Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Killing me slowly - Browser running slow


  • Please log in to reply

#1
iomkgs

iomkgs

    Member

  • Member
  • PipPip
  • 27 posts
Hi, Internet browsing seems to take forever to load pages (or not!). Just to post this I had to reboot as clicking 'Start a new topic' took forever. I was hoping I was protected from these things but evidently not. Any help would be much appreciated. OTL log below:

Cheers Keith

OTL logfile created on: 06/05/2012 21:44:42 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.29% Memory free
5.94 Gb Paging File | 4.46 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.47 Gb Free Space | 12.44% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 101.83 Gb Free Space | 88.45% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/26 17:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 11:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 19:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/10/19 20:18:18 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/09/26 23:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 19:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 09:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 09:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 23:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 01:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/04 21:55:05 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/13 09:52:23 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 23:36:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012/04/12 23:35:00 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/12 23:34:42 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:34:40 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/12 23:34:25 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/12 23:34:22 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/04/12 23:28:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:28:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/03/28 07:08:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/28 07:06:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/28 07:05:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/28 06:55:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/28 06:55:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/28 06:55:45 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/28 06:55:37 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/28 06:55:25 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/03/18 09:08:00 | 000,115,137 | ---- | M] () -- C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/16 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 02:37:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 02:35:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 02:34:10 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/15 02:30:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 21:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 10:10:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 21:55:06 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 00:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/05 19:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 19:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 11:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 11:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 10:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 12:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 12:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/07 11:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 11:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 11:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 11:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 11:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 11:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/31 17:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/16 07:42:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/08 14:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 14:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/10/19 20:18:14 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/09 09:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/05/25 09:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/12 02:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/16 04:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/29 01:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2549263
IE - HKLM\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff8e29a0d1
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...n=&geo=GB&ver=2
IE - HKCU\..\SearchScopes\{B348C7CB-EF28-4E83-811C-699C457EACF6}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKCU\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...TSEA_en-GBIM350
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Expat Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1.110
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110419
FF - prefs.js..keyword.URL: "http://search.newtab...ng.com/?t=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/05/06 21:28:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 08:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 21:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 18:21:10 | 000,000,000 | ---D | M]

[2011/09/21 23:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/02/14 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/06 00:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions
[2012/04/26 23:02:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/06 06:34:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/14 10:04:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/22 02:56:26 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012/04/25 18:48:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/02/22 16:29:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/07/12 10:36:57 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/12/13 08:23:18 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/02/18 19:55:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/12/17 12:08:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\[email protected]
[2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2011/12/11 18:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/04 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/13 20:26:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
[2012/05/04 21:55:07 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:23:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/13 18:23:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_61.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/11/08 19:03:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CA9404-3A99-4938-A08C-4ADC25D6AD62}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 10:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/10 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2012/04/10 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2012/04/10 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\eMule
[2012/04/10 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\eMule

========== Files - Modified Within 30 Days ==========

[2012/05/06 21:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 21:34:04 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/06 21:34:04 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/06 21:30:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 21:27:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 21:27:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 21:27:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/06 21:09:48 | 000,017,920 | ---- | M] () -- C:\Users\Keith\Documents\door152are027.wps
[2012/05/06 21:09:48 | 000,006,202 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2012/05/06 21:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 20:16:26 | 000,211,456 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/06 18:02:01 | 000,002,305 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/06 09:26:27 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/02 21:51:42 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/01 13:51:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 10:18:04 | 000,000,470 | ---- | M] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/26 23:11:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/12 18:29:47 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/12 18:21:48 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 11:54:49 | 000,390,416 | ---- | M] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:57 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk

========== Files Created - No Company Name ==========

[2012/04/29 10:18:04 | 000,000,470 | ---- | C] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/12 11:54:48 | 000,390,416 | ---- | C] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:15 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 17:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 17:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 17:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 17:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/11/01 21:50:19 | 000,001,356 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2011/10/30 19:14:01 | 000,211,456 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 21:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat
[2011/10/22 16:47:31 | 000,000,000 | ---- | C] () -- C:\ProgramData\9fdaafefbd78450da11c6c5c939913f8_c
[2011/07/09 11:30:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/09 11:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/27 06:43:34 | 000,006,202 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2010/05/09 04:08:55 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

========== LOP Check ==========

[2011/12/11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\.minecraft
[2010/03/15 10:12:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AnvSoft
[2010/03/15 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Any Video Converter
[2011/10/22 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Babylon
[2012/05/06 21:10:01 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent
[2011/10/31 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CheckPoint
[2009/12/04 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Juniper Networks
[2010/02/22 07:02:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microgaming
[2009/10/24 07:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\myphotobook
[2010/10/02 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NCH Swift Sound
[2011/04/18 04:16:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Registry Mechanic
[2012/02/20 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Samsung
[2010/12/30 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sports Interactive
[2011/01/27 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Template
[2010/11/22 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\tidysongs16
[2009/10/23 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Toshiba
[2010/01/27 05:35:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Trusteer
[2012/05/06 21:26:20 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
HI Ron, I appreciate your help. Logs below,ComboFix did its thing up to deleting files then seemed to hang so I had to reboot and there was no log. Everything else was ok. Let me know if there is anything else needed. Thanks again. Keith

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 19:44:32
-----------------------------
19:44:32.667 OS Version: Windows 6.0.6002 Service Pack 2
19:44:32.667 Number of processors: 2 586 0x170A
19:44:32.668 ComputerName: KEITH-PC UserName: Keith
19:44:37.642 Initialize success
19:44:38.132 AVAST engine defs: 12050800
19:45:02.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:45:02.289 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
19:45:02.306 Disk 0 MBR read successfully
19:45:02.314 Disk 0 MBR scan
19:45:02.321 Disk 0 Windows VISTA default MBR code
19:45:02.339 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:45:02.358 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
19:45:02.381 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
19:45:02.416 Disk 0 scanning sectors +488395120
19:45:02.515 Disk 0 scanning C:\Windows\system32\drivers
19:45:13.619 Service scanning
19:45:56.403 Modules scanning
19:46:15.680 AVAST engine scan C:\Windows
19:46:18.604 AVAST engine scan C:\Windows\system32
19:49:12.588 AVAST engine scan C:\Windows\system32\drivers
19:49:34.493 AVAST engine scan C:\Users\Keith
19:54:50.987 Disk 0 MBR has been saved successfully to "C:\Users\Keith\Desktop\MBR.dat"
19:54:51.006 The log file has been saved successfully to "C:\Users\Keith\Desktop\aswMBR.txt"


