.0123 4656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:39:30.0175 4656 Wdf01000 - ok
20:39:30.0280 4656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:39:30.0385 4656 WfpLwf - ok
20:39:30.0486 4656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:39:30.0524 4656 WIMMount - ok
20:39:30.0649 4656 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
20:39:30.0737 4656 WinUsb - ok
20:39:30.0857 4656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:39:30.0930 4656 WmiAcpi - ok
20:39:31.0049 4656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:39:31.0140 4656 ws2ifsl - ok
20:39:31.0242 4656 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:39:31.0320 4656 WudfPf - ok
20:39:31.0425 4656 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:39:31.0507 4656 WUDFRd - ok
20:39:31.0654 4656 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys
20:39:31.0729 4656 xnacc - ok
20:39:31.0759 4656 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:39:32.0617 4656 \Device\Harddisk0\DR0 - ok
20:39:32.0645 4656 Boot (0x1200) (0c80e75223ad68866696b5837df22cac) \Device\Harddisk0\DR0\Partition0
20:39:32.0646 4656 \Device\Harddisk0\DR0\Partition0 - ok
20:39:32.0649 4656 ============================================================
20:39:32.0649 4656 Scan finished
20:39:32.0649 4656 ============================================================
20:39:32.0659 4940 Detected object count: 0
20:39:32.0659 4940 Actual detected object count: 0
20:39:53.0569 1416 ============================================================
20:39:53.0569 1416 Scan started
20:39:53.0570 1416 Mode: Manual; SigCheck; TDLFS;
20:39:53.0570 1416 ============================================================
20:39:53.0846 1416 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
20:39:53.0902 1416 1394ohci - ok
20:39:54.0037 1416 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
20:39:54.0077 1416 ACPI - ok
20:39:54.0188 1416 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
20:39:54.0230 1416 AcpiPmi - ok
20:39:54.0339 1416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:39:54.0380 1416 adp94xx - ok
20:39:54.0491 1416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:39:54.0526 1416 adpahci - ok
20:39:54.0628 1416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:39:54.0660 1416 adpu320 - ok
20:39:54.0765 1416 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
20:39:54.0811 1416 AFD - ok
20:39:54.0912 1416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
20:39:54.0947 1416 agp440 - ok
20:39:55.0046 1416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
20:39:55.0079 1416 aliide - ok
20:39:55.0180 1416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
20:39:55.0213 1416 amdide - ok
20:39:55.0315 1416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:39:55.0361 1416 AmdK8 - ok
20:39:55.0461 1416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:39:55.0508 1416 AmdPPM - ok
20:39:55.0613 1416 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
20:39:55.0645 1416 amdsata - ok
20:39:55.0771 1416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:39:55.0811 1416 amdsbs - ok
20:39:55.0916 1416 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
20:39:55.0953 1416 amdxata - ok
20:39:56.0061 1416 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
20:39:56.0117 1416 AppID - ok
20:39:56.0230 1416 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:39:56.0264 1416 arc - ok
20:39:56.0377 1416 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:39:56.0413 1416 arcsas - ok
20:39:56.0510 1416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:39:56.0583 1416 AsyncMac - ok
20:39:56.0679 1416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
20:39:56.0713 1416 atapi - ok
20:39:56.0827 1416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:39:56.0869 1416 b06bdrv - ok
20:39:56.0980 1416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:39:57.0024 1416 b57nd60a - ok
20:39:57.0188 1416 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
20:39:57.0253 1416 BCM43XX - ok
20:39:57.0361 1416 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:39:57.0425 1416 Beep - ok
20:39:57.0519 1416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:39:57.0559 1416 blbdrive - ok
20:39:57.0657 1416 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
20:39:57.0701 1416 bowser - ok
20:39:57.0805 1416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:39:57.0851 1416 BrFiltLo - ok
20:39:57.0950 1416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:39:58.0003 1416 BrFiltUp - ok
20:39:58.0105 1416 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\windows\system32\DRIVERS\BrSerIb.sys
20:39:58.0147 1416 BrSerIb - ok
20:39:58.0252 1416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:39:58.0295 1416 Brserid - ok
20:39:58.0396 1416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:39:58.0440 1416 BrSerWdm - ok
20:39:58.0540 1416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:39:58.0590 1416 BrUsbMdm - ok
20:39:58.0696 1416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:39:58.0738 1416 BrUsbSer - ok
20:39:58.0835 1416 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\windows\system32\DRIVERS\BrUsbSIb.sys
20:39:58.0875 1416 BrUsbSIb - ok
20:39:58.0987 1416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:39:59.0032 1416 BTHMODEM - ok
20:39:59.0156 1416 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:39:59.0225 1416 cdfs - ok
20:39:59.0324 1416 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
20:39:59.0379 1416 cdrom - ok
20:39:59.0486 1416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:39:59.0534 1416 circlass - ok
20:39:59.0628 1416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:39:59.0670 1416 CLFS - ok
20:39:59.0776 1416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:39:59.0828 1416 CmBatt - ok
20:39:59.0924 1416 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
20:39:59.0956 1416 cmdide - ok
20:40:00.0070 1416 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
20:40:00.0112 1416 CNG - ok
20:40:00.0222 1416 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
20:40:00.0262 1416 CnxtHdAudService - ok
20:40:00.0356 1416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:40:00.0386 1416 Compbatt - ok
20:40:00.0486 1416 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
20:40:00.0542 1416 CompositeBus - ok
20:40:00.0650 1416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:40:00.0684 1416 crcdisk - ok
20:40:00.0806 1416 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
20:40:00.0842 1416 ctxusbm - ok
20:40:00.0949 1416 dc3d (15c2afd86d8a58354fc100434c78b621) C:\windows\system32\DRIVERS\dc3d.sys
20:40:00.0988 1416 dc3d - ok
20:40:01.0096 1416 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
20:40:01.0138 1416 DfsC - ok
20:40:01.0240 1416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:40:01.0308 1416 discache - ok
20:40:01.0399 1416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:40:01.0431 1416 Disk - ok
20:40:01.0538 1416 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:40:01.0581 1416 drmkaud - ok
20:40:01.0716 1416 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
20:40:01.0778 1416 DXGKrnl - ok
20:40:01.0964 1416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:40:02.0027 1416 ebdrv - ok
20:40:02.0147 1416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:40:02.0186 1416 elxstor - ok
20:40:02.0290 1416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
20:40:02.0332 1416 ErrDev - ok
20:40:02.0440 1416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:40:02.0520 1416 exfat - ok
20:40:02.0635 1416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:40:02.0705 1416 fastfat - ok
20:40:02.0801 1416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:40:02.0853 1416 fdc - ok
20:40:02.0961 1416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:40:02.0994 1416 FileInfo - ok
20:40:03.0096 1416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:40:03.0172 1416 Filetrace - ok
20:40:03.0270 1416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:40:03.0313 1416 flpydisk - ok
20:40:03.0418 1416 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
20:40:03.0462 1416 FltMgr - ok
20:40:03.0573 1416 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:40:03.0609 1416 FsDepends - ok
20:40:03.0702 1416 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:40:03.0741 1416 Fs_Rec - ok
20:40:03.0835 1416 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
20:40:03.0881 1416 fvevol - ok
20:40:03.0983 1416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:40:04.0024 1416 gagp30kx - ok
20:40:04.0122 1416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:40:04.0147 1416 GEARAspiWDM - ok
20:40:04.0255 1416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:40:04.0302 1416 hcw85cir - ok
20:40:04.0416 1416 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
20:40:04.0461 1416 HdAudAddService - ok
20:40:04.0567 1416 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:40:04.0618 1416 HDAudBus - ok
20:40:04.0714 1416 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:40:04.0751 1416 HECIx64 - ok
20:40:04.0847 1416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:40:04.0887 1416 HidBatt - ok
20:40:04.0996 1416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:40:05.0052 1416 HidBth - ok
20:40:05.0154 1416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:40:05.0200 1416 HidIr - ok
20:40:05.0303 1416 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
20:40:05.0351 1416 HidUsb - ok
20:40:05.0458 1416 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
20:40:05.0496 1416 HpSAMD - ok
20:40:05.0610 1416 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
20:40:05.0687 1416 HTTP - ok
20:40:05.0797 1416 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
20:40:05.0835 1416 hwpolicy - ok
20:40:05.0935 1416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:40:05.0984 1416 i8042prt - ok
20:40:06.0090 1416 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
20:40:06.0135 1416 iaStor - ok
20:40:06.0234 1416 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
20:40:06.0286 1416 iaStorV - ok
20:40:06.0604 1416 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\windows\system32\DRIVERS\igdkmd64.sys
20:40:06.0746 1416 igfx - ok
20:40:06.0884 1416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:40:06.0915 1416 iirsp - ok
20:40:07.0013 1416 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
20:40:07.0059 1416 Impcd - ok
20:40:07.0165 1416 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\windows\system32\DRIVERS\IntcDAud.sys
20:40:07.0207 1416 IntcDAud - ok
20:40:07.0306 1416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
20:40:07.0341 1416 intelide - ok
20:40:07.0450 1416 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:40:07.0493 1416 intelppm - ok
20:40:07.0600 1416 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:40:07.0668 1416 IpFilterDriver - ok
20:40:07.0768 1416 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:40:07.0817 1416 IPMIDRV - ok
20:40:07.0914 1416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:40:07.0983 1416 IPNAT - ok
20:40:08.0082 1416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:40:08.0129 1416 IRENUM - ok
20:40:08.0140 1416 is3srv - ok
20:40:08.0239 1416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
20:40:08.0274 1416 isapnp - ok
20:40:08.0375 1416 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
20:40:08.0419 1416 iScsiPrt - ok
20:40:08.0527 1416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:40:08.0569 1416 kbdclass - ok
20:40:08.0674 1416 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
20:40:08.0712 1416 kbdhid - ok
20:40:08.0820 1416 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\windows\system32\DRIVERS\kmxagent.sys
20:40:08.0851 1416 KmxAgent - ok
20:40:08.0943 1416 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\windows\system32\DRIVERS\KmxAMRT.sys
20:40:08.0981 1416 KmxAMRT - ok
20:40:09.0095 1416 KmxCF (54721e47b8350770332128fcffc7a460) C:\windows\system32\DRIVERS\KmxCF.sys
20:40:09.0130 1416 KmxCF - ok
20:40:09.0245 1416 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\windows\system32\DRIVERS\kmxcfg.sys
20:40:09.0284 1416 KmxCfg - ok
20:40:09.0377 1416 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\windows\system32\DRIVERS\KmxFile.sys
20:40:09.0411 1416 KmxFile - ok
20:40:09.0514 1416 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\windows\system32\DRIVERS\KmxFilter.sys
20:40:09.0550 1416 KmxFilter - ok
20:40:09.0650 1416 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\windows\system32\DRIVERS\kmxfw.sys
20:40:09.0685 1416 KmxFw - ok
20:40:09.0772 1416 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\windows\system32\DRIVERS\KmxSbx.sys
20:40:09.0807 1416 KmxSbx - ok
20:40:09.0902 1416 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
20:40:09.0944 1416 KSecDD - ok
20:40:10.0049 1416 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
20:40:10.0094 1416 KSecPkg - ok
20:40:10.0182 1416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:40:10.0262 1416 ksthunk - ok
20:40:10.0351 1416 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
20:40:10.0390 1416 L1C - ok
20:40:10.0495 1416 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:40:10.0569 1416 lltdio - ok
20:40:10.0660 1416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:40:10.0696 1416 LSI_FC - ok
20:40:10.0830 1416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:40:10.0873 1416 LSI_SAS - ok
20:40:10.0975 1416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:40:11.0021 1416 LSI_SAS2 - ok
20:40:11.0123 1416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:40:11.0170 1416 LSI_SCSI - ok
20:40:11.0261 1416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:40:11.0333 1416 luafv - ok
20:40:11.0428 1416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:40:11.0469 1416 megasas - ok
20:40:11.0571 1416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:40:11.0614 1416 MegaSR - ok
20:40:11.0703 1416 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:40:11.0770 1416 Modem - ok
20:40:11.0857 1416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:40:11.0920 1416 monitor - ok
20:40:12.0010 1416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:40:12.0049 1416 mouclass - ok
20:40:12.0137 1416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:40:12.0182 1416 mouhid - ok
20:40:12.0273 1416 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
20:40:12.0312 1416 mountmgr - ok
20:40:12.0403 1416 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
20:40:12.0442 1416 mpio - ok
20:40:12.0534 1416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:40:12.0607 1416 mpsdrv - ok
20:40:12.0697 1416 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
20:40:12.0745 1416 MRxDAV - ok
20:40:12.0848 1416 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
20:40:12.0888 1416 mrxsmb - ok
20:40:13.0001 1416 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:40:13.0062 1416 mrxsmb10 - ok
20:40:13.0153 1416 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:40:13.0200 1416 mrxsmb20 - ok
20:40:13.0297 1416 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\DRIVERS\msahci.sys
20:40:13.0332 1416 msahci - ok
20:40:13.0434 1416 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
20:40:13.0474 1416 msdsm - ok
20:40:13.0566 1416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:40:13.0641 1416 Msfs - ok
20:40:13.0725 1416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:40:13.0802 1416 mshidkmdf - ok
20:40:13.0897 1416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
20:40:13.0937 1416 msisadrv - ok
20:40:14.0029 1416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:40:14.0100 1416 MSKSSRV - ok
20:40:14.0195 1416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:40:14.0264 1416 MSPCLOCK - ok
20:40:14.0362 1416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:40:14.0439 1416 MSPQM - ok
20:40:14.0530 1416 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
20:40:14.0573 1416 MsRPC - ok
20:40:14.0661 1416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:40:14.0709 1416 mssmbios - ok
20:40:14.0796 1416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:40:14.0868 1416 MSTEE - ok
20:40:14.0963 1416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:40:15.0014 1416 MTConfig - ok
20:40:15.0106 1416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:40:15.0144 1416 Mup - ok
20:40:15.0246 1416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:40:15.0297 1416 NativeWifiP - ok
20:40:15.0401 1416 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
20:40:15.0452 1416 NDIS - ok
20:40:15.0537 1416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:40:15.0617 1416 NdisCap - ok
20:40:15.0709 1416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:40:15.0782 1416 NdisTapi - ok
20:40:15.0873 1416 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
20:40:15.0955 1416 Ndisuio - ok
20:40:16.0054 1416 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
20:40:16.0124 1416 NdisWan - ok
20:40:16.0220 1416 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
20:40:16.0310 1416 NDProxy - ok
20:40:16.0405 1416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:40:16.0480 1416 NetBIOS - ok
20:40:16.0575 1416 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
20:40:16.0656 1416 NetBT - ok
20:40:16.0754 1416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:40:16.0792 1416 nfrd960 - ok
20:40:16.0888 1416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:40:16.0961 1416 Npfs - ok
20:40:17.0048 1416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:40:17.0114 1416 nsiproxy - ok
20:40:17.0258 1416 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
20:40:17.0315 1416 Ntfs - ok
20:40:17.0405 1416 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:40:17.0497 1416 Null - ok
20:40:17.0593 1416 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
20:40:17.0640 1416 nvraid - ok
20:40:17.0734 1416 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
20:40:17.0771 1416 nvstor - ok
20:40:17.0870 1416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
20:40:17.0913 1416 nv_agp - ok
20:40:18.0010 1416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
20:40:18.0059 1416 ohci1394 - ok
20:40:18.0160 1416 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:40:18.0212 1416 Parport - ok
20:40:18.0301 1416 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
20:40:18.0351 1416 partmgr - ok
20:40:18.0448 1416 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
20:40:18.0497 1416 pci - ok
20:40:18.0581 1416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
20:40:18.0621 1416 pciide - ok
20:40:18.0722 1416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:40:18.0766 1416 pcmcia - ok
20:40:18.0858 1416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:40:18.0898 1416 pcw - ok
20:40:19.0011 1416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:40:19.0097 1416 PEAUTH - ok
20:40:19.0206 1416 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
20:40:19.0243 1416 PGEffect - ok
20:40:19.0357 1416 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
20:40:19.0430 1416 PptpMiniport - ok
20:40:19.0516 1416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:40:19.0563 1416 Processor - ok
20:40:19.0668 1416 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
20:40:19.0744 1416 Psched - ok
20:40:19.0841 1416 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
20:40:19.0886 1416 QIOMem - ok
20:40:20.0003 1416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:40:20.0058 1416 ql2300 - ok
20:40:20.0152 1416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:40:20.0202 1416 ql40xx - ok
20:40:20.0295 1416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:40:20.0350 1416 QWAVEdrv - ok
20:40:20.0441 1416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:40:20.0513 1416 RasAcd - ok
20:40:20.0616 1416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:40:20.0697 1416 RasAgileVpn - ok
20:40:20.0820 1416 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
20:40:20.0897 1416 Rasl2tp - ok
20:40:20.0998 1416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:40:21.0071 1416 RasPppoe - ok
20:40:21.0158 1416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:40:21.0235 1416 RasSstp - ok
20:40:21.0330 1416 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
20:40:21.0414 1416 rdbss - ok
20:40:21.0508 1416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:40:21.0556 1416 rdpbus - ok
20:40:21.0651 1416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:40:21.0728 1416 RDPCDD - ok
20:40:21.0821 1416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:40:21.0882 1416 RDPENCDD - ok
20:40:21.0977 1416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:40:22.0036 1416 RDPREFMP - ok
20:40:22.0135 1416 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
20:40:22.0229 1416 RDPWD - ok
20:40:22.0322 1416 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
20:40:22.0366 1416 rdyboost - ok
20:40:22.0478 1416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:40:22.0563 1416 rspndr - ok
20:40:22.0658 1416 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
20:40:22.0701 1416 RSUSBSTOR - ok
20:40:22.0800 1416 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
20:40:22.0847 1416 sbp2port - ok
20:40:22.0939 1416 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
20:40:23.0014 1416 scfilter - ok
20:40:23.0110 1416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:40:23.0185 1416 secdrv - ok
20:40:23.0284 1416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:40:23.0333 1416 Serenum - ok
20:40:23.0431 1416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:40:23.0481 1416 Serial - ok
20:40:23.0576 1416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:40:23.0628 1416 sermouse - ok
20:40:23.0732 1416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
20:40:23.0777 1416 sffdisk - ok
20:40:23.0888 1416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:40:23.0936 1416 sffp_mmc - ok
20:40:24.0055 1416 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
20:40:24.0104 1416 sffp_sd - ok
20:40:24.0199 1416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:40:24.0249 1416 sfloppy - ok
20:40:24.0366 1416 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:40:24.0415 1416 Sftfs - ok
20:40:24.0519 1416 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:40:24.0557 1416 Sftplay - ok
20:40:24.0659 1416 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:40:24.0701 1416 Sftredir - ok
20:40:24.0808 1416 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:40:24.0850 1416 Sftvol - ok
20:40:24.0956 1416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:40:25.0004 1416 SiSRaid2 - ok
20:40:25.0094 1416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:40:25.0150 1416 SiSRaid4 - ok
20:40:25.0240 1416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:40:25.0315 1416 Smb - ok
20:40:25.0421 1416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:40:25.0468 1416 spldr - ok
20:40:25.0591 1416 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
20:40:25.0640 1416 srv - ok
20:40:25.0750 1416 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
20:40:25.0804 1416 srv2 - ok
20:40:25.0901 1416 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
20:40:25.0949 1416 SrvHsfHDA - ok
20:40:26.0080 1416 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
20:40:26.0148 1416 SrvHsfV92 - ok
20:40:26.0257 1416 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
20:40:26.0311 1416 SrvHsfWinac - ok
20:40:26.0419 1416 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
20:40:26.0476 1416 srvnet - ok
20:40:26.0576 1416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:40:26.0624 1416 stexstor - ok
20:40:26.0719 1416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:40:26.0761 1416 swenum - ok
20:40:26.0874 1416 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
20:40:26.0918 1416 SynTP - ok
20:40:26.0922 1416 szkg5 - ok
20:40:27.0060 1416 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
20:40:27.0121 1416 Tcpip - ok
20:40:27.0257 1416 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
20:40:27.0320 1416 TCPIP6 - ok
20:40:27.0418 1416 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
20:40:27.0493 1416 tcpipreg - ok
20:40:27.0583 1416 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:40:27.0622 1416 tdcmdpst - ok
20:40:27.0719 1416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:40:27.0802 1416 TDPIPE - ok
20:40:27.0897 1416 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:40:27.0973 1416 TDTCP - ok
20:40:28.0067 1416 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
20:40:28.0143 1416 tdx - ok
20:40:28.0245 1416 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
20:40:28.0299 1416 TermDD - ok
20:40:28.0388 1416 Tosrfcom - ok
20:40:28.0480 1416 tosrfec (11699d47b3491d86249c168496d55c92) C:\windows\system32\DRIVERS\tosrfec.sys
20:40:28.0529 1416 tosrfec - ok
20:40:28.0634 1416 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
20:40:28.0708 1416 tssecsrv - ok
20:40:28.0791 1416 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
20:40:28.0867 1416 tunnel - ok
20:40:28.0969 1416 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:40:29.0019 1416 TVALZ - ok
20:40:29.0105 1416 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
20:40:29.0147 1416 TVALZFL - ok
20:40:29.0240 1416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:40:29.0292 1416 uagp35 - ok
20:40:29.0386 1416 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
20:40:29.0462 1416 udfs - ok
20:40:29.0562 1416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
20:40:29.0605 1416 uliagpkx - ok
20:40:29.0696 1416 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
20:40:29.0747 1416 umbus - ok
20:40:29.0840 1416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:40:29.0894 1416 UmPass - ok
20:40:29.0997 1416 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
20:40:30.0050 1416 usbccgp - ok
20:40:30.0146 1416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
20:40:30.0201 1416 usbcir - ok
20:40:30.0298 1416 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
20:40:30.0344 1416 usbehci - ok
20:40:30.0441 1416 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
20:40:30.0493 1416 usbhub - ok
20:40:30.0580 1416 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
20:40:30.0630 1416 usbohci - ok
20:40:30.0726 1416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:40:30.0778 1416 usbprint - ok
20:40:30.0890 1416 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:40:30.0952 1416 usbscan - ok
20:40:31.0051 1416 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:40:31.0101 1416 USBSTOR - ok
20:40:31.0193 1416 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
20:40:31.0248 1416 usbuhci - ok
20:40:31.0347 1416 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
20:40:31.0401 1416 usbvideo - ok
20:40:31.0500 1416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
20:40:31.0546 1416 vdrvroot - ok
20:40:31.0637 1416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:40:31.0692 1416 vga - ok
20:40:31.0787 1416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:40:31.0865 1416 VgaSave - ok
20:40:31.0966 1416 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
20:40:32.0011 1416 vhdmp - ok
20:40:32.0109 1416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
20:40:32.0156 1416 viaide - ok
20:40:32.0254 1416 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
20:40:32.0299 1416 volmgr - ok
20:40:32.0405 1416 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
20:40:32.0450 1416 volmgrx - ok
20:40:32.0541 1416 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
20:40:32.0578 1416 volsnap - ok
20:40:32.0681 1416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:40:32.0726 1416 vsmraid - ok
20:40:32.0817 1416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:40:32.0872 1416 vwifibus - ok
20:40:32.0962 1416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:40:33.0004 1416 vwififlt - ok
20:40:33.0106 1416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:40:33.0158 1416 WacomPen - ok
20:40:33.0252 1416 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:40:33.0335 1416 WANARP - ok
20:40:33.0338 1416 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
20:40:33.0393 1416 Wanarpv6 - ok
20:40:33.0494 1416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:40:33.0537 1416 Wd - ok
20:40:33.0645 1416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:40:33.0695 1416 Wdf01000 - ok
20:40:33.0791 1416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:40:33.0860 1416 WfpLwf - ok
20:40:33.0952 1416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:40:34.0002 1416 WIMMount - ok
20:40:34.0115 1416 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
20:40:34.0185 1416 WinUsb - ok
20:40:34.0279 1416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:40:34.0336 1416 WmiAcpi - ok
20:40:34.0437 1416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:40:34.0521 1416 ws2ifsl - ok
20:40:34.0621 1416 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
20:40:34.0697 1416 WudfPf - ok
20:40:34.0792 1416 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
20:40:34.0863 1416 WUDFRd - ok
20:40:34.0990 1416 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\windows\system32\DRIVERS\xnacc.sys
20:40:35.0051 1416 xnacc - ok
20:40:35.0071 1416 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:40:35.0962 1416 \Device\Harddisk0\DR0 - ok
20:40:36.0001 1416 Boot (0x1200) (0c80e75223ad68866696b5837df22cac) \Device\Harddisk0\DR0\Partition0
20:40:36.0003 1416 \Device\Harddisk0\DR0\Partition0 - ok
20:40:36.0003 1416 ============================================================
20:40:36.0004 1416 Scan finished
20:40:36.0004 1416 ============================================================
20:40:36.0018 5972 Detected object count: 0
20:40:36.0018 5972 Actual detected object count: 0
20:40:40.0130 5796 Deinitialize success
  • 0

#6
Homburg
Posted 03 November 2011 - 12:51 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

looking good so far, we'll remove whats left of Norton, another quick OTL fix and a couple of follow up scans.

Please do the following:


Step 1:

Download the Norton removal tool here, select which version you had and follow the instructions.


Step 2:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5E 44 5B 14 AD AB 15 49 99 B0 E2 43 BE 97 6E 5F [binary data]
O4 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000..\Run: [AppleBackupOnline] rundll32.exe "C:\ProgramData\AppleBackupOnline.dll",DllRegisterServer File not found

:Services

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 3:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediantly.


Step 4:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please remember to post:
The OTL fix log
New OTL QuickScan log
MalwareBytes scan
E-Set online scan

Homburg
  • 0

#7
jnmarz30
Posted 04 November 2011 - 05:23 AM

jnmarz30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OK, I ran everything you requested and here are my output files:

OTL (fix)

All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AppleBackupOnline not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nick
->Temp folder emptied: 43966920 bytes
->Temporary Internet Files folder emptied: 4071483 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 153840719 bytes
->Flash cache emptied: 1491 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 46017120 bytes

Total Files Cleaned = 236.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nick
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_220702

Files\Folders moved on Reboot...
C:\Users\Nick\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

OTL (quick scan)

OTL logfile created on: 11/3/2011 10:13:30 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nick\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.49 Gb Available Physical Memory | 65.52% Memory free
7.60 Gb Paging File | 6.19 Gb Available in Paging File | 81.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.58 Gb Total Space | 405.27 Gb Free Space | 89.55% Space Free | Partition Type: NTFS
Drive D: | 7.28 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NICKSLAPTOP | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:25:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2011/10/03 12:41:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/09 10:51:54 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 12:41:06 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/27 22:20:08 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/07/02 01:27:14 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/07/02 01:27:12 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/30 04:11:44 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2010/12/21 01:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/21 13:40:00 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
DRV:64bit: - [2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/05/12 17:22:18 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
DRV:64bit: - [2011/05/12 04:44:17 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/10 17:46:06 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/04/08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/23 16:29:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
DRV:64bit: - [2011/03/23 16:29:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 14:36:46 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 20:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/22 21:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/20 00:49:26 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV:64bit: - [2010/01/20 00:49:26 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 01:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/15 16:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.toshiba.com/g/
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2011/10/27 21:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/03 12:41:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/28 22:18:06 | 000,000,000 | ---D | M]

[2011/07/18 15:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Extensions
[2011/11/02 20:16:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions
[2011/06/03 00:17:13 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\extensions\[email protected]
[2011/06/03 00:17:13 | 000,001,919 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\0ddflzfc.default\searchplugins\bing-zugo.xml
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/22 14:20:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/03 12:41:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/09/12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2009/09/12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2009/09/12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2009/09/12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2009/09/12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2009/09/12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011/10/03 12:41:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/11/02 20:21:02 | 000,000,138 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ˙ž1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Reg Error: Value error.) - {145B445E-ABAD-4915-99B0-E243BE976E5f} - C:\Users\Nick\AppData\Local\ShellAdmin.dll File not found
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\..Trusted Domains: netflix.com ([movies] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B92D423-8611-4057-BD20-924E7D32BC5C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31D54A3-7432-41F0-AFC3-839D8B1C745A}: DhcpNameServer = 50.20.0.20 50.20.0.21
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) -UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) -c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - UmxWnp.Dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/03 11:25:53 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-341986527-4208126819-2906341753-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/02 21:29:25 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/11/02 20:16:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/31 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\GooredFix Backups
[2011/10/31 21:52:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/30 21:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/10/30 19:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/27 22:20:13 | 000,202,320 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:13 | 000,143,824 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:13 | 000,099,024 | ---- | C] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:57:07 | 000,257,872 | ---- | C] (CA, Inc.) -- C:\windows\SysNative\isafprod64.dll
[2011/10/27 21:57:07 | 000,206,160 | ---- | C] (CA, Inc.) -- C:\windows\SysWow64\Isafprod.dll
[2011/10/27 21:57:07 | 000,141,136 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Isafeif64.dll
[2011/10/27 21:57:07 | 000,128,336 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Isafeif.dll
[2011/10/27 21:57:07 | 000,103,760 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysNative\Vetredir64.dll
[2011/10/27 21:57:07 | 000,095,568 | ---- | C] (Computer Associates International, Inc.) -- C:\windows\SysWow64\Vetredir.dll
[2011/10/27 21:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA
[2011/10/27 21:56:29 | 000,000,000 | -H-D | C] -- C:\Config.msi
[2011/10/27 21:56:20 | 002,990,096 | ---- | C] (PureSight Technologies Ltd) -- C:\windows\SysWow64\winsflte.dll
[2011/10/27 21:56:17 | 000,000,000 | ---D | C] -- C:\windows\rnapxs
[2011/10/27 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\ISSThirdParty
[2011/10/27 21:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CA
[2011/10/27 21:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2011/10/27 20:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CA
[2011/10/19 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Nick\Desktop\Oct19
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Apple Computer
[2011/10/16 23:06:15 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple Computer
[2011/10/16 23:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/16 23:06:03 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/10/16 23:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/16 23:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/16 23:04:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Apple
[2011/10/16 23:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/16 23:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/16 23:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/11 10:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2011/10/10 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Windows Live
[2011/10/10 15:36:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{9D4D333E-13EC-4C29-8C80-A6765D92B248}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Old{1939A9DC-B8BE-47C4-8025-483122B92244}
[2011/10/10 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\{DAD21B9D-4709-43F0-A0A1-85C25769D375}
[2011/10/09 10:51:15 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2011/10/09 10:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/11/03 22:18:33 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 22:18:33 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/03 22:11:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/03 22:11:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/03 22:10:56 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/03 22:09:20 | 000,000,373 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/11/03 22:09:20 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/11/03 22:09:20 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/11/03 22:09:19 | 002,303,865 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/11/03 22:09:19 | 000,082,220 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/11/03 21:58:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/02 20:21:45 | 000,000,728 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/11/02 20:21:02 | 000,000,138 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2011/10/28 15:28:48 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/28 15:28:48 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/28 15:28:48 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/27 22:20:08 | 000,202,320 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxCF.sys
[2011/10/27 22:20:08 | 000,143,824 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFw.sys
[2011/10/27 22:20:08 | 000,099,024 | ---- | M] (CA) -- C:\windows\SysNative\drivers\KmxFilter.sys
[2011/10/27 21:56:23 | 002,524,176 | ---- | M] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:23 | 001,744,912 | ---- | M] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/16 23:06:12 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/14 19:13:19 | 000,284,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/10/11 10:38:02 | 000,000,419 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:08:06 | 008,824,434 | ---- | M] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2011/11/02 21:33:32 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/11/02 20:21:17 | 000,000,728 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2011/10/28 20:38:07 | 002,303,865 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
[2011/10/28 20:38:07 | 000,000,373 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
[2011/10/28 20:38:07 | 000,000,085 | ---- | C] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
[2011/10/28 20:38:07 | 000,000,049 | ---- | C] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
[2011/10/28 20:38:05 | 000,082,220 | ---- | C] () -- C:\windows\SysNative\drivers\KmxAgent.asc
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.dll
[2011/10/27 21:57:12 | 001,422,672 | ---- | C] () -- C:\windows\SysNative\cfgmig32.dll
[2011/10/27 21:57:12 | 000,263,504 | ---- | C] () -- C:\windows\SysWow64\cfgmig32.exe
[2011/10/27 21:56:23 | 003,207,184 | ---- | C] () -- C:\windows\SysNative\mdmcls32.exe
[2011/10/27 21:56:21 | 004,108,304 | ---- | C] () -- C:\windows\SysWow64\win32cpr.dll
[2011/10/27 21:56:21 | 003,207,184 | ---- | C] () -- C:\windows\SysWow64\mdmcls32.exe
[2011/10/27 21:56:21 | 002,760,720 | ---- | C] () -- C:\windows\SysWow64\svcprs32.exe
[2011/10/27 21:56:21 | 002,524,176 | ---- | C] () -- C:\windows\SysNative\winsflt.dll
[2011/10/27 21:56:21 | 001,744,912 | ---- | C] () -- C:\windows\SysWow64\winsflt.dll
[2011/10/27 21:56:21 | 000,289,296 | ---- | C] () -- C:\windows\SysNative\winsfinst.exe
[2011/10/27 21:56:21 | 000,098,320 | ---- | C] () -- C:\windows\SysWow64\winsfinst.exe
[2011/10/16 23:06:12 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/16 23:04:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/11 10:38:02 | 000,000,419 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/10/10 16:07:45 | 008,824,434 | ---- | C] () -- C:\Users\Nick\Desktop\Columbus Day.wmv
[2011/10/10 15:34:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/06/05 23:01:07 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/02 22:45:41 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011/05/22 14:22:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/19 10:46:50 | 000,000,235 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\devices.xml
[2011/05/19 10:46:50 | 000,000,012 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\settings.xml
[2010/07/29 08:08:46 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/07/29 08:08:44 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/07/29 08:08:42 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/07/29 07:14:38 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/07/29 07:14:38 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2011/06/13 22:16:53 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ICAClient
[2011/06/03 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PDFlite
[2011/11/02 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\SoftGrid Client
[2011/05/19 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Tific
[2011/05/16 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Toshiba
[2011/06/05 23:01:56 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TP
[2011/05/16 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WinBatch
[2011/10/20 21:24:53 | 000,032,596 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

mbam:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/3/2011 10:33:31 PM
mbam-log-2011-11-03 (22-33-31).txt

Scan type: Quick scan
Objects scanned: 175172
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEB04B5E-C981-47A9-B847-33EE4C92F6B9} (PUP.Magoo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also ran ESET, but there wasn't a log file created. It removed 4 malware and I rebooted but a .log file was not created.
  • 0

#8
Homburg
Posted 04 November 2011 - 06:30 AM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Have you had anymore redirects?
  • 0

#9
jnmarz30
Posted 07 November 2011 - 05:44 PM

jnmarz30

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I have not had anymore redirects. Thank you very much for the help!!
  • 0

#10
Homburg
Posted 08 November 2011 - 01:36 PM

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

Your PC is now clean :)

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Reset SR Points/Clean up with OTL:
  • Double-click OTL to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
[ClearAllRestorePoints]
  • Return to OTL, right-click in the Custom Scans/Fixes window and choose Paste.
  • Then click the Run Fix button.
  • Let the program run unhindered. When finished click on OK and close the log that appears.
  • Note: I do not need to review the log produced.
  • Now close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore Points and create a new clean one.


Next

Please delete any remaining logs from your desktop.


Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.


JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.


Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.

To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :yes:

Homburg.
  • 0

#11
Essexboy
Posted 14 November 2011 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP