HI Ron, I appreciate your help. Logs below,ComboFix did its thing up to deleting files then seemed to hang so I had to reboot and there was no log. Everything else was ok. Let me know if there is anything else needed. Thanks again. Keith
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 19:44:32
-----------------------------
19:44:32.667 OS Version: Windows 6.0.6002 Service Pack 2
19:44:32.667 Number of processors: 2 586 0x170A
19:44:32.668 ComputerName: KEITH-PC UserName: Keith
19:44:37.642 Initialize success
19:44:38.132 AVAST engine defs: 12050800
19:45:02.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:45:02.289 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
19:45:02.306 Disk 0 MBR read successfully
19:45:02.314 Disk 0 MBR scan
19:45:02.321 Disk 0 Windows VISTA default MBR code
19:45:02.339 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:45:02.358 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
19:45:02.381 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
19:45:02.416 Disk 0 scanning sectors +488395120
19:45:02.515 Disk 0 scanning C:\Windows\system32\drivers
19:45:13.619 Service scanning
19:45:56.403 Modules scanning
19:46:15.680 AVAST engine scan C:\Windows
19:46:18.604 AVAST engine scan C:\Windows\system32
19:49:12.588 AVAST engine scan C:\Windows\system32\drivers
19:49:34.493 AVAST engine scan C:\Users\Keith
19:54:50.987 Disk 0 MBR has been saved successfully to "C:\Users\Keith\Desktop\MBR.dat"
19:54:51.006 The log file has been saved successfully to "C:\Users\Keith\Desktop\aswMBR.txt"
22:40:12.0918 5708 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:40:14.0930 5708 ============================================================
22:40:14.0930 5708 Current date / time: 2012/05/08 22:40:14.0930
22:40:14.0930 5708 SystemInfo:
22:40:14.0930 5708
22:40:14.0930 5708 OS Version: 6.0.6002 ServicePack: 2.0
22:40:14.0930 5708 Product type: Workstation
22:40:14.0930 5708 ComputerName: KEITH-PC
22:40:14.0930 5708 UserName: Keith
22:40:14.0930 5708 Windows directory: C:\Windows
22:40:14.0930 5708 System windows directory: C:\Windows
22:40:14.0930 5708 Processor architecture: Intel x86
22:40:14.0930 5708 Number of processors: 2
22:40:14.0930 5708 Page size: 0x1000
22:40:14.0930 5708 Boot type: Normal boot
22:40:14.0930 5708 ============================================================
22:40:15.0554 5708 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:40:15.0554 5708 ============================================================
22:40:15.0554 5708 \Device\Harddisk0\DR0:
22:40:15.0554 5708 MBR partitions:
22:40:15.0554 5708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
22:40:15.0554 5708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
22:40:15.0554 5708 ============================================================
22:40:15.0570 5708 C: <-> \Device\Harddisk0\DR0\Partition0
22:40:15.0616 5708 E: <-> \Device\Harddisk0\DR0\Partition1
22:40:15.0616 5708 ============================================================
22:40:15.0616 5708 Initialize success
22:40:15.0616 5708 ============================================================
22:40:34.0867 5968 ============================================================
22:40:34.0867 5968 Scan started
22:40:34.0867 5968 Mode: Manual;
22:40:34.0867 5968 ============================================================
22:40:35.0522 5968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:40:35.0522 5968 ACPI - ok
22:40:35.0631 5968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:35.0631 5968 AdobeARMservice - ok
22:40:35.0725 5968 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:35.0725 5968 AdobeFlashPlayerUpdateSvc - ok
22:40:35.0772 5968 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:40:35.0787 5968 adp94xx - ok
22:40:35.0803 5968 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:40:35.0818 5968 adpahci - ok
22:40:35.0818 5968 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:40:35.0834 5968 adpu160m - ok
22:40:35.0865 5968 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:40:35.0865 5968 adpu320 - ok
22:40:35.0896 5968 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:40:35.0912 5968 AeLookupSvc - ok
22:40:35.0959 5968 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:40:35.0959 5968 AFD - ok
22:40:35.0990 5968 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
22:40:35.0990 5968 AgereModemAudio - ok
22:40:36.0068 5968 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
22:40:36.0084 5968 AgereSoftModem - ok
22:40:36.0099 5968 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:40:36.0099 5968 agp440 - ok
22:40:36.0130 5968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:40:36.0130 5968 aic78xx - ok
22:40:36.0162 5968 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:40:36.0162 5968 ALG - ok
22:40:36.0193 5968 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:40:36.0193 5968 aliide - ok
22:40:36.0224 5968 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:40:36.0224 5968 amdagp - ok
22:40:36.0240 5968 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:40:36.0240 5968 amdide - ok
22:40:36.0255 5968 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:40:36.0271 5968 AmdK7 - ok
22:40:36.0286 5968 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:40:36.0302 5968 AmdK8 - ok
22:40:36.0333 5968 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:40:36.0333 5968 Appinfo - ok
22:40:36.0458 5968 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:36.0458 5968 Apple Mobile Device - ok
22:40:36.0520 5968 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:40:36.0520 5968 arc - ok
22:40:36.0583 5968 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:40:36.0583 5968 arcsas - ok
22:40:36.0630 5968 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
22:40:36.0645 5968 aswFsBlk - ok
22:40:36.0645 5968 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
22:40:36.0661 5968 aswMonFlt - ok
22:40:36.0692 5968 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
22:40:36.0692 5968 aswRdr - ok
22:40:36.0739 5968 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
22:40:36.0754 5968 aswSnx - ok
22:40:36.0817 5968 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
22:40:36.0817 5968 aswSP - ok
22:40:36.0832 5968 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
22:40:36.0832 5968 aswTdi - ok
22:40:36.0848 5968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:36.0848 5968 AsyncMac - ok
22:40:36.0895 5968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:40:36.0895 5968 atapi - ok
22:40:37.0004 5968 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
22:40:37.0020 5968 athr - ok
22:40:37.0066 5968 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:40:37.0066 5968 AudioEndpointBuilder - ok
22:40:37.0082 5968 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:40:37.0082 5968 Audiosrv - ok
22:40:37.0207 5968 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:40:37.0207 5968 avast! Antivirus - ok
22:40:37.0269 5968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:40:37.0269 5968 Beep - ok
22:40:37.0332 5968 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:40:37.0332 5968 BFE - ok
22:40:37.0410 5968 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
22:40:37.0425 5968 BITS - ok
22:40:37.0456 5968 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:40:37.0456 5968 blbdrive - ok
22:40:37.0550 5968 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:40:37.0566 5968 Bonjour Service - ok
22:40:37.0612 5968 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:40:37.0612 5968 bowser - ok
22:40:37.0644 5968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:40:37.0644 5968 BrFiltLo - ok
22:40:37.0659 5968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:40:37.0675 5968 BrFiltUp - ok
22:40:37.0722 5968 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:40:37.0722 5968 Browser - ok
22:40:37.0753 5968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:40:37.0753 5968 Brserid - ok
22:40:37.0784 5968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:40:37.0784 5968 BrSerWdm - ok
22:40:37.0800 5968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:40:37.0800 5968 BrUsbMdm - ok
22:40:37.0815 5968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:40:37.0815 5968 BrUsbSer - ok
22:40:37.0862 5968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:40:37.0862 5968 BTHMODEM - ok
22:40:37.0971 5968 catchme - ok
22:40:38.0049 5968 ccSet_NST (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys
22:40:38.0049 5968 ccSet_NST - ok
22:40:38.0096 5968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:38.0096 5968 cdfs - ok
22:40:38.0143 5968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:38.0143 5968 cdrom - ok
22:40:38.0158 5968 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:40:38.0158 5968 CertPropSvc - ok
22:40:38.0190 5968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:40:38.0205 5968 circlass - ok
22:40:38.0236 5968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:40:38.0236 5968 CLFS - ok
22:40:38.0314 5968 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:38.0314 5968 clr_optimization_v2.0.50727_32 - ok
22:40:38.0361 5968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:38.0392 5968 clr_optimization_v4.0.30319_32 - ok
22:40:38.0439 5968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:38.0439 5968 CmBatt - ok
22:40:38.0470 5968 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:40:38.0470 5968 cmdide - ok
22:40:38.0486 5968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:38.0502 5968 Compbatt - ok
22:40:38.0502 5968 COMSysApp - ok
22:40:38.0580 5968 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:40:38.0580 5968 ConfigFree Service - ok
22:40:38.0580 5968 cpuz132 - ok
22:40:38.0611 5968 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:40:38.0611 5968 crcdisk - ok
22:40:38.0626 5968 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:40:38.0626 5968 Crusoe - ok
22:40:38.0673 5968 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:40:38.0673 5968 CryptSvc - ok
22:40:38.0751 5968 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:40:38.0751 5968 DcomLaunch - ok
22:40:38.0798 5968 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:40:38.0798 5968 DfsC - ok
22:40:38.0923 5968 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:40:38.0938 5968 DFSR - ok
22:40:39.0094 5968 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
22:40:39.0094 5968 dgderdrv - ok
22:40:39.0126 5968 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
22:40:39.0126 5968 dg_ssudbus - ok
22:40:39.0188 5968 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:40:39.0188 5968 Dhcp - ok
22:40:39.0235 5968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:40:39.0235 5968 disk - ok
22:40:39.0297 5968 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:40:39.0313 5968 Dnscache - ok
22:40:39.0360 5968 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:40:39.0375 5968 dot3svc - ok
22:40:39.0406 5968 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:40:39.0406 5968 Dot4 - ok
22:40:39.0422 5968 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:40:39.0422 5968 Dot4Print - ok
22:40:39.0438 5968 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:40:39.0438 5968 dot4usb - ok
22:40:39.0469 5968 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:40:39.0484 5968 DPS - ok
22:40:39.0516 5968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:40:39.0516 5968 drmkaud - ok
22:40:39.0547 5968 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
22:40:39.0547 5968 dsNcAdpt - ok
22:40:39.0625 5968 dsNcService (f5a1ce6e6bf5bb28c067494ad9402624) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
22:40:39.0625 5968 dsNcService - ok
22:40:39.0687 5968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:39.0703 5968 DXGKrnl - ok
22:40:39.0734 5968 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:40:39.0734 5968 E1G60 - ok
22:40:39.0765 5968 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:40:39.0765 5968 EapHost - ok
22:40:39.0812 5968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:40:39.0812 5968 Ecache - ok
22:40:39.0890 5968 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:40:39.0906 5968 ehRecvr - ok
22:40:39.0921 5968 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:40:39.0921 5968 ehSched - ok
22:40:39.0968 5968 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:40:39.0968 5968 ehstart - ok
22:40:40.0015 5968 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:40:40.0015 5968 elxstor - ok
22:40:40.0077 5968 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:40:40.0077 5968 EMDMgmt - ok
22:40:40.0108 5968 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:40:40.0108 5968 ErrDev - ok
22:40:40.0171 5968 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:40:40.0171 5968 EventSystem - ok
22:40:40.0202 5968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:40:40.0218 5968 exfat - ok
22:40:40.0264 5968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:40:40.0264 5968 fastfat - ok
22:40:40.0296 5968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:40:40.0296 5968 fdc - ok
22:40:40.0311 5968 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:40:40.0327 5968 fdPHost - ok
22:40:40.0342 5968 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:40:40.0342 5968 FDResPub - ok
22:40:40.0342 5968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:40:40.0358 5968 FileInfo - ok
22:40:40.0374 5968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:40:40.0374 5968 Filetrace - ok
22:40:40.0420 5968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:40.0420 5968 flpydisk - ok
22:40:40.0483 5968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:40:40.0483 5968 FltMgr - ok
22:40:40.0561 5968 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:40:40.0561 5968 FontCache - ok
22:40:40.0623 5968 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:40.0623 5968 FontCache3.0.0.0 - ok
22:40:40.0670 5968 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:40.0670 5968 Fs_Rec - ok
22:40:40.0701 5968 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:40:40.0701 5968 FwLnk - ok
22:40:40.0732 5968 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:40:40.0732 5968 gagp30kx - ok
22:40:40.0764 5968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:40.0764 5968 GEARAspiWDM - ok
22:40:40.0857 5968 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:40:40.0857 5968 GoogleDesktopManager-051210-111108 - ok
22:40:40.0920 5968 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:40:40.0920 5968 gpsvc - ok
22:40:40.0998 5968 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:40.0998 5968 gupdate - ok
22:40:41.0013 5968 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:41.0013 5968 gupdatem - ok
22:40:41.0044 5968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:40:41.0044 5968 gusvc - ok
22:40:41.0107 5968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:40:41.0107 5968 HdAudAddService - ok
22:40:41.0154 5968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:41.0169 5968 HDAudBus - ok
22:40:41.0200 5968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:40:41.0200 5968 HidBth - ok
22:40:41.0232 5968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:40:41.0232 5968 HidIr - ok
22:40:41.0294 5968 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
22:40:41.0294 5968 hidserv - ok
22:40:41.0325 5968 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
22:40:41.0325 5968 HidUsb - ok
22:40:41.0372 5968 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:40:41.0372 5968 hkmsvc - ok
22:40:41.0403 5968 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:40:41.0403 5968 HpCISSs - ok
22:40:41.0466 5968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:40:41.0481 5968 HTTP - ok
22:40:41.0512 5968 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:40:41.0512 5968 i2omp - ok
22:40:41.0528 5968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:41.0528 5968 i8042prt - ok
22:40:41.0575 5968 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:40:41.0575 5968 iaStor - ok
22:40:41.0622 5968 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:40:41.0622 5968 iaStorV - ok
22:40:41.0715 5968 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:40:41.0715 5968 IDriverT - ok
22:40:41.0793 5968 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:41.0809 5968 idsvc - ok
22:40:41.0934 5968 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:40:41.0965 5968 igfx - ok
22:40:42.0058 5968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:40:42.0058 5968 iirsp - ok
22:40:42.0121 5968 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:40:42.0136 5968 IKEEXT - ok
22:40:42.0246 5968 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:40:42.0277 5968 IntcAzAudAddService - ok
22:40:42.0480 5968 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:40:42.0480 5968 intelide - ok
22:40:42.0511 5968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:42.0511 5968 intelppm - ok
22:40:42.0558 5968 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:40:42.0558 5968 IPBusEnum - ok
22:40:42.0589 5968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:42.0589 5968 IpFilterDriver - ok
22:40:42.0636 5968 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:40:42.0636 5968 iphlpsvc - ok
22:40:42.0636 5968 IpInIp - ok
22:40:42.0698 5968 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:40:42.0698 5968 IPMIDRV - ok
22:40:42.0760 5968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:40:42.0760 5968 IPNAT - ok
22:40:42.0870 5968 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:40:42.0885 5968 iPod Service - ok
22:40:42.0932 5968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:40:42.0932 5968 IRENUM - ok
22:40:42.0963 5968 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:40:42.0963 5968 isapnp - ok
22:40:43.0026 5968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:40:43.0026 5968 iScsiPrt - ok
22:40:43.0119 5968 ISWKL (d3ef8cd04b45cc0ac1fbef7c200dbbb4) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:40:43.0135 5968 ISWKL - ok
22:40:43.0197 5968 IswSvc (a3af544146034b8fa950aa1fbff025dc) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:40:43.0197 5968 IswSvc - ok
22:40:43.0228 5968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:40:43.0228 5968 iteatapi - ok
22:40:43.0260 5968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:40:43.0260 5968 iteraid - ok
22:40:43.0369 5968 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
22:40:43.0384 5968 jswpsapi - ok
22:40:43.0416 5968 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:40:43.0416 5968 jswpslwf - ok
22:40:43.0447 5968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:43.0462 5968 kbdclass - ok
22:40:43.0478 5968 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:40:43.0478 5968 kbdhid - ok
22:40:43.0525 5968 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:43.0540 5968 KeyIso - ok
22:40:43.0587 5968 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:40:43.0603 5968 KSecDD - ok
22:40:43.0650 5968 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:40:43.0650 5968 KtmRm - ok
22:40:43.0696 5968 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
22:40:43.0696 5968 LanmanServer - ok
22:40:43.0728 5968 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:40:43.0743 5968 LanmanWorkstation - ok
22:40:43.0774 5968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:43.0774 5968 lltdio - ok
22:40:43.0821 5968 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:40:43.0837 5968 lltdsvc - ok
22:40:43.0852 5968 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:40:43.0852 5968 lmhosts - ok
22:40:43.0884 5968 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:40:43.0884 5968 LSI_FC - ok
22:40:43.0915 5968 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:40:43.0915 5968 LSI_SAS - ok
22:40:43.0946 5968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:40:43.0946 5968 LSI_SCSI - ok
22:40:43.0977 5968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:40:43.0977 5968 luafv - ok
22:40:44.0008 5968 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:40:44.0008 5968 MBAMProtector - ok
22:40:44.0133 5968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:44.0133 5968 MBAMService - ok
22:40:44.0180 5968 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:40:44.0180 5968 Mcx2Svc - ok
22:40:44.0211 5968 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:40:44.0211 5968 megasas - ok
22:40:44.0242 5968 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:40:44.0242 5968 MegaSR - ok
22:40:44.0289 5968 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:44.0289 5968 MMCSS - ok
22:40:44.0305 5968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:40:44.0305 5968 Modem - ok
22:40:44.0320 5968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:40:44.0336 5968 monitor - ok
22:40:44.0336 5968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:44.0336 5968 mouclass - ok
22:40:44.0367 5968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
22:40:44.0367 5968 mouhid - ok
22:40:44.0383 5968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:40:44.0383 5968 MountMgr - ok
22:40:44.0554 5968 MozillaMaintenance (2926d017af09b10bc3d76ea1130599c4) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:40:44.0554 5968 MozillaMaintenance - ok
22:40:44.0601 5968 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:40:44.0601 5968 mpio - ok
22:40:44.0632 5968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:40:44.0632 5968 mpsdrv - ok
22:40:44.0695 5968 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:40:44.0710 5968 MpsSvc - ok
22:40:44.0742 5968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:40:44.0742 5968 Mraid35x - ok
22:40:44.0788 5968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:40:44.0788 5968 MRxDAV - ok
22:40:44.0820 5968 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:44.0820 5968 mrxsmb - ok
22:40:44.0866 5968 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:44.0866 5968 mrxsmb10 - ok
22:40:44.0882 5968 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:44.0882 5968 mrxsmb20 - ok
22:40:44.0898 5968 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:40:44.0898 5968 msahci - ok
22:40:44.0976 5968 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:40:44.0976 5968 MSCSPTISRV - ok
22:40:45.0007 5968 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:40:45.0007 5968 msdsm - ok
22:40:45.0054 5968 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:40:45.0054 5968 MSDTC - ok
22:40:45.0085 5968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:40:45.0085 5968 Msfs - ok
22:40:45.0132 5968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:40:45.0132 5968 msisadrv - ok
22:40:45.0178 5968 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:40:45.0178 5968 MSiSCSI - ok
22:40:45.0178 5968 msiserver - ok
22:40:45.0225 5968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:45.0225 5968 MSKSSRV - ok
22:40:45.0256 5968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:45.0256 5968 MSPCLOCK - ok
22:40:45.0288 5968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:40:45.0288 5968 MSPQM - ok
22:40:45.0319 5968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:40:45.0334 5968 MsRPC - ok
22:40:45.0381 5968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:45.0381 5968 mssmbios - ok
22:40:45.0428 5968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:40:45.0428 5968 MSTEE - ok
22:40:45.0459 5968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:40:45.0475 5968 Mup - ok
22:40:45.0522 5968 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:40:45.0522 5968 napagent - ok
22:40:45.0584 5968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:45.0584 5968 NativeWifiP - ok
22:40:45.0646 5968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:40:45.0646 5968 NDIS - ok
22:40:45.0678 5968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:45.0678 5968 NdisTapi - ok
22:40:45.0693 5968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:45.0693 5968 Ndisuio - ok
22:40:45.0724 5968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:45.0740 5968 NdisWan - ok
22:40:45.0756 5968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:40:45.0756 5968 NDProxy - ok
22:40:45.0771 5968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:40:45.0771 5968 NetBIOS - ok
22:40:45.0818 5968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:40:45.0818 5968 netbt - ok
22:40:45.0865 5968 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:45.0865 5968 Netlogon - ok
22:40:45.0912 5968 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:40:45.0912 5968 Netman - ok
22:40:45.0943 5968 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:40:45.0943 5968 netprofm - ok
22:40:46.0005 5968 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:46.0005 5968 NetTcpPortSharing - ok
22:40:46.0052 5968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:40:46.0052 5968 nfrd960 - ok
22:40:46.0083 5968 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:40:46.0083 5968 NlaSvc - ok
22:40:46.0146 5968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:40:46.0146 5968 Npfs - ok
22:40:46.0161 5968 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:40:46.0161 5968 nsi - ok
22:40:46.0208 5968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:40:46.0208 5968 nsiproxy - ok
22:40:46.0302 5968 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
22:40:46.0302 5968 NSL - ok
22:40:46.0426 5968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:40:46.0442 5968 Ntfs - ok
22:40:46.0473 5968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:40:46.0473 5968 ntrigdigi - ok
22:40:46.0504 5968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:40:46.0504 5968 Null - ok
22:40:46.0520 5968 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:40:46.0520 5968 nvraid - ok
22:40:46.0551 5968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:40:46.0551 5968 nvstor - ok
22:40:46.0598 5968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:40:46.0598 5968 nv_agp - ok
22:40:46.0598 5968 NwlnkFlt - ok
22:40:46.0614 5968 NwlnkFwd - ok
22:40:46.0645 5968 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:40:46.0645 5968 ohci1394 - ok
22:40:46.0707 5968 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:46.0723 5968 p2pimsvc - ok
22:40:46.0738 5968 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:46.0754 5968 p2psvc - ok
22:40:46.0816 5968 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:40:46.0816 5968 PACSPTISVR - ok
22:40:46.0863 5968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:40:46.0863 5968 Parport - ok
22:40:46.0926 5968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:40:46.0926 5968 partmgr - ok
22:40:46.0972 5968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:40:46.0972 5968 Parvdm - ok
22:40:47.0004 5968 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:40:47.0019 5968 PcaSvc - ok
22:40:47.0066 5968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:40:47.0066 5968 pci - ok
22:40:47.0097 5968 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:40:47.0097 5968 pciide - ok
22:40:47.0144 5968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:40:47.0144 5968 pcmcia - ok
22:40:47.0206 5968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:40:47.0222 5968 PEAUTH - ok
22:40:47.0316 5968 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:40:47.0331 5968 pla - ok
22:40:47.0456 5968 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:40:47.0456 5968 PlugPlay - ok
22:40:47.0518 5968 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:47.0534 5968 PNRPAutoReg - ok
22:40:47.0534 5968 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:47.0550 5968 PNRPsvc - ok
22:40:47.0643 5968 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:40:47.0659 5968 PolicyAgent - ok
22:40:47.0721 5968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:47.0721 5968 PptpMiniport - ok
22:40:47.0737 5968 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:40:47.0752 5968 Processor - ok
22:40:47.0846 5968 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:40:47.0862 5968 ProfSvc - ok
22:40:47.0893 5968 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:47.0908 5968 ProtectedStorage - ok
22:40:47.0955 5968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:40:47.0955 5968 PSched - ok
22:40:47.0971 5968 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:40:47.0971 5968 PxHelp20 - ok
22:40:48.0049 5968 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:40:48.0064 5968 ql2300 - ok
22:40:48.0096 5968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:40:48.0096 5968 ql40xx - ok
22:40:48.0142 5968 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:40:48.0158 5968 QWAVE - ok
22:40:48.0189 5968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:40:48.0189 5968 QWAVEdrv - ok
22:40:48.0330 5968 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:40:48.0330 5968 RapportCerberus_34302 - ok
22:40:48.0439 5968 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:40:48.0439 5968 RapportEI - ok
22:40:48.0439 5968 RapportKELL - ok
22:40:48.0532 5968 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
22:40:48.0532 5968 RapportMgmtService - ok
22:40:48.0595 5968 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:40:48.0595 5968 RapportPG - ok
22:40:48.0688 5968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:48.0688 5968 RasAcd - ok
22:40:48.0751 5968 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:40:48.0766 5968 RasAuto - ok
22:40:48.0782 5968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:48.0782 5968 Rasl2tp - ok
22:40:48.0844 5968 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:40:48.0844 5968 RasMan - ok
22:40:48.0891 5968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:48.0907 5968 RasPppoe - ok
22:40:48.0938 5968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:48.0954 5968 RasSstp - ok
22:40:48.0985 5968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:48.0985 5968 rdbss - ok
22:40:49.0032 5968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:49.0032 5968 RDPCDD - ok
22:40:49.0078 5968 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:40:49.0078 5968 rdpdr - ok
22:40:49.0094 5968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:40:49.0094 5968 RDPENCDD - ok
22:40:49.0203 5968 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:40:49.0203 5968 RDPWD - ok
22:40:49.0250 5968 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:40:49.0250 5968 RemoteAccess - ok
22:40:49.0297 5968 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:40:49.0297 5968 RemoteRegistry - ok
22:40:49.0328 5968 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:40:49.0328 5968 RpcLocator - ok
22:40:49.0390 5968 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
22:40:49.0406 5968 RpcSs - ok
22:40:49.0437 5968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:49.0437 5968 rspndr - ok
22:40:49.0468 5968 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:40:49.0468 5968 RTL8169 - ok
22:40:49.0500 5968 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:40:49.0500 5968 RTSTOR - ok
22:40:49.0546 5968 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:49.0546 5968 SamSs - ok
22:40:49.0578 5968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:40:49.0578 5968 sbp2port - ok
22:40:49.0624 5968 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:40:49.0624 5968 SCardSvr - ok
22:40:49.0671 5968 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:40:49.0687 5968 Schedule - ok
22:40:49.0734 5968 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:40:49.0734 5968 SCPolicySvc - ok
22:40:49.0765 5968 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:40:49.0780 5968 SDRSVC - ok
22:40:49.0812 5968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:40:49.0812 5968 secdrv - ok
22:40:49.0827 5968 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:40:49.0827 5968 seclogon - ok
22:40:49.0858 5968 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
22:40:49.0874 5968 SENS - ok
22:40:49.0905 5968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:40:49.0905 5968 Serenum - ok
22:40:49.0921 5968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:40:49.0936 5968 Serial - ok
22:40:49.0952 5968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:40:49.0952 5968 sermouse - ok
22:40:49.0999 5968 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:40:49.0999 5968 SessionEnv - ok
22:40:50.0030 5968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:40:50.0046 5968 sffdisk - ok
22:40:50.0061 5968 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:50.0061 5968 sffp_mmc - ok
22:40:50.0077 5968 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:40:50.0077 5968 sffp_sd - ok
22:40:50.0092 5968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:40:50.0092 5968 sfloppy - ok
22:40:50.0170 5968 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:40:50.0170 5968 SharedAccess - ok
22:40:50.0248 5968 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:40:50.0248 5968 ShellHWDetection - ok
22:40:50.0311 5968 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:40:50.0311 5968 sisagp - ok
22:40:50.0326 5968 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:40:50.0326 5968 SiSRaid2 - ok
22:40:50.0358 5968 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:40:50.0358 5968 SiSRaid4 - ok
22:40:50.0514 5968 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
22:40:50.0529 5968 SkypeUpdate - ok
22:40:50.0685 5968 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:40:50.0779 5968 slsvc - ok
22:40:50.0904 5968 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:40:50.0904 5968 SLUINotify - ok
22:40:50.0982 5968 SmartFaceVWatchSrv (8eb3988c74fd9d0e0934977e36b5f9e6) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
22:40:50.0982 5968 SmartFaceVWatchSrv - ok
22:40:51.0044 5968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:40:51.0044 5968 Smb - ok
22:40:51.0075 5968 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:40:51.0091 5968 SNMPTRAP - ok
22:40:51.0153 5968 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
22:40:51.0153 5968 SonicStage Back-End Service - ok
22:40:51.0200 5968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:40:51.0200 5968 spldr - ok
22:40:51.0247 5968 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:40:51.0247 5968 Spooler - ok
22:40:51.0294 5968 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:40:51.0294 5968 SPTISRV - ok
22:40:51.0340 5968 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:40:51.0340 5968 srv - ok
22:40:51.0387 5968 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:40:51.0387 5968 srv2 - ok
22:40:51.0403 5968 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:51.0418 5968 srvnet - ok
22:40:51.0450 5968 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:40:51.0465 5968 SSDPSRV - ok
22:40:51.0481 5968 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:40:51.0481 5968 SSScsiSV - ok
22:40:51.0528 5968 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:40:51.0543 5968 SstpSvc - ok
22:40:51.0574 5968 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:40:51.0574 5968 ssudmdm - ok
22:40:51.0621 5968 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:40:51.0637 5968 stisvc - ok
22:40:51.0668 5968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:40:51.0668 5968 swenum - ok
22:40:51.0746 5968 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:40:51.0746 5968 swprv - ok
22:40:51.0777 5968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:40:51.0777 5968 Symc8xx - ok
22:40:51.0808 5968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:40:51.0808 5968 Sym_hi - ok
22:40:51.0824 5968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:40:51.0824 5968 Sym_u3 - ok
22:40:51.0855 5968 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:51.0855 5968 SynTP - ok
22:40:51.0918 5968 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:40:51.0933 5968 SysMain - ok
22:40:51.0964 5968 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:40:51.0964 5968 TabletInputService - ok
22:40:52.0011 5968 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:40:52.0011 5968 taphss - ok
22:40:52.0058 5968 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:40:52.0058 5968 TapiSrv - ok
22:40:52.0089 5968 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:40:52.0089 5968 TBS - ok
22:40:52.0167 5968 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
22:40:52.0183 5968 Tcpip - ok
22:40:52.0198 5968 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:52.0198 5968 Tcpip6 - ok
22:40:52.0230 5968 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
22:40:52.0230 5968 tcpipreg - ok
22:40:52.0261 5968 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:40:52.0261 5968 tdcmdpst - ok
22:40:52.0292 5968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:40:52.0292 5968 TDPIPE - ok
22:40:52.0323 5968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:40:52.0323 5968 TDTCP - ok
22:40:52.0354 5968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:40:52.0354 5968 tdx - ok
22:40:52.0432 5968 TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
22:40:52.0432 5968 TempoMonitoringService - ok
22:40:52.0479 5968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:40:52.0479 5968 TermDD - ok
22:40:52.0542 5968 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:40:52.0557 5968 TermService - ok
22:40:52.0604 5968 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:40:52.0620 5968 Themes - ok
22:40:52.0635 5968 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:52.0635 5968 THREADORDER - ok
22:40:52.0713 5968 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
22:40:52.0713 5968 TNaviSrv - ok
22:40:52.0744 5968 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
22:40:52.0744 5968 TODDSrv - ok
22:40:52.0807 5968 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:40:52.0807 5968 TosCoSrv - ok
22:40:52.0838 5968 TOSHIBA SMART Log Service (dca621ce31ca604c762001883e385df8) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
22:40:52.0838 5968 TOSHIBA SMART Log Service - ok
22:40:52.0885 5968 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:40:52.0900 5968 tos_sps32 - ok
22:40:52.0916 5968 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:40:52.0932 5968 TrkWks - ok
22:40:52.0994 5968 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:40:52.0994 5968 TrustedInstaller - ok
22:40:53.0025 5968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:53.0025 5968 tssecsrv - ok
22:40:53.0041 5968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:40:53.0056 5968 tunmp - ok
22:40:53.0088 5968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:53.0088 5968 tunnel - ok
22:40:53.0103 5968 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:40:53.0103 5968 TVALZ - ok
22:40:53.0150 5968 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:40:53.0150 5968 uagp35 - ok
22:40:53.0197 5968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:40:53.0197 5968 udfs - ok
22:40:53.0244 5968 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:40:53.0244 5968 UI0Detect - ok
22:40:53.0337 5968 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
22:40:53.0337 5968 UleadBurningHelper - ok
22:40:53.0353 5968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:40:53.0368 5968 uliagpkx - ok
22:40:53.0400 5968 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:40:53.0400 5968 uliahci - ok
22:40:53.0431 5968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:40:53.0431 5968 UlSata - ok
22:40:53.0478 5968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:40:53.0478 5968 ulsata2 - ok
22:40:53.0509 5968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:40:53.0509 5968 umbus - ok
22:40:53.0696 5968 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:40:53.0712 5968 upnphost - ok
22:40:53.0758 5968 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:40:53.0758 5968 USBAAPL - ok
22:40:53.0790 5968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:53.0790 5968 usbccgp - ok
22:40:53.0821 5968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:40:53.0821 5968 usbcir - ok
22:40:53.0868 5968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:40:53.0868 5968 usbehci - ok
22:40:53.0883 5968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:53.0899 5968 usbhub - ok
22:40:53.0946 5968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:40:53.0946 5968 usbohci - ok
22:40:53.0961 5968 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:40:53.0961 5968 usbprint - ok
22:40:54.0008 5968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:54.0008 5968 USBSTOR - ok
22:40:54.0024 5968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:40:54.0039 5968 usbuhci - ok
22:40:54.0039 5968 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:40:54.0055 5968 usbvideo - ok
22:40:54.0070 5968 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:40:54.0070 5968 UVCFTR - ok
22:40:54.0102 5968 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:40:54.0117 5968 UxSms - ok
22:40:54.0164 5968 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:40:54.0164 5968 vds - ok
22:40:54.0211 5968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:54.0211 5968 vga - ok
22:40:54.0258 5968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:40:54.0258 5968 VgaSave - ok
22:40:54.0273 5968 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:40:54.0289 5968 viaagp - ok
22:40:54.0304 5968 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:40:54.0304 5968 ViaC7 - ok
22:40:54.0336 5968 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:40:54.0336 5968 viaide - ok
22:40:54.0382 5968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:40:54.0382 5968 volmgr - ok
22:40:54.0429 5968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:40:54.0445 5968 volmgrx - ok
22:40:54.0492 5968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:40:54.0492 5968 volsnap - ok
22:40:54.0538 5968 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\drivers\vsdatant.sys
22:40:54.0538 5968 Vsdatant - ok
22:40:54.0538 5968 vsdatant7 - ok
22:40:54.0632 5968 vsmon - ok
22:40:54.0663 5968 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:40:54.0663 5968 vsmraid - ok
22:40:54.0741 5968 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:40:54.0757 5968 VSS - ok
22:40:54.0819 5968 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:40:54.0819 5968 W32Time - ok
22:40:54.0882 5968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:40:54.0897 5968 WacomPen - ok
22:40:54.0913 5968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:54.0913 5968 Wanarp - ok
22:40:54.0928 5968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:54.0928 5968 Wanarpv6 - ok
22:40:54.0991 5968 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:40:54.0991 5968 wcncsvc - ok
22:40:55.0022 5968 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:40:55.0022 5968 WcsPlugInService - ok
22:40:55.0069 5968 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:40:55.0069 5968 Wd - ok
22:40:55.0100 5968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:40:55.0116 5968 Wdf01000 - ok
22:40:55.0147 5968 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:55.0162 5968 WdiServiceHost - ok
22:40:55.0162 5968 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:55.0178 5968 WdiSystemHost - ok
22:40:55.0240 5968 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:40:55.0256 5968 WebClient - ok
22:40:55.0303 5968 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:40:55.0318 5968 Wecsvc - ok
22:40:55.0350 5968 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:40:55.0350 5968 wercplsupport - ok
22:40:55.0396 5968 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:40:55.0396 5968 WerSvc - ok
22:40:55.0521 5968 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:40:55.0537 5968 WinDefend - ok
22:40:55.0537 5968 WinHttpAutoProxySvc - ok
22:40:55.0630 5968 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:40:55.0630 5968 Winmgmt - ok
22:40:55.0724 5968 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:40:55.0740 5968 WinRM - ok
22:40:55.0849 5968 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
22:40:55.0849 5968 WinUSB - ok
22:40:55.0896 5968 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:40:55.0911 5968 Wlansvc - ok
22:40:55.0958 5968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:40:55.0958 5968 WmiAcpi - ok
22:40:56.0020 5968 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:56.0020 5968 WmiApSrv - ok
22:40:56.0145 5968 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:40:56.0161 5968 WMPNetworkSvc - ok
22:40:56.0208 5968 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:40:56.0208 5968 WPCSvc - ok
22:40:56.0239 5968 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:40:56.0254 5968 WPDBusEnum - ok
22:40:56.0317 5968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:40:56.0317 5968 WpdUsb - ok
22:40:56.0457 5968 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:40:56.0473 5968 WPFFontCache_v0400 - ok
22:40:56.0504 5968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:56.0504 5968 ws2ifsl - ok
22:40:56.0551 5968 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
22:40:56.0566 5968 wscsvc - ok
22:40:56.0566 5968 WSearch - ok
22:40:56.0660 5968 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:40:56.0691 5968 wuauserv - ok
22:40:56.0800 5968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:56.0800 5968 WUDFRd - ok
22:40:56.0832 5968 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:40:56.0832 5968 wudfsvc - ok
22:40:56.0863 5968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:40:56.0925 5968 \Device\Harddisk0\DR0 - ok
22:40:56.0925 5968 Boot (0x1200) (df57cf1c611b27bf209d0902f03725cf) \Device\Harddisk0\DR0\Partition0
22:40:56.0925 5968 \Device\Harddisk0\DR0\Partition0 - ok
22:40:56.0956 5968 Boot (0x1200) (f602f8cb4dab6b75bb9b34e5a4ee71ff) \Device\Harddisk0\DR0\Partition1
22:40:56.0956 5968 \Device\Harddisk0\DR0\Partition1 - ok
22:40:56.0956 5968 ============================================================
22:40:56.0956 5968 Scan finished
22:40:56.0956 5968 ============================================================
22:40:56.0972 4664 Detected object count: 0
22:40:56.0972 4664 Actual detected object count: 0
22:41:02.0510 6108 Deinitialize success
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.08.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Keith :: KEITH-PC [administrator]
08/05/2012 23:11:28
mbam-log-2012-05-08 (23-11-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226206
Time elapsed: 10 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL logfile created on: 08/05/2012 23:28:19 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.78% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.53 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.46 Gb Free Space | 87.26% Space Free | Partition Type: NTFS
Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 11:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 19:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/10/19 20:18:18 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/09/26 23:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 19:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 09:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 09:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 23:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 01:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
========== Modules (No Company Name) ========== MOD - [2012/05/08 22:29:40 | 000,115,137 | ---- | M] () -- C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/05/04 21:55:05 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/13 09:52:23 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 23:36:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012/04/12 23:35:00 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/12 23:34:42 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:34:40 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/12 23:34:25 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/12 23:34:22 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/04/12 23:28:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:28:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/03/28 07:08:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/28 07:06:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/28 07:05:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/28 06:55:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/28 06:55:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/28 06:55:45 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/28 06:55:37 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/28 06:55:25 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/02/16 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 02:37:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 02:35:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 02:34:10 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/15 02:30:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/06 09:31:01 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 21:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ========== SRV - [2012/05/06 10:10:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 21:55:06 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 00:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/05 19:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 19:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 11:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 11:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 10:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/11 12:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 12:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/07 11:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 11:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 11:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 11:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 11:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 11:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/31 17:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/16 07:42:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/08 14:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 14:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/10/19 20:18:14 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/09 09:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/05/25 09:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/12 02:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/16 04:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/29 01:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co...=TSEA&bmod=TSEAIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT2549263IE - HKLM\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" =
http://www.google.co...g}&rlz=1I7TSEA;IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://search.condui...&ctid=CT2645238IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
http://search.babylo...00000ff8e29a0d1IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" =
http://127.0.0.1:466...q={searchTerms}IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" =
http://uk.ask.com/we...n=&geo=GB&ver=2IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{B348C7CB-EF28-4E83-811C-699C457EACF6}: "URL" =
http://search.condui...&ctid=CT2645238IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" =
http://www.google.co...TSEA_en-GBIM350IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Expat Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "
http://search.condui...={searchTerms}"FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html"
FF - prefs.js..extensions.enabledItems:
[email protected]:3.5.1.110
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems:
[email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems:
[email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems:
[email protected]:1.6.2
FF - prefs.js..extensions.enabledItems:
[email protected]:0.6.20110419
FF - prefs.js..keyword.URL: "
http://search.newtab...ng.com/?t=1&q="FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/05/08 22:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 08:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 21:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 18:21:10 | 000,000,000 | ---D | M]
[2011/09/21 23:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/02/14 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\
[email protected][2012/05/06 00:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions
[2012/04/26 23:02:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/06 06:34:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/14 10:04:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/22 02:56:26 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012/04/25 18:48:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/02/22 16:29:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/07/12 10:36:57 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/12/13 08:23:18 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/02/18 19:55:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/12/17 12:08:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\
[email protected][2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2011/12/11 18:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/04 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/13 20:26:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\
[email protected]() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\
[email protected][2012/05/04 21:55:07 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:23:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/13 18:23:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ========== CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url =
http://dts.search-re...q={searchTerms}CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_61.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
O1 HOSTS File: ([2011/11/08 19:03:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Shizue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} -
http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} -
http://www.amazon.co...nk-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CA9404-3A99-4938-A08C-4ADC25D6AD62}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/05/08 23:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 23:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 22:49:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:33:29 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 20:04:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/08 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 20:04:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 20:04:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/08 20:04:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 19:57:38 | 004,487,855 | R--- | C] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:32:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/03 20:36:19 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/03 20:35:49 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/03 20:35:49 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/16 10:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/12 23:37:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 23:37:35 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 23:37:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 23:37:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 23:37:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 23:37:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 23:35:08 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 23:35:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2012/04/10 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2012/04/10 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\eMule
[2012/04/10 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
========== Files - Modified Within 30 Days ========== [2012/05/08 23:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 23:01:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 23:00:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:51:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/08 22:51:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 22:46:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 22:44:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 22:44:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 22:44:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 22:39:43 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 22:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 20:02:45 | 004,487,855 | R--- | M] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:54:51 | 000,000,512 | ---- | M] () -- C:\Users\Keith\Desktop\MBR.dat
[2012/05/08 19:42:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/07 21:49:22 | 000,639,153 | ---- | M] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/05/07 19:44:46 | 000,212,992 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/07 16:56:59 | 000,002,305 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/06 21:09:48 | 000,017,920 | ---- | M] () -- C:\Users\Keith\Documents\door152are027.wps
[2012/05/06 21:09:48 | 000,006,202 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2012/05/06 10:10:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/06 10:10:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/06 09:26:27 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/03 20:35:27 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/03 20:35:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/03 20:35:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/03 20:35:26 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/05/03 20:35:26 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/05/02 21:51:42 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/01 13:51:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 10:18:04 | 000,000,470 | ---- | M] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/26 23:11:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/12 18:29:47 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/12 11:54:49 | 000,390,416 | ---- | M] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:57 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk
========== Files Created - No Company Name ========== [2012/05/08 23:01:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 20:04:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 20:04:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/08 19:54:50 | 000,000,512 | ---- | C] () -- C:\Users\Keith\Desktop\MBR.dat
[2012/05/07 21:49:21 | 000,639,153 | ---- | C] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/04/29 10:18:04 | 000,000,470 | ---- | C] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/12 11:54:48 | 000,390,416 | ---- | C] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:15 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 17:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 17:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 17:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 17:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/11/01 21:50:19 | 000,001,356 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2011/10/30 19:14:01 | 000,212,992 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 21:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat
[2011/07/09 11:30:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/09 11:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/27 06:43:34 | 000,006,202 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2004/06/12 07:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
< %SYSTEMDRIVE%\*.exe >[2004/06/12 07:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe
< %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2011/12/11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\.minecraft
[2011/11/12 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Adobe
[2010/03/15 10:12:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AnvSoft
[2010/03/15 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Any Video Converter
[2011/11/12 10:19:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Apple Computer
[2011/10/22 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Babylon
[2012/05/08 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent
[2011/10/31 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CheckPoint
[2010/06/08 06:10:05 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DivX
[2012/02/15 18:24:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\dvdcss
[2009/10/23 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Google
[2009/10/21 07:50:47 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Identities
[2009/10/21 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\InstallShield
[2009/12/04 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Juniper Networks
[2009/10/21 08:02:37 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Macromedia
[2011/11/09 17:35:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2006/11/02 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Media Center Programs
[2010/02/22 07:02:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microgaming
[2012/01/27 10:08:29 | 000,000,000 | --SD | M] -- C:\Users\Keith\AppData\Roaming\Microsoft
[2009/10/24 07:02:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microsoft Web Folders
[2009/10/23 07:28:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla
[2009/10/24 07:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\myphotobook
[2010/10/02 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NCH Swift Sound
[2011/04/18 04:16:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Registry Mechanic
[2012/02/20 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Samsung
[2012/05/08 23:16:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Skype
[2011/08/12 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\skypePM
[2009/10/26 07:27:51 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sony Corporation
[2010/12/30 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sports Interactive
[2011/01/27 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Template
[2010/11/22 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\tidysongs16
[2009/10/23 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Toshiba
[2010/01/27 05:35:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Trusteer
[2012/01/22 23:47:45 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\vlc
[2011/01/03 04:37:37 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 12:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 12:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 19:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 16:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
< MD5 for: EXPLORER.EXE >[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\My Documents] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\NetHood] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\PrintHood] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Recent] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\SendTo] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Start Menu] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Templates] -> Error: Cannot create file handle -> Unknown point type
========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 08/05/2012 23:28:19 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.78% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.53 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.46 Gb Free Space | 87.26% Space Free | Partition Type: NTFS
Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0275FE-AF0D-41CF-9455-24ED56F07BB3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17BC5A3B-BB11-4138-B9B0-4B0DD9F77B43}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24D927DE-D96F-4DD1-84E5-9D92F581389E}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D8C777C-0A90-4B02-BB79-E8B2E659E324}" = rport=139 | protocol=6 | dir=out | app=system |
"{42CED5A8-2596-451A-8921-B8E941C132E0}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{49555D1D-A4C9-4D18-AF62-6C36D088D464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A9354C1-8D6A-49C0-B1A8-DE8F0BB733D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B25488C-F699-4005-ADBA-3FD4BD07138D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60230238-F7FF-4A93-932F-6FCE2BB55E68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6B60B066-CBA0-435D-AA9D-53B2D71F1258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BD92F73-1F1F-4611-8A58-99AA929DAD6B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DEFAF08-AA40-4254-8EAB-F98448045AA5}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{855FB584-3B3E-4384-963B-701CA0495132}" = lport=138 | protocol=17 | dir=in | app=system |
"{89934DA8-577D-437B-BA0F-332F02688CEB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC3A15AC-0AED-40EB-92D2-E13A1619CB6C}" = lport=139 | protocol=6 | dir=in | app=system |
"{C057E40B-6931-4F82-A30B-EEA2DD8BC0F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB7F725A-3444-46B2-B36D-101CCE1AE2FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFEA0B12-6FB8-4289-B42E-F5CD5C48FCFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7F7C9EF-B6ED-4645-89F3-423EFD1B107F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEC2743C-5539-4849-8EDB-0F76A9B7A531}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE11A1-71FC-4F31-9659-9F32DF80320E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DF6250D-9B8B-4DD1-9FCC-29DF9EACE02D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2733CFCA-AB31-4FC9-9801-A8080F11AB74}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2A403F89-9D93-45E3-BE96-7006D7B49914}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33FE35DD-D718-40CA-BCCD-C98DC0B1E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38556406-F2A0-4B78-A3E6-2196E89E97E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C4219B4-505A-4473-B000-6DD113F58FCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C9FD751-8A81-4DBE-92FE-3C79A38FA2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42AD8A68-FB5D-45ED-A73A-C361AAA3A789}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{499E737E-F68F-4E9D-BD73-084E01C9C4A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA14E28-5F0F-42A0-9D6F-797687E4C8E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{577EFF8E-A686-4AE8-BAF5-5C2AB8707573}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A53D24C-3447-423E-B050-F3CB175B00C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68E64EE7-77C8-4419-A102-3F5F81AE3DA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BE6A31A-134D-4AF2-8F02-1C27E75685E0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{70467339-0870-4434-9C00-01A69BA18639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74916EC6-EF77-4212-BEA9-6B34D62FD35D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{773848A1-7DC1-4897-B044-00A6CDC4EC07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77DEF579-719C-4E42-BCF0-C93CC431CD2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7872EE16-96D1-49B5-9670-27DE8BA361BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B28DE76-E481-453A-BBC3-89A31D08D19B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D4CA57D-7284-465A-A54E-69F7DB2F93CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{821F8045-7BF1-4DBB-97BE-3F96FB913312}" = protocol=1 | dir=in |
[email protected],-28543 |
"{920023F9-C957-4384-8B19-7960FBE8C504}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9EFF85AC-236E-48A7-B045-1716ACAA1460}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0BEC03B-B664-41E7-AC63-EDFEF1AA29D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC003A86-3402-470E-BC2A-EE9DBAB2CB13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4E74102-8616-4AB2-AA4C-B4E3AE301844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5EBA6DF-95A8-4506-8892-9CCEEEED9024}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B86E826A-770B-483A-B350-E3F9420D6ED4}" = protocol=1 | dir=out |
[email protected],-28544 |
"{B92C1A59-6283-49B3-A09D-EFBA1014EE4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB5D32F3-C9B9-4345-84EC-6BBD11848669}" = protocol=58 | dir=out |
[email protected],-28546 |
"{DC5274CB-834D-4610-8D2C-4143F950FF26}" = protocol=58 | dir=in |
[email protected],-28545 |
"{E113E219-32CF-4D14-B153-FF96BEB6FED0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E87FD836-F093-4988-8EDB-95AAD8AB39B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE66A5DE-5F33-45AD-A7B6-CB3D5742864F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F406D331-9324-4746-8646-F1EB13F0D38B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0D4FA0B3-634D-45B6-BA44-37CAE526BC18}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{1C16574E-CB29-46BD-862D-E7C15E4CFE2F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{2E74E286-F0AC-4E57-A044-58342C6EC93A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7D40DF19-7A50-4FC4-B7B0-AE019BE29731}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8D765AEC-3CFD-44B4-AAF7-6554ECCE6390}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{9EAECA8E-D431-49A2-B016-30EBCA88071F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B611A5C0-7C1E-4038-8A31-C91401ACD0E0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{CD4941F3-86C6-4A03-ABD3-388247BA0A19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D63FEEDA-5A47-4998-8658-04037C2555A2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D7B9AD2E-AC67-4D56-9B89-4D5764B2FF65}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E7DBD35E-6167-491D-8DC7-F37BBD2CFE54}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1DADD5DF-BBA1-4CB1-BDB1-A442DEFAF68D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DB06FCE-FFB3-4916-A0FD-3944665C048F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1DD5EFFD-E925-478F-8535-5558CAF2DE6D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{36301B33-66E7-43F3-A3D5-9414C4D8BEC9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{419E05AA-34F3-4FC4-9535-A5A50E327115}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4A6A089B-218D-46AF-AB78-C0BB51C322B6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4C844CE5-D1A6-4EFE-8DB7-72DC4BC5F76B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{645C4EA7-8714-4204-BF94-AECA55A179AF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6867C6DD-0185-49F2-A4C3-1C5929426EB1}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C5A71203-76FE-4C69-81D0-02F257EB8A3B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{D9D8EA91-2EF6-4400-B7F4-AF511C781057}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741F98CD-A082-47C1-84CA-2D9B30204B7D}" = ZoneAlarm Security
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77287C02-9B72-4EA1-B3C3-D6AEAB36C381}" = ZoneAlarm Firewall
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.5
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.6
"NST" = Norton Safe Web Lite
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Rapport_msi" = Rapport
"Recuva" = Recuva
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 06/09/2011 17:46:34 | Computer Name = Keith-PC | Source = EventSystem | ID = 4621
Description =
Error - 06/09/2011 19:49:27 | Computer Name = Keith-PC | Source = EventSystem | ID = 4622
Description =
Error - 06/09/2011 19:58:34 | Computer Name = Keith-PC | Source = EventSystem | ID = 4621
Description =
Error - 10/09/2011 20:27:07 | Computer Name = Keith-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module xaddon.dll_unloaded, version 0.0.0.0, time stamp 0x4beb49cf,
exception code 0xc0000005, fault offset 0x6d65209b, process id 0x17f0, application
start time 0x01cc70197abcf940.
Error - 11/09/2011 05:10:38 | Computer Name = Keith-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f08 Start Time: 01cc700f5b398b60 Termination Time: 0
Error - 11/09/2011 05:13:14 | Computer Name = Keith-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 27a8 Start Time: 01cc7062ef94bcf0 Termination Time: 37
Error - 11/09/2011 15:40:52 | Computer Name = Keith-PC | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, time stamp 0x4bed9a14,
faulting module jaucheck.exe, version 2.0.2.4, time stamp 0x4bed9a14, exception
code 0xc0000005, fault offset 0x0000c940, process id 0x17fc, application start time
0x01cc70bab5fd0df0.
Error - 12/09/2011 09:31:23 | Computer Name = Keith-PC | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect
security settings in either the writer or requestor process. Operation: Gathering
Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer Writer Instance ID: {d6b2c547-d950-4237-8a2f-bee5b77b2436}
Error - 12/09/2011 09:42:15 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/09/2011 09:43:43 | Computer Name = Keith-PC | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect
security settings in either the writer or requestor process. Operation: Gathering
Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer Writer Instance ID: {ef5734ff-8e73-4ba1-b309-5b897044c9e7}
[ System Events ]
Error - 08/05/2012 01:34:47 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08/05/2012 01:35:18 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 08/05/2012 01:35:18 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08/05/2012 02:05:44 | Computer Name = Keith-PC | Source = DCOM | ID = 10010
Description =
Error - 08/05/2012 06:09:06 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 08/05/2012 06:19:05 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 08/05/2012 08:25:14 | Computer Name = Keith-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:24:13 on 08/05/2012 was unexpected.
Error - 08/05/2012 08:25:36 | Computer Name = Keith-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 08/05/2012 08:43:17 | Computer Name = Keith-PC | Source = DCOM | ID = 10010
Description =
Error - 08/05/2012 08:44:41 | Computer Name = Keith-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
< End of report >
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 00:42:35
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 14:17:14
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-ResourcePublication
Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 14:16:03
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
Log: 'System' Date/Time: 08/05/2012 14:16:01
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 00:43:20
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/05/2012 14:15:52
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2527531028-2931705147-162191117-1000_Classes:
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000_CLASSES
Log: 'Application' Date/Time: 08/05/2012 14:15:51
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-2527531028-2931705147-162191117-1000:
Process 2032 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2032 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\CheckPoint\ISW\Stats
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc68f-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc690-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Control Panel\International
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc691-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c43944ce-bdbf-11de-953f-806e6f6e6963}