22:40:12.0918 5708 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:40:14.0930 5708 ============================================================
22:40:14.0930 5708 Current date / time: 2012/05/08 22:40:14.0930
22:40:14.0930 5708 SystemInfo:
22:40:14.0930 5708
22:40:14.0930 5708 OS Version: 6.0.6002 ServicePack: 2.0
22:40:14.0930 5708 Product type: Workstation
22:40:14.0930 5708 ComputerName: KEITH-PC
22:40:14.0930 5708 UserName: Keith
22:40:14.0930 5708 Windows directory: C:\Windows
22:40:14.0930 5708 System windows directory: C:\Windows
22:40:14.0930 5708 Processor architecture: Intel x86
22:40:14.0930 5708 Number of processors: 2
22:40:14.0930 5708 Page size: 0x1000
22:40:14.0930 5708 Boot type: Normal boot
22:40:14.0930 5708 ============================================================
22:40:15.0554 5708 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:40:15.0554 5708 ============================================================
22:40:15.0554 5708 \Device\Harddisk0\DR0:
22:40:15.0554 5708 MBR partitions:
22:40:15.0554 5708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
22:40:15.0554 5708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
22:40:15.0554 5708 ============================================================
22:40:15.0570 5708 C: <-> \Device\Harddisk0\DR0\Partition0
22:40:15.0616 5708 E: <-> \Device\Harddisk0\DR0\Partition1
22:40:15.0616 5708 ============================================================
22:40:15.0616 5708 Initialize success
22:40:15.0616 5708 ============================================================
22:40:34.0867 5968 ============================================================
22:40:34.0867 5968 Scan started
22:40:34.0867 5968 Mode: Manual;
22:40:34.0867 5968 ============================================================
22:40:35.0522 5968 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:40:35.0522 5968 ACPI - ok
22:40:35.0631 5968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:40:35.0631 5968 AdobeARMservice - ok
22:40:35.0725 5968 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:40:35.0725 5968 AdobeFlashPlayerUpdateSvc - ok
22:40:35.0772 5968 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:40:35.0787 5968 adp94xx - ok
22:40:35.0803 5968 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:40:35.0818 5968 adpahci - ok
22:40:35.0818 5968 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:40:35.0834 5968 adpu160m - ok
22:40:35.0865 5968 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:40:35.0865 5968 adpu320 - ok
22:40:35.0896 5968 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:40:35.0912 5968 AeLookupSvc - ok
22:40:35.0959 5968 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:40:35.0959 5968 AFD - ok
22:40:35.0990 5968 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
22:40:35.0990 5968 AgereModemAudio - ok
22:40:36.0068 5968 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
22:40:36.0084 5968 AgereSoftModem - ok
22:40:36.0099 5968 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:40:36.0099 5968 agp440 - ok
22:40:36.0130 5968 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:40:36.0130 5968 aic78xx - ok
22:40:36.0162 5968 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
22:40:36.0162 5968 ALG - ok
22:40:36.0193 5968 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:40:36.0193 5968 aliide - ok
22:40:36.0224 5968 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:40:36.0224 5968 amdagp - ok
22:40:36.0240 5968 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:40:36.0240 5968 amdide - ok
22:40:36.0255 5968 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:40:36.0271 5968 AmdK7 - ok
22:40:36.0286 5968 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:40:36.0302 5968 AmdK8 - ok
22:40:36.0333 5968 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
22:40:36.0333 5968 Appinfo - ok
22:40:36.0458 5968 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:40:36.0458 5968 Apple Mobile Device - ok
22:40:36.0520 5968 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:40:36.0520 5968 arc - ok
22:40:36.0583 5968 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:40:36.0583 5968 arcsas - ok
22:40:36.0630 5968 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
22:40:36.0645 5968 aswFsBlk - ok
22:40:36.0645 5968 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
22:40:36.0661 5968 aswMonFlt - ok
22:40:36.0692 5968 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
22:40:36.0692 5968 aswRdr - ok
22:40:36.0739 5968 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
22:40:36.0754 5968 aswSnx - ok
22:40:36.0817 5968 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
22:40:36.0817 5968 aswSP - ok
22:40:36.0832 5968 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
22:40:36.0832 5968 aswTdi - ok
22:40:36.0848 5968 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:40:36.0848 5968 AsyncMac - ok
22:40:36.0895 5968 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:40:36.0895 5968 atapi - ok
22:40:37.0004 5968 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
22:40:37.0020 5968 athr - ok
22:40:37.0066 5968 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:40:37.0066 5968 AudioEndpointBuilder - ok
22:40:37.0082 5968 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
22:40:37.0082 5968 Audiosrv - ok
22:40:37.0207 5968 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:40:37.0207 5968 avast! Antivirus - ok
22:40:37.0269 5968 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:40:37.0269 5968 Beep - ok
22:40:37.0332 5968 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
22:40:37.0332 5968 BFE - ok
22:40:37.0410 5968 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
22:40:37.0425 5968 BITS - ok
22:40:37.0456 5968 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:40:37.0456 5968 blbdrive - ok
22:40:37.0550 5968 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:40:37.0566 5968 Bonjour Service - ok
22:40:37.0612 5968 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:40:37.0612 5968 bowser - ok
22:40:37.0644 5968 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:40:37.0644 5968 BrFiltLo - ok
22:40:37.0659 5968 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:40:37.0675 5968 BrFiltUp - ok
22:40:37.0722 5968 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
22:40:37.0722 5968 Browser - ok
22:40:37.0753 5968 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:40:37.0753 5968 Brserid - ok
22:40:37.0784 5968 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:40:37.0784 5968 BrSerWdm - ok
22:40:37.0800 5968 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:40:37.0800 5968 BrUsbMdm - ok
22:40:37.0815 5968 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:40:37.0815 5968 BrUsbSer - ok
22:40:37.0862 5968 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:40:37.0862 5968 BTHMODEM - ok
22:40:37.0971 5968 catchme - ok
22:40:38.0049 5968 ccSet_NST (2b2f9b4a08190334a9c36446b208bae9) C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys
22:40:38.0049 5968 ccSet_NST - ok
22:40:38.0096 5968 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:40:38.0096 5968 cdfs - ok
22:40:38.0143 5968 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:40:38.0143 5968 cdrom - ok
22:40:38.0158 5968 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:40:38.0158 5968 CertPropSvc - ok
22:40:38.0190 5968 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:40:38.0205 5968 circlass - ok
22:40:38.0236 5968 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:40:38.0236 5968 CLFS - ok
22:40:38.0314 5968 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:40:38.0314 5968 clr_optimization_v2.0.50727_32 - ok
22:40:38.0361 5968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:40:38.0392 5968 clr_optimization_v4.0.30319_32 - ok
22:40:38.0439 5968 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:40:38.0439 5968 CmBatt - ok
22:40:38.0470 5968 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:40:38.0470 5968 cmdide - ok
22:40:38.0486 5968 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:40:38.0502 5968 Compbatt - ok
22:40:38.0502 5968 COMSysApp - ok
22:40:38.0580 5968 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
22:40:38.0580 5968 ConfigFree Service - ok
22:40:38.0580 5968 cpuz132 - ok
22:40:38.0611 5968 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:40:38.0611 5968 crcdisk - ok
22:40:38.0626 5968 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:40:38.0626 5968 Crusoe - ok
22:40:38.0673 5968 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
22:40:38.0673 5968 CryptSvc - ok
22:40:38.0751 5968 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
22:40:38.0751 5968 DcomLaunch - ok
22:40:38.0798 5968 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:40:38.0798 5968 DfsC - ok
22:40:38.0923 5968 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
22:40:38.0938 5968 DFSR - ok
22:40:39.0094 5968 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
22:40:39.0094 5968 dgderdrv - ok
22:40:39.0126 5968 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
22:40:39.0126 5968 dg_ssudbus - ok
22:40:39.0188 5968 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
22:40:39.0188 5968 Dhcp - ok
22:40:39.0235 5968 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:40:39.0235 5968 disk - ok
22:40:39.0297 5968 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
22:40:39.0313 5968 Dnscache - ok
22:40:39.0360 5968 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
22:40:39.0375 5968 dot3svc - ok
22:40:39.0406 5968 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:40:39.0406 5968 Dot4 - ok
22:40:39.0422 5968 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:40:39.0422 5968 Dot4Print - ok
22:40:39.0438 5968 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:40:39.0438 5968 dot4usb - ok
22:40:39.0469 5968 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
22:40:39.0484 5968 DPS - ok
22:40:39.0516 5968 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:40:39.0516 5968 drmkaud - ok
22:40:39.0547 5968 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
22:40:39.0547 5968 dsNcAdpt - ok
22:40:39.0625 5968 dsNcService (f5a1ce6e6bf5bb28c067494ad9402624) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
22:40:39.0625 5968 dsNcService - ok
22:40:39.0687 5968 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:40:39.0703 5968 DXGKrnl - ok
22:40:39.0734 5968 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:40:39.0734 5968 E1G60 - ok
22:40:39.0765 5968 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
22:40:39.0765 5968 EapHost - ok
22:40:39.0812 5968 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:40:39.0812 5968 Ecache - ok
22:40:39.0890 5968 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
22:40:39.0906 5968 ehRecvr - ok
22:40:39.0921 5968 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
22:40:39.0921 5968 ehSched - ok
22:40:39.0968 5968 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
22:40:39.0968 5968 ehstart - ok
22:40:40.0015 5968 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:40:40.0015 5968 elxstor - ok
22:40:40.0077 5968 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
22:40:40.0077 5968 EMDMgmt - ok
22:40:40.0108 5968 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:40:40.0108 5968 ErrDev - ok
22:40:40.0171 5968 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
22:40:40.0171 5968 EventSystem - ok
22:40:40.0202 5968 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:40:40.0218 5968 exfat - ok
22:40:40.0264 5968 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:40:40.0264 5968 fastfat - ok
22:40:40.0296 5968 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:40:40.0296 5968 fdc - ok
22:40:40.0311 5968 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
22:40:40.0327 5968 fdPHost - ok
22:40:40.0342 5968 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:40:40.0342 5968 FDResPub - ok
22:40:40.0342 5968 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:40:40.0358 5968 FileInfo - ok
22:40:40.0374 5968 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:40:40.0374 5968 Filetrace - ok
22:40:40.0420 5968 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:40:40.0420 5968 flpydisk - ok
22:40:40.0483 5968 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:40:40.0483 5968 FltMgr - ok
22:40:40.0561 5968 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
22:40:40.0561 5968 FontCache - ok
22:40:40.0623 5968 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:40:40.0623 5968 FontCache3.0.0.0 - ok
22:40:40.0670 5968 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
22:40:40.0670 5968 Fs_Rec - ok
22:40:40.0701 5968 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
22:40:40.0701 5968 FwLnk - ok
22:40:40.0732 5968 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:40:40.0732 5968 gagp30kx - ok
22:40:40.0764 5968 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:40:40.0764 5968 GEARAspiWDM - ok
22:40:40.0857 5968 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:40:40.0857 5968 GoogleDesktopManager-051210-111108 - ok
22:40:40.0920 5968 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
22:40:40.0920 5968 gpsvc - ok
22:40:40.0998 5968 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:40.0998 5968 gupdate - ok
22:40:41.0013 5968 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:40:41.0013 5968 gupdatem - ok
22:40:41.0044 5968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:40:41.0044 5968 gusvc - ok
22:40:41.0107 5968 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:40:41.0107 5968 HdAudAddService - ok
22:40:41.0154 5968 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:40:41.0169 5968 HDAudBus - ok
22:40:41.0200 5968 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:40:41.0200 5968 HidBth - ok
22:40:41.0232 5968 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:40:41.0232 5968 HidIr - ok
22:40:41.0294 5968 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
22:40:41.0294 5968 hidserv - ok
22:40:41.0325 5968 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
22:40:41.0325 5968 HidUsb - ok
22:40:41.0372 5968 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
22:40:41.0372 5968 hkmsvc - ok
22:40:41.0403 5968 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:40:41.0403 5968 HpCISSs - ok
22:40:41.0466 5968 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:40:41.0481 5968 HTTP - ok
22:40:41.0512 5968 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:40:41.0512 5968 i2omp - ok
22:40:41.0528 5968 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:40:41.0528 5968 i8042prt - ok
22:40:41.0575 5968 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
22:40:41.0575 5968 iaStor - ok
22:40:41.0622 5968 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:40:41.0622 5968 iaStorV - ok
22:40:41.0715 5968 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:40:41.0715 5968 IDriverT - ok
22:40:41.0793 5968 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:40:41.0809 5968 idsvc - ok
22:40:41.0934 5968 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:40:41.0965 5968 igfx - ok
22:40:42.0058 5968 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:40:42.0058 5968 iirsp - ok
22:40:42.0121 5968 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
22:40:42.0136 5968 IKEEXT - ok
22:40:42.0246 5968 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
22:40:42.0277 5968 IntcAzAudAddService - ok
22:40:42.0480 5968 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:40:42.0480 5968 intelide - ok
22:40:42.0511 5968 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:40:42.0511 5968 intelppm - ok
22:40:42.0558 5968 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
22:40:42.0558 5968 IPBusEnum - ok
22:40:42.0589 5968 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:40:42.0589 5968 IpFilterDriver - ok
22:40:42.0636 5968 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
22:40:42.0636 5968 iphlpsvc - ok
22:40:42.0636 5968 IpInIp - ok
22:40:42.0698 5968 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:40:42.0698 5968 IPMIDRV - ok
22:40:42.0760 5968 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:40:42.0760 5968 IPNAT - ok
22:40:42.0870 5968 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
22:40:42.0885 5968 iPod Service - ok
22:40:42.0932 5968 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:40:42.0932 5968 IRENUM - ok
22:40:42.0963 5968 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:40:42.0963 5968 isapnp - ok
22:40:43.0026 5968 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:40:43.0026 5968 iScsiPrt - ok
22:40:43.0119 5968 ISWKL (d3ef8cd04b45cc0ac1fbef7c200dbbb4) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
22:40:43.0135 5968 ISWKL - ok
22:40:43.0197 5968 IswSvc (a3af544146034b8fa950aa1fbff025dc) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
22:40:43.0197 5968 IswSvc - ok
22:40:43.0228 5968 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:40:43.0228 5968 iteatapi - ok
22:40:43.0260 5968 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:40:43.0260 5968 iteraid - ok
22:40:43.0369 5968 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
22:40:43.0384 5968 jswpsapi - ok
22:40:43.0416 5968 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
22:40:43.0416 5968 jswpslwf - ok
22:40:43.0447 5968 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:40:43.0462 5968 kbdclass - ok
22:40:43.0478 5968 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:40:43.0478 5968 kbdhid - ok
22:40:43.0525 5968 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:43.0540 5968 KeyIso - ok
22:40:43.0587 5968 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:40:43.0603 5968 KSecDD - ok
22:40:43.0650 5968 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
22:40:43.0650 5968 KtmRm - ok
22:40:43.0696 5968 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
22:40:43.0696 5968 LanmanServer - ok
22:40:43.0728 5968 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
22:40:43.0743 5968 LanmanWorkstation - ok
22:40:43.0774 5968 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:40:43.0774 5968 lltdio - ok
22:40:43.0821 5968 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
22:40:43.0837 5968 lltdsvc - ok
22:40:43.0852 5968 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:40:43.0852 5968 lmhosts - ok
22:40:43.0884 5968 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:40:43.0884 5968 LSI_FC - ok
22:40:43.0915 5968 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:40:43.0915 5968 LSI_SAS - ok
22:40:43.0946 5968 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:40:43.0946 5968 LSI_SCSI - ok
22:40:43.0977 5968 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:40:43.0977 5968 luafv - ok
22:40:44.0008 5968 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:40:44.0008 5968 MBAMProtector - ok
22:40:44.0133 5968 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:40:44.0133 5968 MBAMService - ok
22:40:44.0180 5968 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
22:40:44.0180 5968 Mcx2Svc - ok
22:40:44.0211 5968 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:40:44.0211 5968 megasas - ok
22:40:44.0242 5968 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:40:44.0242 5968 MegaSR - ok
22:40:44.0289 5968 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:44.0289 5968 MMCSS - ok
22:40:44.0305 5968 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:40:44.0305 5968 Modem - ok
22:40:44.0320 5968 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:40:44.0336 5968 monitor - ok
22:40:44.0336 5968 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:40:44.0336 5968 mouclass - ok
22:40:44.0367 5968 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
22:40:44.0367 5968 mouhid - ok
22:40:44.0383 5968 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:40:44.0383 5968 MountMgr - ok
22:40:44.0554 5968 MozillaMaintenance (2926d017af09b10bc3d76ea1130599c4) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:40:44.0554 5968 MozillaMaintenance - ok
22:40:44.0601 5968 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:40:44.0601 5968 mpio - ok
22:40:44.0632 5968 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:40:44.0632 5968 mpsdrv - ok
22:40:44.0695 5968 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
22:40:44.0710 5968 MpsSvc - ok
22:40:44.0742 5968 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:40:44.0742 5968 Mraid35x - ok
22:40:44.0788 5968 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:40:44.0788 5968 MRxDAV - ok
22:40:44.0820 5968 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:40:44.0820 5968 mrxsmb - ok
22:40:44.0866 5968 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:40:44.0866 5968 mrxsmb10 - ok
22:40:44.0882 5968 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:40:44.0882 5968 mrxsmb20 - ok
22:40:44.0898 5968 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:40:44.0898 5968 msahci - ok
22:40:44.0976 5968 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:40:44.0976 5968 MSCSPTISRV - ok
22:40:45.0007 5968 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:40:45.0007 5968 msdsm - ok
22:40:45.0054 5968 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
22:40:45.0054 5968 MSDTC - ok
22:40:45.0085 5968 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:40:45.0085 5968 Msfs - ok
22:40:45.0132 5968 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:40:45.0132 5968 msisadrv - ok
22:40:45.0178 5968 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
22:40:45.0178 5968 MSiSCSI - ok
22:40:45.0178 5968 msiserver - ok
22:40:45.0225 5968 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:40:45.0225 5968 MSKSSRV - ok
22:40:45.0256 5968 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:40:45.0256 5968 MSPCLOCK - ok
22:40:45.0288 5968 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:40:45.0288 5968 MSPQM - ok
22:40:45.0319 5968 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:40:45.0334 5968 MsRPC - ok
22:40:45.0381 5968 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:40:45.0381 5968 mssmbios - ok
22:40:45.0428 5968 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:40:45.0428 5968 MSTEE - ok
22:40:45.0459 5968 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:40:45.0475 5968 Mup - ok
22:40:45.0522 5968 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
22:40:45.0522 5968 napagent - ok
22:40:45.0584 5968 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:40:45.0584 5968 NativeWifiP - ok
22:40:45.0646 5968 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:40:45.0646 5968 NDIS - ok
22:40:45.0678 5968 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:40:45.0678 5968 NdisTapi - ok
22:40:45.0693 5968 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:40:45.0693 5968 Ndisuio - ok
22:40:45.0724 5968 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:40:45.0740 5968 NdisWan - ok
22:40:45.0756 5968 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:40:45.0756 5968 NDProxy - ok
22:40:45.0771 5968 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:40:45.0771 5968 NetBIOS - ok
22:40:45.0818 5968 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:40:45.0818 5968 netbt - ok
22:40:45.0865 5968 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:45.0865 5968 Netlogon - ok
22:40:45.0912 5968 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
22:40:45.0912 5968 Netman - ok
22:40:45.0943 5968 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
22:40:45.0943 5968 netprofm - ok
22:40:46.0005 5968 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:40:46.0005 5968 NetTcpPortSharing - ok
22:40:46.0052 5968 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:40:46.0052 5968 nfrd960 - ok
22:40:46.0083 5968 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
22:40:46.0083 5968 NlaSvc - ok
22:40:46.0146 5968 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:40:46.0146 5968 Npfs - ok
22:40:46.0161 5968 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
22:40:46.0161 5968 nsi - ok
22:40:46.0208 5968 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:40:46.0208 5968 nsiproxy - ok
22:40:46.0302 5968 NSL (e127420b7feb65c7f279eaac183bbc0e) C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
22:40:46.0302 5968 NSL - ok
22:40:46.0426 5968 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:40:46.0442 5968 Ntfs - ok
22:40:46.0473 5968 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:40:46.0473 5968 ntrigdigi - ok
22:40:46.0504 5968 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:40:46.0504 5968 Null - ok
22:40:46.0520 5968 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:40:46.0520 5968 nvraid - ok
22:40:46.0551 5968 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:40:46.0551 5968 nvstor - ok
22:40:46.0598 5968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:40:46.0598 5968 nv_agp - ok
22:40:46.0598 5968 NwlnkFlt - ok
22:40:46.0614 5968 NwlnkFwd - ok
22:40:46.0645 5968 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:40:46.0645 5968 ohci1394 - ok
22:40:46.0707 5968 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:46.0723 5968 p2pimsvc - ok
22:40:46.0738 5968 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:46.0754 5968 p2psvc - ok
22:40:46.0816 5968 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:40:46.0816 5968 PACSPTISVR - ok
22:40:46.0863 5968 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:40:46.0863 5968 Parport - ok
22:40:46.0926 5968 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:40:46.0926 5968 partmgr - ok
22:40:46.0972 5968 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:40:46.0972 5968 Parvdm - ok
22:40:47.0004 5968 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
22:40:47.0019 5968 PcaSvc - ok
22:40:47.0066 5968 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:40:47.0066 5968 pci - ok
22:40:47.0097 5968 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
22:40:47.0097 5968 pciide - ok
22:40:47.0144 5968 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:40:47.0144 5968 pcmcia - ok
22:40:47.0206 5968 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:40:47.0222 5968 PEAUTH - ok
22:40:47.0316 5968 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
22:40:47.0331 5968 pla - ok
22:40:47.0456 5968 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
22:40:47.0456 5968 PlugPlay - ok
22:40:47.0518 5968 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:47.0534 5968 PNRPAutoReg - ok
22:40:47.0534 5968 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
22:40:47.0550 5968 PNRPsvc - ok
22:40:47.0643 5968 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
22:40:47.0659 5968 PolicyAgent - ok
22:40:47.0721 5968 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:40:47.0721 5968 PptpMiniport - ok
22:40:47.0737 5968 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:40:47.0752 5968 Processor - ok
22:40:47.0846 5968 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
22:40:47.0862 5968 ProfSvc - ok
22:40:47.0893 5968 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:47.0908 5968 ProtectedStorage - ok
22:40:47.0955 5968 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:40:47.0955 5968 PSched - ok
22:40:47.0971 5968 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
22:40:47.0971 5968 PxHelp20 - ok
22:40:48.0049 5968 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:40:48.0064 5968 ql2300 - ok
22:40:48.0096 5968 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:40:48.0096 5968 ql40xx - ok
22:40:48.0142 5968 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
22:40:48.0158 5968 QWAVE - ok
22:40:48.0189 5968 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:40:48.0189 5968 QWAVEdrv - ok
22:40:48.0330 5968 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
22:40:48.0330 5968 RapportCerberus_34302 - ok
22:40:48.0439 5968 RapportEI (43b9aa1423bf54367c5a3de1559780e8) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:40:48.0439 5968 RapportEI - ok
22:40:48.0439 5968 RapportKELL - ok
22:40:48.0532 5968 RapportMgmtService (d9ef54568fafcb4be4637068e768409a) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
22:40:48.0532 5968 RapportMgmtService - ok
22:40:48.0595 5968 RapportPG (4af05a67b643a5190dfcbb793273e0bc) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:40:48.0595 5968 RapportPG - ok
22:40:48.0688 5968 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:40:48.0688 5968 RasAcd - ok
22:40:48.0751 5968 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
22:40:48.0766 5968 RasAuto - ok
22:40:48.0782 5968 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:40:48.0782 5968 Rasl2tp - ok
22:40:48.0844 5968 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
22:40:48.0844 5968 RasMan - ok
22:40:48.0891 5968 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:40:48.0907 5968 RasPppoe - ok
22:40:48.0938 5968 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:40:48.0954 5968 RasSstp - ok
22:40:48.0985 5968 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:40:48.0985 5968 rdbss - ok
22:40:49.0032 5968 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:40:49.0032 5968 RDPCDD - ok
22:40:49.0078 5968 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:40:49.0078 5968 rdpdr - ok
22:40:49.0094 5968 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:40:49.0094 5968 RDPENCDD - ok
22:40:49.0203 5968 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
22:40:49.0203 5968 RDPWD - ok
22:40:49.0250 5968 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
22:40:49.0250 5968 RemoteAccess - ok
22:40:49.0297 5968 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
22:40:49.0297 5968 RemoteRegistry - ok
22:40:49.0328 5968 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:40:49.0328 5968 RpcLocator - ok
22:40:49.0390 5968 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
22:40:49.0406 5968 RpcSs - ok
22:40:49.0437 5968 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:40:49.0437 5968 rspndr - ok
22:40:49.0468 5968 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:40:49.0468 5968 RTL8169 - ok
22:40:49.0500 5968 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
22:40:49.0500 5968 RTSTOR - ok
22:40:49.0546 5968 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
22:40:49.0546 5968 SamSs - ok
22:40:49.0578 5968 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:40:49.0578 5968 sbp2port - ok
22:40:49.0624 5968 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
22:40:49.0624 5968 SCardSvr - ok
22:40:49.0671 5968 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
22:40:49.0687 5968 Schedule - ok
22:40:49.0734 5968 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
22:40:49.0734 5968 SCPolicySvc - ok
22:40:49.0765 5968 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
22:40:49.0780 5968 SDRSVC - ok
22:40:49.0812 5968 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:40:49.0812 5968 secdrv - ok
22:40:49.0827 5968 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
22:40:49.0827 5968 seclogon - ok
22:40:49.0858 5968 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
22:40:49.0874 5968 SENS - ok
22:40:49.0905 5968 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:40:49.0905 5968 Serenum - ok
22:40:49.0921 5968 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:40:49.0936 5968 Serial - ok
22:40:49.0952 5968 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:40:49.0952 5968 sermouse - ok
22:40:49.0999 5968 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
22:40:49.0999 5968 SessionEnv - ok
22:40:50.0030 5968 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:40:50.0046 5968 sffdisk - ok
22:40:50.0061 5968 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:40:50.0061 5968 sffp_mmc - ok
22:40:50.0077 5968 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:40:50.0077 5968 sffp_sd - ok
22:40:50.0092 5968 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:40:50.0092 5968 sfloppy - ok
22:40:50.0170 5968 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
22:40:50.0170 5968 SharedAccess - ok
22:40:50.0248 5968 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
22:40:50.0248 5968 ShellHWDetection - ok
22:40:50.0311 5968 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:40:50.0311 5968 sisagp - ok
22:40:50.0326 5968 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:40:50.0326 5968 SiSRaid2 - ok
22:40:50.0358 5968 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:40:50.0358 5968 SiSRaid4 - ok
22:40:50.0514 5968 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe
22:40:50.0529 5968 SkypeUpdate - ok
22:40:50.0685 5968 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
22:40:50.0779 5968 slsvc - ok
22:40:50.0904 5968 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
22:40:50.0904 5968 SLUINotify - ok
22:40:50.0982 5968 SmartFaceVWatchSrv (8eb3988c74fd9d0e0934977e36b5f9e6) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
22:40:50.0982 5968 SmartFaceVWatchSrv - ok
22:40:51.0044 5968 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:40:51.0044 5968 Smb - ok
22:40:51.0075 5968 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:40:51.0091 5968 SNMPTRAP - ok
22:40:51.0153 5968 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
22:40:51.0153 5968 SonicStage Back-End Service - ok
22:40:51.0200 5968 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:40:51.0200 5968 spldr - ok
22:40:51.0247 5968 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
22:40:51.0247 5968 Spooler - ok
22:40:51.0294 5968 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:40:51.0294 5968 SPTISRV - ok
22:40:51.0340 5968 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:40:51.0340 5968 srv - ok
22:40:51.0387 5968 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:40:51.0387 5968 srv2 - ok
22:40:51.0403 5968 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:40:51.0418 5968 srvnet - ok
22:40:51.0450 5968 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
22:40:51.0465 5968 SSDPSRV - ok
22:40:51.0481 5968 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:40:51.0481 5968 SSScsiSV - ok
22:40:51.0528 5968 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
22:40:51.0543 5968 SstpSvc - ok
22:40:51.0574 5968 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
22:40:51.0574 5968 ssudmdm - ok
22:40:51.0621 5968 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
22:40:51.0637 5968 stisvc - ok
22:40:51.0668 5968 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:40:51.0668 5968 swenum - ok
22:40:51.0746 5968 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
22:40:51.0746 5968 swprv - ok
22:40:51.0777 5968 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:40:51.0777 5968 Symc8xx - ok
22:40:51.0808 5968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:40:51.0808 5968 Sym_hi - ok
22:40:51.0824 5968 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:40:51.0824 5968 Sym_u3 - ok
22:40:51.0855 5968 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
22:40:51.0855 5968 SynTP - ok
22:40:51.0918 5968 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
22:40:51.0933 5968 SysMain - ok
22:40:51.0964 5968 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:40:51.0964 5968 TabletInputService - ok
22:40:52.0011 5968 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:40:52.0011 5968 taphss - ok
22:40:52.0058 5968 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
22:40:52.0058 5968 TapiSrv - ok
22:40:52.0089 5968 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
22:40:52.0089 5968 TBS - ok
22:40:52.0167 5968 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
22:40:52.0183 5968 Tcpip - ok
22:40:52.0198 5968 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
22:40:52.0198 5968 Tcpip6 - ok
22:40:52.0230 5968 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
22:40:52.0230 5968 tcpipreg - ok
22:40:52.0261 5968 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:40:52.0261 5968 tdcmdpst - ok
22:40:52.0292 5968 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:40:52.0292 5968 TDPIPE - ok
22:40:52.0323 5968 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:40:52.0323 5968 TDTCP - ok
22:40:52.0354 5968 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:40:52.0354 5968 tdx - ok
22:40:52.0432 5968 TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
22:40:52.0432 5968 TempoMonitoringService - ok
22:40:52.0479 5968 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:40:52.0479 5968 TermDD - ok
22:40:52.0542 5968 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
22:40:52.0557 5968 TermService - ok
22:40:52.0604 5968 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
22:40:52.0620 5968 Themes - ok
22:40:52.0635 5968 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
22:40:52.0635 5968 THREADORDER - ok
22:40:52.0713 5968 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
22:40:52.0713 5968 TNaviSrv - ok
22:40:52.0744 5968 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
22:40:52.0744 5968 TODDSrv - ok
22:40:52.0807 5968 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:40:52.0807 5968 TosCoSrv - ok
22:40:52.0838 5968 TOSHIBA SMART Log Service (dca621ce31ca604c762001883e385df8) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
22:40:52.0838 5968 TOSHIBA SMART Log Service - ok
22:40:52.0885 5968 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
22:40:52.0900 5968 tos_sps32 - ok
22:40:52.0916 5968 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
22:40:52.0932 5968 TrkWks - ok
22:40:52.0994 5968 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
22:40:52.0994 5968 TrustedInstaller - ok
22:40:53.0025 5968 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:53.0025 5968 tssecsrv - ok
22:40:53.0041 5968 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:40:53.0056 5968 tunmp - ok
22:40:53.0088 5968 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:40:53.0088 5968 tunnel - ok
22:40:53.0103 5968 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:40:53.0103 5968 TVALZ - ok
22:40:53.0150 5968 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:40:53.0150 5968 uagp35 - ok
22:40:53.0197 5968 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:40:53.0197 5968 udfs - ok
22:40:53.0244 5968 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
22:40:53.0244 5968 UI0Detect - ok
22:40:53.0337 5968 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
22:40:53.0337 5968 UleadBurningHelper - ok
22:40:53.0353 5968 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:40:53.0368 5968 uliagpkx - ok
22:40:53.0400 5968 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:40:53.0400 5968 uliahci - ok
22:40:53.0431 5968 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:40:53.0431 5968 UlSata - ok
22:40:53.0478 5968 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:40:53.0478 5968 ulsata2 - ok
22:40:53.0509 5968 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:40:53.0509 5968 umbus - ok
22:40:53.0696 5968 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
22:40:53.0712 5968 upnphost - ok
22:40:53.0758 5968 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:40:53.0758 5968 USBAAPL - ok
22:40:53.0790 5968 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:53.0790 5968 usbccgp - ok
22:40:53.0821 5968 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:40:53.0821 5968 usbcir - ok
22:40:53.0868 5968 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:40:53.0868 5968 usbehci - ok
22:40:53.0883 5968 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:40:53.0899 5968 usbhub - ok
22:40:53.0946 5968 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:40:53.0946 5968 usbohci - ok
22:40:53.0961 5968 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:40:53.0961 5968 usbprint - ok
22:40:54.0008 5968 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:54.0008 5968 USBSTOR - ok
22:40:54.0024 5968 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:40:54.0039 5968 usbuhci - ok
22:40:54.0039 5968 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:40:54.0055 5968 usbvideo - ok
22:40:54.0070 5968 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:40:54.0070 5968 UVCFTR - ok
22:40:54.0102 5968 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
22:40:54.0117 5968 UxSms - ok
22:40:54.0164 5968 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
22:40:54.0164 5968 vds - ok
22:40:54.0211 5968 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:54.0211 5968 vga - ok
22:40:54.0258 5968 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:40:54.0258 5968 VgaSave - ok
22:40:54.0273 5968 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:40:54.0289 5968 viaagp - ok
22:40:54.0304 5968 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:40:54.0304 5968 ViaC7 - ok
22:40:54.0336 5968 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:40:54.0336 5968 viaide - ok
22:40:54.0382 5968 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:40:54.0382 5968 volmgr - ok
22:40:54.0429 5968 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:40:54.0445 5968 volmgrx - ok
22:40:54.0492 5968 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:40:54.0492 5968 volsnap - ok
22:40:54.0538 5968 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\drivers\vsdatant.sys
22:40:54.0538 5968 Vsdatant - ok
22:40:54.0538 5968 vsdatant7 - ok
22:40:54.0632 5968 vsmon - ok
22:40:54.0663 5968 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:40:54.0663 5968 vsmraid - ok
22:40:54.0741 5968 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
22:40:54.0757 5968 VSS - ok
22:40:54.0819 5968 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
22:40:54.0819 5968 W32Time - ok
22:40:54.0882 5968 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:40:54.0897 5968 WacomPen - ok
22:40:54.0913 5968 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:54.0913 5968 Wanarp - ok
22:40:54.0928 5968 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:40:54.0928 5968 Wanarpv6 - ok
22:40:54.0991 5968 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
22:40:54.0991 5968 wcncsvc - ok
22:40:55.0022 5968 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:40:55.0022 5968 WcsPlugInService - ok
22:40:55.0069 5968 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:40:55.0069 5968 Wd - ok
22:40:55.0100 5968 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:40:55.0116 5968 Wdf01000 - ok
22:40:55.0147 5968 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:55.0162 5968 WdiServiceHost - ok
22:40:55.0162 5968 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
22:40:55.0178 5968 WdiSystemHost - ok
22:40:55.0240 5968 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
22:40:55.0256 5968 WebClient - ok
22:40:55.0303 5968 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
22:40:55.0318 5968 Wecsvc - ok
22:40:55.0350 5968 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
22:40:55.0350 5968 wercplsupport - ok
22:40:55.0396 5968 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
22:40:55.0396 5968 WerSvc - ok
22:40:55.0521 5968 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
22:40:55.0537 5968 WinDefend - ok
22:40:55.0537 5968 WinHttpAutoProxySvc - ok
22:40:55.0630 5968 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
22:40:55.0630 5968 Winmgmt - ok
22:40:55.0724 5968 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
22:40:55.0740 5968 WinRM - ok
22:40:55.0849 5968 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
22:40:55.0849 5968 WinUSB - ok
22:40:55.0896 5968 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
22:40:55.0911 5968 Wlansvc - ok
22:40:55.0958 5968 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:40:55.0958 5968 WmiAcpi - ok
22:40:56.0020 5968 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
22:40:56.0020 5968 WmiApSrv - ok
22:40:56.0145 5968 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:40:56.0161 5968 WMPNetworkSvc - ok
22:40:56.0208 5968 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
22:40:56.0208 5968 WPCSvc - ok
22:40:56.0239 5968 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
22:40:56.0254 5968 WPDBusEnum - ok
22:40:56.0317 5968 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:40:56.0317 5968 WpdUsb - ok
22:40:56.0457 5968 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:40:56.0473 5968 WPFFontCache_v0400 - ok
22:40:56.0504 5968 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:40:56.0504 5968 ws2ifsl - ok
22:40:56.0551 5968 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
22:40:56.0566 5968 wscsvc - ok
22:40:56.0566 5968 WSearch - ok
22:40:56.0660 5968 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:40:56.0691 5968 wuauserv - ok
22:40:56.0800 5968 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:56.0800 5968 WUDFRd - ok
22:40:56.0832 5968 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
22:40:56.0832 5968 wudfsvc - ok
22:40:56.0863 5968 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:40:56.0925 5968 \Device\Harddisk0\DR0 - ok
22:40:56.0925 5968 Boot (0x1200) (df57cf1c611b27bf209d0902f03725cf) \Device\Harddisk0\DR0\Partition0
22:40:56.0925 5968 \Device\Harddisk0\DR0\Partition0 - ok
22:40:56.0956 5968 Boot (0x1200) (f602f8cb4dab6b75bb9b34e5a4ee71ff) \Device\Harddisk0\DR0\Partition1
22:40:56.0956 5968 \Device\Harddisk0\DR0\Partition1 - ok
22:40:56.0956 5968 ============================================================
22:40:56.0956 5968 Scan finished
22:40:56.0956 5968 ============================================================
22:40:56.0972 4664 Detected object count: 0
22:40:56.0972 4664 Actual detected object count: 0
22:41:02.0510 6108 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.08.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Keith :: KEITH-PC [administrator]

08/05/2012 23:11:28
mbam-log-2012-05-08 (23-11-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226206
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 08/05/2012 23:28:19 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.78% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.53 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.46 Gb Free Space | 87.26% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/26 17:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 11:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 19:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/10/19 20:18:18 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/09/26 23:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 19:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 09:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 09:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 23:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 01:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 22:29:40 | 000,115,137 | ---- | M] () -- C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/05/04 21:55:05 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/13 09:52:23 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 23:36:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012/04/12 23:35:00 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/12 23:34:42 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:34:40 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/12 23:34:25 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/12 23:34:22 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/04/12 23:28:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:28:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/03/28 07:08:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/28 07:06:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/28 07:05:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/28 06:55:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/28 06:55:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/28 06:55:45 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/28 06:55:37 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/28 06:55:25 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/02/16 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 02:37:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 02:35:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 02:34:10 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/15 02:30:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/06 09:31:01 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 21:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 10:10:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 21:55:06 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/09 19:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/19 20:18:26 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/08/11 06:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 00:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/05 19:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 19:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 11:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 11:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 10:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/11 12:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 12:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/07 11:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 11:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 11:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 11:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 11:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 11:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/31 17:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/16 07:42:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/08 14:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 14:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/10/19 20:18:14 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/09 09:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/05/25 09:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011/05/07 16:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/12 02:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/16 04:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/29 01:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2549263
IE - HKLM\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff8e29a0d1
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...n=&geo=GB&ver=2
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{B348C7CB-EF28-4E83-811C-699C457EACF6}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...TSEA_en-GBIM350
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Expat Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html"
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1.110
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:5.0.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.20110419
FF - prefs.js..keyword.URL: "http://search.newtab...ng.com/?t=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/05/08 22:46:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 08:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 21:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 18:21:10 | 000,000,000 | ---D | M]

[2011/09/21 23:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/02/14 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/06 00:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions
[2012/04/26 23:02:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/06 06:34:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/14 10:04:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/22 02:56:26 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012/04/25 18:48:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2012/02/22 16:29:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/07/12 10:36:57 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/12/13 08:23:18 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/02/18 19:55:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/12/17 12:08:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\[email protected]
[2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2011/12/11 18:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/04 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/13 20:26:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
[2012/05/04 21:55:07 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:23:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/13 18:23:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_61.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/11/08 19:03:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Shizue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CA9404-3A99-4938-A08C-4ADC25D6AD62}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 23:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 23:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 22:49:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:33:29 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 20:04:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/08 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 20:04:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 20:04:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/08 20:04:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 19:57:38 | 004,487,855 | R--- | C] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:32:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/03 20:36:19 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/03 20:35:49 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/03 20:35:49 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/16 10:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/12 23:37:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/12 23:37:35 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/12 23:37:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/12 23:37:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/12 23:37:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/12 23:37:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/12 23:35:08 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/12 23:35:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/10 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2012/04/10 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
[2012/04/10 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\eMule
[2012/04/10 21:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\eMule

========== Files - Modified Within 30 Days ==========

[2012/05/08 23:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 23:01:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 23:00:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:51:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/08 22:51:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/08 22:46:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/08 22:44:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 22:44:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 22:44:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 22:39:43 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 22:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/08 20:02:45 | 004,487,855 | R--- | M] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:54:51 | 000,000,512 | ---- | M] () -- C:\Users\Keith\Desktop\MBR.dat
[2012/05/08 19:42:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/07 21:49:22 | 000,639,153 | ---- | M] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/05/07 19:44:46 | 000,212,992 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/07 16:56:59 | 000,002,305 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/06 21:09:48 | 000,017,920 | ---- | M] () -- C:\Users\Keith\Documents\door152are027.wps
[2012/05/06 21:09:48 | 000,006,202 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2012/05/06 10:10:27 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/06 10:10:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/06 09:26:27 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/03 20:35:27 | 000,227,784 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/03 20:35:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/03 20:35:27 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/03 20:35:26 | 000,772,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/05/03 20:35:26 | 000,687,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/05/02 21:51:42 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/01 13:51:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 10:18:04 | 000,000,470 | ---- | M] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/26 23:11:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/12 18:29:47 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/12 11:54:49 | 000,390,416 | ---- | M] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:57 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\eMule.lnk

========== Files Created - No Company Name ==========

[2012/05/08 23:01:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 20:04:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 20:04:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/08 19:54:50 | 000,000,512 | ---- | C] () -- C:\Users\Keith\Desktop\MBR.dat
[2012/05/07 21:49:21 | 000,639,153 | ---- | C] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/04/29 10:18:04 | 000,000,470 | ---- | C] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/12 11:54:48 | 000,390,416 | ---- | C] () -- C:\Users\Keith\Wedding.jpg
[2012/04/10 21:40:15 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\eMule.lnk
[2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 17:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 17:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 17:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 17:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/11/01 21:50:19 | 000,001,356 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2011/10/30 19:14:01 | 000,212,992 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 21:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat
[2011/07/09 11:30:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/09 11:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/27 06:43:34 | 000,006,202 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2004/06/12 07:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %SYSTEMDRIVE%\*.exe >
[2004/06/12 07:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/12/11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\.minecraft
[2011/11/12 20:21:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Adobe
[2010/03/15 10:12:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AnvSoft
[2010/03/15 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Any Video Converter
[2011/11/12 10:19:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Apple Computer
[2011/10/22 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Babylon
[2012/05/08 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent
[2011/10/31 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CheckPoint
[2010/06/08 06:10:05 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\DivX
[2012/02/15 18:24:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\dvdcss
[2009/10/23 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Google
[2009/10/21 07:50:47 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Identities
[2009/10/21 07:48:40 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\InstallShield
[2009/12/04 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Juniper Networks
[2009/10/21 08:02:37 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Macromedia
[2011/11/09 17:35:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2006/11/02 22:37:34 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Media Center Programs
[2010/02/22 07:02:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microgaming
[2012/01/27 10:08:29 | 000,000,000 | --SD | M] -- C:\Users\Keith\AppData\Roaming\Microsoft
[2009/10/24 07:02:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microsoft Web Folders
[2009/10/23 07:28:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Mozilla
[2009/10/24 07:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\myphotobook
[2010/10/02 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NCH Swift Sound
[2011/04/18 04:16:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Registry Mechanic
[2012/02/20 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Samsung
[2012/05/08 23:16:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Skype
[2011/08/12 07:36:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\skypePM
[2009/10/26 07:27:51 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sony Corporation
[2010/12/30 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sports Interactive
[2011/01/27 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Template
[2010/11/22 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\tidysongs16
[2009/10/23 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Toshiba
[2010/01/27 05:35:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Trusteer
[2012/01/22 23:47:45 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\vlc
[2011/01/03 04:37:37 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 16:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 16:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 12:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 12:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 19:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 16:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 16:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 13:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 12:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 12:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 12:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 16:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 12:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/04 21:55:02 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/28 12:07:02 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/07/28 18:17:42 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/07/28 18:17:43 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/03/08 15:30:50 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\My Documents] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\NetHood] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\PrintHood] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Recent] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\SendTo] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Start Menu] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Templates] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras logfile created on: 08/05/2012 23:28:19 - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.78% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 14.53 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.46 Gb Free Space | 87.26% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\Windows\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0275FE-AF0D-41CF-9455-24ED56F07BB3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{17BC5A3B-BB11-4138-B9B0-4B0DD9F77B43}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24D927DE-D96F-4DD1-84E5-9D92F581389E}" = rport=445 | protocol=6 | dir=out | app=system |
"{3D8C777C-0A90-4B02-BB79-E8B2E659E324}" = rport=139 | protocol=6 | dir=out | app=system |
"{42CED5A8-2596-451A-8921-B8E941C132E0}" = lport=1900 | protocol=17 | dir=in | name=upnp udp 1900 |
"{49555D1D-A4C9-4D18-AF62-6C36D088D464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A9354C1-8D6A-49C0-B1A8-DE8F0BB733D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B25488C-F699-4005-ADBA-3FD4BD07138D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60230238-F7FF-4A93-932F-6FCE2BB55E68}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6B60B066-CBA0-435D-AA9D-53B2D71F1258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6BD92F73-1F1F-4611-8A58-99AA929DAD6B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7DEFAF08-AA40-4254-8EAB-F98448045AA5}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp 2869 |
"{855FB584-3B3E-4384-963B-701CA0495132}" = lport=138 | protocol=17 | dir=in | app=system |
"{89934DA8-577D-437B-BA0F-332F02688CEB}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC3A15AC-0AED-40EB-92D2-E13A1619CB6C}" = lport=139 | protocol=6 | dir=in | app=system |
"{C057E40B-6931-4F82-A30B-EEA2DD8BC0F0}" = rport=137 | protocol=17 | dir=out | app=system |
"{DB7F725A-3444-46B2-B36D-101CCE1AE2FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFEA0B12-6FB8-4289-B42E-F5CD5C48FCFC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E7F7C9EF-B6ED-4645-89F3-423EFD1B107F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEC2743C-5539-4849-8EDB-0F76A9B7A531}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BE11A1-71FC-4F31-9659-9F32DF80320E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DF6250D-9B8B-4DD1-9FCC-29DF9EACE02D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2733CFCA-AB31-4FC9-9801-A8080F11AB74}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{2A403F89-9D93-45E3-BE96-7006D7B49914}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33FE35DD-D718-40CA-BCCD-C98DC0B1E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38556406-F2A0-4B78-A3E6-2196E89E97E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C4219B4-505A-4473-B000-6DD113F58FCF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C9FD751-8A81-4DBE-92FE-3C79A38FA2BA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42AD8A68-FB5D-45ED-A73A-C361AAA3A789}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{499E737E-F68F-4E9D-BD73-084E01C9C4A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA14E28-5F0F-42A0-9D6F-797687E4C8E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{577EFF8E-A686-4AE8-BAF5-5C2AB8707573}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A53D24C-3447-423E-B050-F3CB175B00C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{68E64EE7-77C8-4419-A102-3F5F81AE3DA0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6BE6A31A-134D-4AF2-8F02-1C27E75685E0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{70467339-0870-4434-9C00-01A69BA18639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{74916EC6-EF77-4212-BEA9-6B34D62FD35D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{773848A1-7DC1-4897-B044-00A6CDC4EC07}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77DEF579-719C-4E42-BCF0-C93CC431CD2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7872EE16-96D1-49B5-9670-27DE8BA361BB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B28DE76-E481-453A-BBC3-89A31D08D19B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D4CA57D-7284-465A-A54E-69F7DB2F93CF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{821F8045-7BF1-4DBB-97BE-3F96FB913312}" = protocol=1 | dir=in | [email protected],-28543 |
"{920023F9-C957-4384-8B19-7960FBE8C504}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9EFF85AC-236E-48A7-B045-1716ACAA1460}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0BEC03B-B664-41E7-AC63-EDFEF1AA29D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC003A86-3402-470E-BC2A-EE9DBAB2CB13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4E74102-8616-4AB2-AA4C-B4E3AE301844}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5EBA6DF-95A8-4506-8892-9CCEEEED9024}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B86E826A-770B-483A-B350-E3F9420D6ED4}" = protocol=1 | dir=out | [email protected],-28544 |
"{B92C1A59-6283-49B3-A09D-EFBA1014EE4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BB5D32F3-C9B9-4345-84EC-6BBD11848669}" = protocol=58 | dir=out | [email protected],-28546 |
"{DC5274CB-834D-4610-8D2C-4143F950FF26}" = protocol=58 | dir=in | [email protected],-28545 |
"{E113E219-32CF-4D14-B153-FF96BEB6FED0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E87FD836-F093-4988-8EDB-95AAD8AB39B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE66A5DE-5F33-45AD-A7B6-CB3D5742864F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F406D331-9324-4746-8646-F1EB13F0D38B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0D4FA0B3-634D-45B6-BA44-37CAE526BC18}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{1C16574E-CB29-46BD-862D-E7C15E4CFE2F}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{2E74E286-F0AC-4E57-A044-58342C6EC93A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7D40DF19-7A50-4FC4-B7B0-AE019BE29731}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8D765AEC-3CFD-44B4-AAF7-6554ECCE6390}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{9EAECA8E-D431-49A2-B016-30EBCA88071F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B611A5C0-7C1E-4038-8A31-C91401ACD0E0}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{CD4941F3-86C6-4A03-ABD3-388247BA0A19}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D63FEEDA-5A47-4998-8658-04037C2555A2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{D7B9AD2E-AC67-4D56-9B89-4D5764B2FF65}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E7DBD35E-6167-491D-8DC7-F37BBD2CFE54}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1DADD5DF-BBA1-4CB1-BDB1-A442DEFAF68D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DB06FCE-FFB3-4916-A0FD-3944665C048F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1DD5EFFD-E925-478F-8535-5558CAF2DE6D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{36301B33-66E7-43F3-A3D5-9414C4D8BEC9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{419E05AA-34F3-4FC4-9535-A5A50E327115}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{4A6A089B-218D-46AF-AB78-C0BB51C322B6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4C844CE5-D1A6-4EFE-8DB7-72DC4BC5F76B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{645C4EA7-8714-4204-BF94-AECA55A179AF}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{6867C6DD-0185-49F2-A4C3-1C5929426EB1}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C5A71203-76FE-4C69-81D0-02F257EB8A3B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{D9D8EA91-2EF6-4400-B7F4-AF511C781057}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{528145C0-462A-11E1-B8B4-B8AC6F97B88E}" = Google Earth
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741F98CD-A082-47C1-84CA-2D9B30204B7D}" = ZoneAlarm Security
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77287C02-9B72-4EA1-B3C3-D6AEAB36C381}" = ZoneAlarm Firewall
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = [email protected] 1.9.5
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E7271ABF-69D3-4E9D-AA0A-2DE34C10A93D}" = TOSHIBA Manuals
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.5
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Juniper Network Connect 6.4.0" = Juniper Networks Network Connect 6.4.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"myphotobook" = myphotobook 3.6
"NST" = Norton Safe Web Lite
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Rapport_msi" = Rapport
"Recuva" = Recuva
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/09/2011 17:46:34 | Computer Name = Keith-PC | Source = EventSystem | ID = 4621
Description =

Error - 06/09/2011 19:49:27 | Computer Name = Keith-PC | Source = EventSystem | ID = 4622
Description =

Error - 06/09/2011 19:58:34 | Computer Name = Keith-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/09/2011 20:27:07 | Computer Name = Keith-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module xaddon.dll_unloaded, version 0.0.0.0, time stamp 0x4beb49cf,
exception code 0xc0000005, fault offset 0x6d65209b, process id 0x17f0, application
start time 0x01cc70197abcf940.

Error - 11/09/2011 05:10:38 | Computer Name = Keith-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f08 Start Time: 01cc700f5b398b60 Termination Time: 0

Error - 11/09/2011 05:13:14 | Computer Name = Keith-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 6.0.2.4262 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 27a8 Start Time: 01cc7062ef94bcf0 Termination Time: 37

Error - 11/09/2011 15:40:52 | Computer Name = Keith-PC | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.4, time stamp 0x4bed9a14,
faulting module jaucheck.exe, version 2.0.2.4, time stamp 0x4bed9a14, exception
code 0xc0000005, fault offset 0x0000c940, process id 0x17fc, application start time
0x01cc70bab5fd0df0.

Error - 12/09/2011 09:31:23 | Computer Name = Keith-PC | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect
security settings in either the writer or requestor process. Operation: Gathering
Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer Writer Instance ID: {d6b2c547-d950-4237-8a2f-bee5b77b2436}

Error - 12/09/2011 09:42:15 | Computer Name = Keith-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/09/2011 09:43:43 | Computer Name = Keith-PC | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect
security settings in either the writer or requestor process. Operation: Gathering
Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer Writer Instance ID: {ef5734ff-8e73-4ba1-b309-5b897044c9e7}

[ System Events ]
Error - 08/05/2012 01:34:47 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 08/05/2012 01:35:18 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 08/05/2012 01:35:18 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08/05/2012 02:05:44 | Computer Name = Keith-PC | Source = DCOM | ID = 10010
Description =

Error - 08/05/2012 06:09:06 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 08/05/2012 06:19:05 | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 08/05/2012 08:25:14 | Computer Name = Keith-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 22:24:13 on 08/05/2012 was unexpected.

Error - 08/05/2012 08:25:36 | Computer Name = Keith-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 08/05/2012 08:43:17 | Computer Name = Keith-PC | Source = DCOM | ID = 10010
Description =

Error - 08/05/2012 08:44:41 | Computer Name = Keith-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =


< End of report >

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 00:42:35

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 14:17:14
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-ResourcePublication
Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 14:16:03
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/05/2012 14:16:01
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/05/2012 00:43:20

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/05/2012 14:15:52
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2527531028-2931705147-162191117-1000_Classes:
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000_CLASSES


Log: 'Application' Date/Time: 08/05/2012 14:15:51
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 10 user registry handles leaked from \Registry\User\S-1-5-21-2527531028-2931705147-162191117-1000:
Process 2032 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2032 (\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\ISWSVC.exe) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\CheckPoint\ISW\Stats
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc68f-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc690-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Control Panel\International
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{d53fc691-bdbe-11de-8510-806e6f6e6963}
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 5008 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2527531028-2931705147-162191117-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{c43944ce-bdbf-11de-953f-806e6f6e6963}
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Uninstall
Java™ 6 Update 29
Java™ 6 Update 6
BitTorrentBar Toolbar
BitTorrent
eMule
Norton Safe Web Lite
ZoneAlarm Toolbar
ZoneAlarm Security




Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2549263
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ff8e29a0d1
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/we...n=&geo=GB&ver=2
IE - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\SearchScopes\{B348C7CB-EF28-4E83-811C-699C457EACF6}: "URL" = http://search.condui...&ctid=CT2645238
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2549263&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.1.110
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.newtabking.com/?t=1&q="
[2012/04/25 18:48:28 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/12/13 08:23:18 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2527531028-2931705147-162191117-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZon2.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__avast! sandbox\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


Run OTL again (right click and Run As Admin) and then click on Quickscan and save and post the log.

I don't really see any real malware. A lot of ad-ware foisted on you by Zone Alarm & BitTorrent plus I think you allowed ZA's anti-virus which conflicts with Avast. Some Zone Alarm Firewall driver is missing. Probably needs to be uninstalled and reinstalled. It's also causing a registry leak. I prefer Online Armor. http://www.online-armor.com/ Simpler to use and less foist ware.

Too many tool bars and some old java consoles. I removed the ones I don't think you need. The others I don't know enough about but consider pruning them down to the bare minimum.

You can improve the Firefox startup time with Speedy Fox:
Download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit. This can be run any time Firefox is slow starting (usually after a new update or add-on).

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Now try Combofix again.

Is the PC running any better now?

We can check some other stuff:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Uninstall Speccy when done.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#5
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron, Thanks for the help. Ive followed all the steps and have pasted the logs below. Generally things seem to be running much better. For some reason my built in mic isnt working. I tried 'pruning' some of the programs I never use, I wonder if I deleted something to do with the mic? Not sure of that's possible. The only thing I deleted that I didnt really know was some Realtek thing. I left lots that I wasnt sure about! Any ideas on this? I also tried running speccy but it just seemed to run forever. Does it usually take a long time to run? Shall I re-run it?

OTL logfile created on: 09/05/2012 20:14:52 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 54.73% Memory free
5.95 Gb Paging File | 4.77 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 18.02 Gb Free Space | 15.49% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.46 Gb Free Space | 87.26% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
PRC - [2012/05/04 21:55:07 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/03/07 11:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/09/26 23:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 19:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 09:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 09:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2008/04/08 23:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 01:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/08 22:29:40 | 000,115,137 | ---- | M] () -- C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/05/04 21:55:05 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/13 09:52:23 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1671f615c43f023007af09562cf24be2\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/12 23:36:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll
MOD - [2012/04/12 23:35:00 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
MOD - [2012/04/12 23:34:42 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:34:40 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
MOD - [2012/04/12 23:34:25 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
MOD - [2012/04/12 23:34:22 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
MOD - [2012/04/12 23:28:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012/04/12 23:28:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012/03/28 07:08:35 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/03/28 07:06:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
MOD - [2012/03/28 07:05:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/03/28 06:55:57 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
MOD - [2012/03/28 06:55:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/03/28 06:55:45 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/03/28 06:55:37 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/03/28 06:55:25 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/02/16 02:37:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 02:37:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/16 02:35:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/16 02:34:10 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/15 02:30:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 21:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 10:10:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/04 21:55:06 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/11 12:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 00:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/05 19:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 19:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 11:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 11:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 10:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/24 01:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/11 12:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/03/11 12:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/03/07 11:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 11:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 11:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 11:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 11:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 11:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/01/31 17:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/16 07:42:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/12/08 14:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 14:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/05/25 09:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/12 02:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/16 04:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/29 01:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 18:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKLM\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKCU\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...TSEA_en-GBIM350
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Expat Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/04 21:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 18:21:10 | 000,000,000 | ---D | M]

[2011/09/21 23:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/02/14 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/09 19:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions
[2012/04/26 23:02:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/06 06:34:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/14 10:04:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/22 02:56:26 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012/02/22 16:29:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011/07/12 10:36:57 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/05/09 19:14:52 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/02/18 19:55:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/12/17 12:08:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\[email protected]
[2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2011/12/11 18:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/04 21:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/13 20:26:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
[2012/05/04 21:55:07 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:23:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/03/13 18:23:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_61.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2011/11/08 19:03:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14}: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CA9404-3A99-4938-A08C-4ADC25D6AD62}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Logs
[2012/05/09 19:11:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 23:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 22:49:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:33:29 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 20:04:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/08 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 20:04:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 20:04:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/08 20:04:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 19:57:38 | 004,487,855 | R--- | C] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:32:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/06 21:33:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2012/04/16 10:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/04/10 21:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule

========== Files - Modified Within 30 Days ==========

[2012/05/09 20:08:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/09 19:53:22 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 19:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/09 19:31:51 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/09 19:31:51 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/09 19:24:19 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 19:24:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 19:24:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 00:24:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\Keith\Desktop\VEW.exe
[2012/05/08 23:01:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 23:00:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:39:43 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 20:02:45 | 004,487,855 | R--- | M] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:42:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/07 21:49:22 | 000,639,153 | ---- | M] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/05/07 19:44:46 | 000,212,992 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/07 16:56:59 | 000,002,305 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2012/05/06 21:09:48 | 000,017,920 | ---- | M] () -- C:\Users\Keith\Documents\door152are027.wps
[2012/05/06 21:09:48 | 000,006,202 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2012/05/06 09:26:27 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/02 21:51:42 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/01 13:51:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 10:18:04 | 000,000,470 | ---- | M] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/26 23:11:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/04/12 18:29:47 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012/04/12 11:54:49 | 000,390,416 | ---- | M] () -- C:\Users\Keith\Wedding.jpg

========== Files Created - No Company Name ==========

[2012/05/09 00:24:24 | 000,061,440 | ---- | C] ( ) -- C:\Users\Keith\Desktop\VEW.exe
[2012/05/08 23:01:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 20:04:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 20:04:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/07 21:49:21 | 000,639,153 | ---- | C] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/04/29 10:18:04 | 000,000,470 | ---- | C] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/12 11:54:48 | 000,390,416 | ---- | C] () -- C:\Users\Keith\Wedding.jpg
[2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 17:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 17:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 17:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 17:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/11/01 21:50:19 | 000,001,356 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2011/10/30 19:14:01 | 000,212,992 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 21:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat
[2011/07/09 11:30:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/09 11:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/27 06:43:34 | 000,006,202 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/12/11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\.minecraft
[2010/03/15 10:12:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AnvSoft
[2010/03/15 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Any Video Converter
[2011/10/22 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Babylon
[2012/05/09 19:01:32 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent
[2011/10/31 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CheckPoint
[2009/12/04 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Juniper Networks
[2010/02/22 07:02:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microgaming
[2009/10/24 07:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\myphotobook
[2010/10/02 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NCH Swift Sound
[2011/04/18 04:16:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Registry Mechanic
[2012/02/20 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Samsung
[2010/12/30 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sports Interactive
[2011/01/27 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Template
[2010/11/22 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\tidysongs16
[2009/10/23 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Toshiba
[2010/01/27 05:35:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Trusteer
[2012/05/09 19:04:37 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

ComboFix 12-05-08.02 - Keith 09/05/2012 21:31:43.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1568 [GMT 10:00]
Running from: C:\Users\Keith\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll

---- Previous Run -------

C:\ProgramData\9fdaafefbd78450da11c6c5c939913f8_c
C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
C:\Windows\system32\muzapp.exe


((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))


2012-05-09 11:48:08 . 2012-05-09 11:48:08 -------- d-----w- C:\Users\Shizue\AppData\Local\temp
2012-05-09 11:48:08 . 2012-05-09 11:48:08 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-05-09 11:48:08 . 2012-05-09 11:48:08 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-05-09 11:04:14 . 2012-05-09 11:04:26 -------- d-----w- C:\Users\Keith\AppData\Roaming\OnlineArmor
2012-05-09 11:04:14 . 2012-05-09 11:04:14 -------- d-----w- C:\ProgramData\OnlineArmor
2012-05-09 11:02:50 . 2012-02-10 04:33:38 42152 ----a-w- C:\Windows\system32\drivers\oahlp32.sys
2012-05-09 11:02:49 . 2012-02-10 04:33:14 29312 ----a-w- C:\Windows\system32\drivers\OAnet.sys
2012-05-09 11:02:49 . 2012-02-10 04:33:14 25192 ----a-w- C:\Windows\system32\drivers\OAmon.sys
2012-05-09 11:02:49 . 2012-02-10 04:33:12 205864 ----a-w- C:\Windows\system32\drivers\OADriver.sys
2012-05-09 11:02:45 . 2012-05-09 11:16:16 -------- d-----w- C:\Program Files\Online Armor
2012-05-09 10:58:45 . 2012-05-09 10:58:45 -------- d-----w- C:\Program Files\DriverTuner
2012-05-09 10:47:56 . 2012-05-09 10:47:56 -------- d-----w- C:\Users\Keith\AppData\Roaming\CrystalIdea Software
2012-05-09 10:34:00 . 2012-05-09 10:34:00 -------- d-----w- C:\Users\Keith\AppData\Local\Seven Zip
2012-05-09 09:11:54 . 2012-05-09 09:11:54 -------- d-----w- C:\_OTL
2012-05-08 15:42:16 . 2012-04-13 07:36:43 6734704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CB7869A-EAD4-4350-B386-0CDA6042B8EF}\mpengine.dll
2012-05-08 13:01:25 . 2012-05-08 13:01:29 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-05-08 13:01:25 . 2012-04-04 05:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-28 11:38:11 . 2012-04-28 11:38:11 770384 ----a-w- C:\Program Files\Mozilla Firefox\msvcr100.dll
2012-04-28 11:38:11 . 2012-04-28 11:38:11 421200 ----a-w- C:\Program Files\Mozilla Firefox\msvcp100.dll
2012-04-16 00:10:46 . 2012-04-16 08:14:57 -------- d-----w- C:\Windows\system32\Adobe
2012-04-12 13:35:26 . 2012-02-29 15:11:45 5120 ----a-w- C:\Windows\system32\wmi.dll
2012-04-12 13:35:26 . 2012-02-29 15:11:42 172032 ----a-w- C:\Windows\system32\wintrust.dll
2012-04-12 13:35:25 . 2012-02-29 15:09:53 157696 ----a-w- C:\Windows\system32\imagehlp.dll
2012-04-12 13:35:25 . 2012-02-29 13:32:37 12800 ----a-w- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 13:35:08 . 2012-03-06 06:39:00 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2012-04-12 13:35:08 . 2012-03-06 06:39:00 3550080 ----a-w- C:\Windows\system32\ntoskrnl.exe
2012-04-12 03:13:56 . 2012-03-01 11:01:50 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-10 11:41:02 . 2012-05-09 09:01:56 -------- d-----w- C:\ProgramData\eMule
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-05-09 10:41:45 . 2009-10-20 21:28:58 319456 ----a-w- C:\Windows\DIFxAPI.dll
2012-05-06 00:10:27 . 2011-11-12 10:16:28 419488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-05-06 00:10:27 . 2011-05-18 21:35:56 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 10:35:26 . 2011-12-17 02:07:00 772552 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-05-03 10:35:26 . 2010-05-24 20:35:57 687560 ----a-w- C:\Windows\system32\deployJava1.dll
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\system32\GPhotos.scr
2012-03-11 02:48:50 . 2012-03-11 02:48:50 56208 ----a-w- C:\Windows\system32\drivers\RapportKELL.sys
2012-03-07 01:15:19 . 2011-11-15 10:42:12 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-07 01:15:14 . 2011-11-15 10:42:12 201352 ----a-w- C:\Windows\system32\aswBoot.exe
2012-03-07 01:03:51 . 2011-11-15 10:42:39 612184 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2012-03-07 01:03:38 . 2011-11-15 10:42:40 337880 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2012-03-07 01:02:00 . 2011-11-15 10:42:39 35672 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2012-03-07 01:01:53 . 2011-11-15 10:42:39 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2012-03-07 01:01:48 . 2011-11-15 10:42:35 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-07 01:01:30 . 2011-11-15 10:42:40 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-23 00:18:36 . 2011-10-22 10:14:40 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-02-14 15:45:30 . 2012-03-14 06:03:42 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-02-14 15:45:30 . 2012-03-14 06:03:41 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-02-13 14:12:08 . 2012-03-14 06:03:41 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-02-13 13:47:57 . 2012-03-14 06:03:41 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-02-13 13:44:40 . 2012-03-14 06:03:42 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-05-04 11:55:07 . 2011-10-31 11:49:51 85432 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll
2010-07-05 23:31:01 . 2009-11-15 20:32:11 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 01:15:06 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 12:03:12 430080]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2012-03-26 07:34:22 306688]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2012-04-05 01:41:28 17356424]
"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe" [2012-02-03 06:50:16 943504]
"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-02-20 10:07:13 21416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 16:12:44 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-05 23:31:01 30192]
"Google EULA Launcher"="c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 11:40:28 20480]
"Toshiba TEMPO"="C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 09:22:10 103824]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-25 13:06:10 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-25 13:05:50 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-25 13:06:02 145944]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 15:27:52 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-10-31 21:01:12 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 09:06:14 509816]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 10:49:30 716800]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 02:07:52 574864]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 13:22:44 417792]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 10:28:32 59240]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2011-10-24 03:28:52 421888]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-07 01:15:17 4241512]
"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe" [2012-02-03 06:50:18 3508624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-03-06 08:05:34 421736]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 05:56:38 462408]
"@OnlineArmor GUI"="C:\Program Files\Online Armor\oaui.exe" [2012-02-10 04:33:00 2645440]

C:\Users\Shizue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "C:\PROGRA~1\ONLINE~1\oaevent.dll" [2012-02-10 04:33:00 359352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 00:10:28 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2012-05-09 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-12 10:16:28 . 2012-05-06 00:10:28]

2012-05-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 18:33:40 . 2009-12-24 18:33:29]

2012-05-09 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 18:33:40 . 2009-12-24 18:33:29]


------- Supplementary Scan -------

uStart Page =
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 61.9.194.49 61.9.195.193
FF - ProfilePath - C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html

- - - - ORPHANS REMOVED - - - -

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre7\bin\jusched.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-01_Simmental - C:\Program Files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - C:\Program Files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - C:\Program Files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - C:\Program Files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - C:\Program Files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - C:\Program Files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - C:\Program Files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - C:\Program Files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - C:\Program Files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - C:\Program Files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - C:\Program Files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - C:\Program Files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - C:\Program Files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - C:\Program Files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - C:\Program Files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - C:\Program Files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - C:\Program Files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - C:\Program Files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - C:\Program Files\Samsung\USB Drivers\25_escape\Uninstall.exe


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 86.25 0 K 24 K
SearchProtocolHost.exe 3432 3.06 12,044 K 16,788 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 5344 3.06 21,796 K 30,624 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
KiesPDLR.exe 3292 2.29 31,540 K 24,252 K KiesPDLR (Unable to verify)
SynTPEnh.exe 2656 1.53 3,176 K 6,404 K Synaptics TouchPad Enhancements Synaptics, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
Speccy.exe 5920 1.53 18,192 K 27,964 K Speccy Piriform Ltd (Verified) Piriform Ltd
SearchIndexer.exe 2616 0.76 53,256 K 55,992 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 0.76 0 K 0 K Hardware Interrupts and DPCs
igfxsrvc.exe 2412 0.76 2,384 K 5,740 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
plugin-container.exe 3252 < 0.01 26,936 K 29,740 K Plugin Container for Firefox Mozilla Corporation (Verified) Mozilla Corporation
SearchFilterHost.exe 4788 < 0.01 3,380 K 6,088 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
System 4 < 0.01 0 K 24,676 K
firefox.exe 608 < 0.01 174,156 K 195,904 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
GoogleDesktop.exe 3312 < 0.01 21,200 K 10,852 K Google Desktop Google (Verified) Google Inc
RapportMgmtService.exe 1084 < 0.01 14,604 K 12,520 K RapportMgmtService Trusteer Ltd. (Verified) Trusteer
csrss.exe 696 < 0.01 14,852 K 13,752 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 4892 < 0.01 35,756 K 48,848 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 740 < 0.01 3,420 K 1,596 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 936 < 0.01 3,216 K 6,096 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
NDSTray.exe 3388 < 0.01 13,952 K 6,040 K ConfigFree™ Task tray menu TOSHIBA CORPORATION (Unable to verify) TOSHIBA CORPORATION
svchost.exe 1040 < 0.01 4,192 K 6,460 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 640 < 0.01 1,824 K 10,176 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4120 < 0.01 4,812 K 9,064 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
hkcmd.exe 1156 < 0.01 1,872 K 4,364 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
wlanext.exe 1784 < 0.01 2,464 K 4,992 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1628 < 0.01 16,220 K 12,376 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Skype.exe 3888 < 0.01 82,036 K 85,812 K Skype Skype Technologies S.A. (Verified) Skype Technologies SA
iPodService.exe 4800 < 0.01 3,512 K 6,056 K iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
AvastSvc.exe 1956 < 0.01 28,792 K 8,140 K avast! Service AVAST Software (Verified) AVAST Software
lsm.exe 756 < 0.01 2,160 K 3,860 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1368 < 0.01 4,064 K 6,676 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
taskeng.exe 2640 < 0.01 9,708 K 10,640 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 2772 < 0.01 7,300 K 8,708 K avast! Antivirus AVAST Software (Verified) AVAST Software
traybar.exe 3520 < 0.01 3,080 K 5,972 K traybar Chicony (Unable to verify) Chicony
TempoSVC.exe 2252 < 0.01 20,128 K 19,772 K Toshiba TEMPRO Toshiba Europe GmbH (Verified) Toshiba Europe GmbH
svchost.exe 1264 < 0.01 86,744 K 88,408 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 1196 < 0.01 5,064 K 7,412 K iTunesHelper Apple Inc. (Verified) Apple Inc.
TNaviSrv.exe 2344 < 0.01 1,216 K 2,976 K TOSHIBA Navi Support Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
svchost.exe 1276 < 0.01 62,028 K 66,784 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe 2368 < 0.01 2,420 K 3,416 K TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
spoolsv.exe 124 < 0.01 6,288 K 9,432 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WPFFontCache_v0400.exe 4668 2,092 K 5,540 K wpffontcache_v0400.exe Microsoft Corporation (Verified) Microsoft Corporation
wmpnscfg.exe 4012 2,056 K 4,696 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5700 3,016 K 5,476 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 6016 6,516 K 10,628 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 832 2,316 K 5,024 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 684 1,604 K 3,676 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UpdateChecker.exe 3408 18,916 K 16,052 K FileHippo.com Update Checker FileHippo.com (Unable to verify) FileHippo.com
TPwrMain.exe 1144 4,296 K 4,484 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosIPCSrv.exe 2528 2,200 K 2,908 K TosIPCSrv.exe TOSHIBA Corporation (Unable to verify) TOSHIBA Corporation
TosCoSrv.exe 2396 2,064 K 3,220 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TOSCDSPD.exe 4084 1,636 K 3,264 K CD/DVD Drive Acoustic Silencer TOSHIBA (Unable to verify) TOSHIBA
TCrdMain.exe 1872 6,588 K 7,876 K TOSHIBA Flash Cards TOSHIBA Corporation (Unable to verify) TOSHIBA Corporation
taskeng.exe 2944 2,280 K 5,752 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1452 8,572 K 12,328 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1408 2,196 K 4,676 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1236 18,100 K 12,744 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 352 16,684 K 19,336 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2076 2,592 K 5,172 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2216 4,512 K 5,560 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2556 816 K 2,356 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4296 1,772 K 18,492 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 552 288 K 732 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmoothView.exe 1176 1,084 K 2,624 K SmoothView TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
SmartFaceVWatchSrv.exe 3644 8,124 K 6,064 K Service for SmartFaceV Toshiba (Unable to verify) Toshiba
SLsvc.exe 1428 6,124 K 4,468 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe 728 3,092 K 7,088 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
PresentationFontCache.exe 996 13,888 K 9,236 K PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Windows
oacat.exe 1776 4,152 K 1,872 K Online Armor Component Emsi Software GmbH (Verified) Emsi Software GmbH
mDNSResponder.exe 1504 2,108 K 4,064 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 3852 3,876 K 7,104 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
KiesTrayAgent.exe 3632 4,588 K 10,256 K Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO., LTD.
igfxtray.exe 3872 1,648 K 4,292 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1152 1,580 K 4,280 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 4060 1,368 K 4,404 K igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
ehtray.exe 2676 1,700 K 1,612 K Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe 4196 1,368 K 4,332 K Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 2780 1,300 K 3,784 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
dsNcService.exe 1876 3,104 K 4,460 K Network Connect Service Juniper Networks (Verified) Juniper Networks, Inc.
ctfmon.exe 2756 936 K 3,592 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows
CFSvcs.exe 1588 2,580 K 1,408 K Service of ConfigFree. TOSHIBA CORPORATION (Unable to verify) TOSHIBA CORPORATION
audiodg.exe 1376 12,364 K 9,740 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 924 2,368 K 3,324 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
agrsmsvc.exe 1136 992 K 2,400 K Agere Soft Modem Call Progress Service Agere Systems (Verified) Microsoft Windows Hardware Compatibility Publisher
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Realtek is usually something to do with audio so that's probably what happened. What make and model PC is this?

Your Trusteer Rapport is broken.

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)

This is something you usually get from your bank. Supposed to help prevent identity theft. You need to uninstall it. Get a fresh copy and reinstall.


Let's try OTL again. Not all of it seems to have worked plus we now have some Zone Alarm remnants to clean up:

Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Keith\AppData\Local\Temp\catchme.sys -- (catchme)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
[2011/06/20 14:19:46 | 000,000,927 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml
[2011/09/20 22:24:03 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.co...-44557-9400-3/4 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config vsdatant7 start= disabled /c
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

Run OTL (right click and Run As Admin), Quickscan again and post that log.
  • 0

#7
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron, Ive followed the steps and the logs are below. The laptop is a Toshiba Satellite. Do you know which driver I should download to recover the microphone?

Cheers Keith

========== OTL ==========
Error: No service named vsdatant7 was found to stop!
Service\Driver key vsdatant7 not found.
File System32\drivers\vsdatant.win7.sys not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
Error: No service named cpuz132 was found to stop!
Service\Driver key cpuz132 not found.
File C:\Users\Keith\AppData\Local\Temp\cpuz132\cpuz132_x32.sys not found.
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
File C:\Users\Keith\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@funwebproducts.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\conduit.xml not found.
File C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\searchplugins\SearchResults.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Keith\Desktop\cmd.bat deleted successfully.
C:\Users\Keith\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Keith\Desktop\cmd.bat deleted successfully.
C:\Users\Keith\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Keith\Desktop\cmd.bat deleted successfully.
C:\Users\Keith\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Keith\Desktop\cmd.bat deleted successfully.
C:\Users\Keith\Desktop\cmd.txt deleted successfully.
< sc config vsdatant7 start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Keith\Desktop\cmd.bat deleted successfully.
C:\Users\Keith\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 0 bytes

User: Public

User: Shizue
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Keith
->Java cache emptied: 903766 bytes

User: Public

User: Shizue
->Java cache emptied: 385060 bytes

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05122012_222552


OTL logfile created on: 12/05/2012 22:56:30 - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Keith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 57.21% Memory free
5.95 Gb Paging File | 4.84 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.29 Gb Total Space | 10.46 Gb Free Space | 8.99% Space Free | Partition Type: NTFS
Drive E: | 115.13 Gb Total Space | 100.12 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/12 21:11:58 | 000,913,848 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/26 17:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/03/07 11:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/10 14:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/02/03 16:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/09/26 23:22:44 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/24 19:06:14 | 000,509,816 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/05/09 20:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2008/04/24 22:03:12 | 000,430,080 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
PRC - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2008/01/18 01:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/12 21:11:56 | 002,044,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/11 03:40:04 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll
MOD - [2012/05/11 03:37:42 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll
MOD - [2012/05/11 03:37:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:37:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 03:35:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 03:35:27 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:35:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll
MOD - [2012/05/11 03:34:16 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 03:34:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/11 03:18:06 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012/05/11 03:15:55 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:13:04 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/11 03:09:53 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
MOD - [2012/05/11 03:09:36 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
MOD - [2012/05/11 03:09:23 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 03:09:22 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
MOD - [2012/05/11 03:05:33 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 03:05:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 03:05:22 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
MOD - [2012/05/11 03:05:11 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
MOD - [2012/05/11 03:05:07 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 03:04:59 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012/05/09 21:53:50 | 000,115,137 | ---- | M] () -- C:\Users\Keith\AppData\Local\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/02/20 20:07:13 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/06 19:14:54 | 005,121,912 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2007/12/25 21:03:40 | 000,015,184 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/12/15 06:40:00 | 000,090,112 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/12/02 02:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 20:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 21:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/12 21:11:57 | 000,113,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/06 10:10:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/07 11:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/10 14:33:00 | 004,369,208 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/02/10 14:32:56 | 000,208,472 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/12 03:10:44 | 000,611,624 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/08/25 18:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/07/19 05:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/24 19:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008/04/17 09:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/17 00:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/02/06 23:12:56 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 01:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/11/22 02:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/12/14 11:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 11:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 10:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/10/05 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/07 11:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 11:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 11:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 11:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 11:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 11:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/10 14:33:38 | 000,042,152 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/02/10 14:33:14 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/02/10 14:33:14 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/02/10 14:33:12 | 000,205,864 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/01/31 17:15:42 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/12/08 14:22:38 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2011/12/08 14:22:38 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2011/05/25 09:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/11 14:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/12 02:57:22 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/19 03:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/16 04:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/29 01:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/11/09 23:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/29 00:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 20:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKLM\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...g}&rlz=1I7TSEA;
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}
IE - HKCU\..\SearchScopes\{BA938C24-EC93-4D84-9FBE-D7A497F9AD8D}: "URL" = http://www.google.co...TSEA_en-GBIM350
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Expat Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/Keith/Documents/Keiths%20Webpage/keith.html"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/13 20:26:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/12 21:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 18:21:10 | 000,000,000 | ---D | M]

[2011/09/21 23:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2010/02/14 10:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/12 21:12:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions
[2012/04/26 23:02:54 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/01/06 06:34:56 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2012/01/14 10:04:44 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/22 02:56:26 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2012/05/10 08:08:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/02/22 16:29:05 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/05/12 21:12:38 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012/05/09 19:14:52 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012/02/18 19:55:15 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/12/17 12:08:04 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\rtu5uoqg.default\extensions\[email protected]
[2011/12/11 18:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/03 20:26:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/12 21:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/04/13 20:26:35 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\KEITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RTU5UOQG.DEFAULT\EXTENSIONS\[email protected]
[2012/05/12 21:11:58 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 18:23:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 18:23:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_61.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Skype Click to Call = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\
CHR - Extension: BitTorrentBar = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.7.1_0\

O1 HOSTS File: ([2012/05/09 21:52:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.194.49 61.9.195.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9CA9404-3A99-4938-A08C-4ADC25D6AD62}: DhcpNameServer = 61.9.194.49 61.9.195.193
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keith\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/12 21:31:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/10 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\ElevatedDiagnostics
[2012/05/10 20:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/05/10 08:08:56 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\CRE
[2012/05/10 08:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrentBar
[2012/05/10 08:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/05/09 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/05/09 22:07:33 | 004,777,280 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Keith\Desktop\procexp.exe
[2012/05/09 22:06:46 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\Keith\Desktop\spsetup116.exe
[2012/05/09 21:56:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/09 21:48:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/09 21:29:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/09 21:04:14 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\OnlineArmor
[2012/05/09 21:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2012/05/09 21:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2012/05/09 21:02:49 | 000,029,312 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAnet.sys
[2012/05/09 21:02:49 | 000,025,192 | ---- | C] (Emsisoft) -- C:\Windows\System32\drivers\OAmon.sys
[2012/05/09 21:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2012/05/09 20:47:56 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\CrystalIdea Software
[2012/05/09 20:46:08 | 000,586,744 | ---- | C] (SpeedyFox) -- C:\Users\Keith\Desktop\speedyfox.exe
[2012/05/09 20:34:00 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Seven Zip
[2012/05/09 20:16:00 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Logs
[2012/05/09 19:11:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 23:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/08 23:01:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/08 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/08 22:49:29 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:33:29 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 20:04:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/08 20:04:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/08 20:04:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/08 20:04:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/08 19:57:38 | 004,487,872 | R--- | C] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/08 19:32:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/06 21:33:39 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2012/04/16 10:10:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

========== Files - Modified Within 30 Days ==========

[2012/05/12 22:52:52 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/12 22:52:52 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/12 22:48:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/12 22:47:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 22:47:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 22:46:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/12 22:38:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/12 22:08:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/12 08:56:10 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/11 03:32:16 | 000,320,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/10 21:44:30 | 000,217,600 | ---- | M] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/10 20:24:03 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/05/10 18:47:03 | 000,006,202 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat
[2012/05/10 08:03:58 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/10 00:08:11 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/09 23:08:21 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/05/09 22:12:29 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\Keith\Desktop\spsetup116.exe
[2012/05/09 22:12:07 | 004,777,280 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Keith\Desktop\procexp.exe
[2012/05/09 21:52:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/09 21:14:22 | 004,487,872 | R--- | M] (Swearware) -- C:\Users\Keith\Desktop\ComboFix.exe
[2012/05/09 20:46:49 | 000,586,744 | ---- | M] (SpeedyFox) -- C:\Users\Keith\Desktop\speedyfox.exe
[2012/05/09 00:24:40 | 000,061,440 | ---- | M] ( ) -- C:\Users\Keith\Desktop\VEW.exe
[2012/05/08 23:01:28 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 23:00:44 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Keith\Desktop\mbam-setup-1.61.0.1400(1).exe
[2012/05/08 22:39:43 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keith\Desktop\tdsskiller.exe
[2012/05/08 19:42:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Keith\Desktop\aswMBR.exe
[2012/05/07 21:49:22 | 000,639,153 | ---- | M] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/05/07 16:56:59 | 000,002,305 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/06 21:35:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Desktop\OTL.exe
[2012/05/06 21:09:48 | 000,017,920 | ---- | M] () -- C:\Users\Keith\Documents\door152are027.wps
[2012/05/01 13:51:10 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/29 10:18:04 | 000,000,470 | ---- | M] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/04/26 23:11:22 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/13 20:27:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/05/10 20:24:03 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/05/10 08:03:58 | 000,000,777 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2012/05/09 22:14:26 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/05/09 21:02:50 | 000,042,152 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2012/05/09 21:02:49 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2012/05/09 00:24:24 | 000,061,440 | ---- | C] ( ) -- C:\Users\Keith\Desktop\VEW.exe
[2012/05/08 23:01:28 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/08 20:04:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/08 20:04:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/08 20:04:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/08 20:04:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/08 20:04:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/07 21:49:21 | 000,639,153 | ---- | C] () -- C:\Users\Keith\Desktop\KU Saddington St South Turramurra.pdf
[2012/04/29 10:18:04 | 000,000,470 | ---- | C] () -- C:\Users\Keith\Desktop\My Movies Two - Shortcut.lnk
[2012/01/31 17:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/01/31 17:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/01/31 17:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/01/31 17:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/01/31 17:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/12/07 17:29:44 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/11/01 21:50:19 | 000,001,356 | ---- | C] () -- C:\Users\Keith\AppData\Local\d3d9caps.dat
[2011/10/30 19:14:01 | 000,217,600 | ---- | C] () -- C:\Users\Keith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 21:46:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/10/29 21:19:57 | 000,000,112 | ---- | C] () -- C:\ProgramData\M3kFJE2b.dat
[2011/07/09 11:30:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/09 11:30:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/27 06:43:34 | 000,006,202 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/12/11 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\.minecraft
[2010/03/15 10:12:11 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\AnvSoft
[2010/03/15 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Any Video Converter
[2011/10/22 16:47:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Babylon
[2012/05/10 22:30:18 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent
[2011/10/31 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CheckPoint
[2012/05/09 20:47:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\CrystalIdea Software
[2009/12/04 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Juniper Networks
[2010/02/22 07:02:16 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Microgaming
[2009/10/24 07:25:17 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\myphotobook
[2010/10/02 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\NCH Swift Sound
[2012/05/09 21:04:26 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\OnlineArmor
[2011/04/18 04:16:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Registry Mechanic
[2012/02/20 20:05:13 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Samsung
[2010/12/30 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Sports Interactive
[2011/01/27 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Template
[2010/11/22 02:34:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\tidysongs16
[2009/10/23 08:18:33 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Toshiba
[2010/01/27 05:35:56 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Trusteer
[2012/05/12 22:44:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP

The laptop is a Toshiba Satellite. Do you know which driver I should download to recover the microphone?


There are a hundred or more different Toshiba Satellite models. I would need the model number which should probably be on the bottom.

Go to:

http://www.csd.toshi...rt/jsp/home.jsp Select your model. Select the Operating System. Look for Audio drivers. IF you can't find it then you might be able to use this file:

http://drivers.softp...river-154.shtml
  • 0

#9
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron, The model is L350-235 but the exact one wasnt on the Toshiba list. I therefore downloaded the zip file from the second link above. Once downloaded I saved the folder to my desktop then clicked on the setup.exe file which started the wizard once I clicked next a message pops up saying, 'No driver was supported in this driver package'. I also found the following: http://uk.computers....iverLanguage=42 I havent done anything with it yet as its downloading now. Should I try execute this? Not sure what to do next? Keith
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
That UK driver should work. Go ahead and try it.
  • 0

Advertisements


#11
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It worked the mic is back on now, cheers. Are the other bits ok? Computer seems to be running better.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Looks pretty good now. I would turn off Windows Search. It is a drag on your resources:

1. Open Start Menu.

2. Launch Control Panel.

3. Double-click on Programs & Features.

4. Now on the left-hand side of the Program & Features window, click on Turn Windows Features on or off.

5. Uncheck the Indexing Service option.

6. Press the ENTER key or click OK.

This will disable SearchIndexer.exe in Microsoft Windows Vista and prevent Microsoft Windows from using enhanced search while searching and thus will help you search faster and your computer will not slow down or hang. This will not disable Microsoft Windows search entirely, but will only disable the options or advanced features which are known to consume a lot of resources.

As far as ,alware is concerned I think you are clean. Wouldn't hurt to run an ESET online scan:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#13
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron Followed the steps, here are the logs:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=120e25c31a49944ca720be9414357170
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 01:38:52
# local_time=2012-05-14 11:38:52 (+1000, AUS Eastern Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 164615 174516841 0 0
# compatibility_mode=6401 16777214 66 100 426819 7304137 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 4 16925340 16925340 0 0
# scanned=213258
# found=4
# cleaned=0
# scan_time=15019
C:\Documents and Settings\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application
C:\Documents and Settings\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
ESET doesn't like these:

C:\Documents and Settings\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application
C:\Documents and Settings\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Keith\Documents\Downloads\jZipV1l.exe a variant of Win32/Toolbar.SearchSuite application
C:\Users\Keith\Downloads\registrybooster.exe Win32/RegistryBooster application

but can't seem to delete them. They are just ad-ware so nothing really evil. Can you delete them? If not we can let OTL do it:


Copy the text in the code box by highlighting and Ctrl + c


:files
C:\Documents and Settings\Keith\Documents\Downloads\jZipV1l.exe 
C:\Documents and Settings\Keith\Downloads\registrybooster.exe 
C:\Users\Keith\Documents\Downloads\jZipV1l.exe 
C:\Users\Keith\Downloads\registrybooster.exe 
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.
  • 0

#15
iomkgs

iomkgs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Ron, Run that so hopefully all gone now. Do I need do anything else?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP