Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Catalyst Control Centre: Host application has stopped working


  • Please log in to reply

#16
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi

OTL Scan:

========== PROCESSES ==========
All processes killed
========== OTL ==========
No active process named syshost.exe was found!
Registry value HKEY_USERS\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bde3323a-cfcb-4c71-9945-9d078e437d16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bde3323a-cfcb-4c71-9945-9d078e437d16}\ not found.
Registry key HKEY_USERS\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Run\\syshost32 deleted successfully.
C:\Users\Jack\AppData\Local\{7158E12F-27A9-7CFB-A22F-B749811A2D0F}\syshost.exe moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e56fe5f9-1e3d-11e0-aa3d-00235aff26ac}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e56fe5f9-1e3d-11e0-aa3d-00235aff26ac}\ not found.
File D:\system\viewer\Viewer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e56fe5f9-1e3d-11e0-aa3d-00235aff26ac}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e56fe5f9-1e3d-11e0-aa3d-00235aff26ac}\ not found.
File D:\system\viewer\Viewer.exe not found.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA%\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.
C:\Users\Jack\AppData\Local\{7158E12F-27A9-7CFB-A22F-B749811A2D0F} folder moved successfully.
C:\Users\Jack\AppData\Local\d3d9caps.tmp deleted successfully.
C:\Users\Jack\AppData\Local\ajcmkpfl.exe moved successfully.
C:\Users\Jack\AppData\Local\60215.exe moved successfully.
C:\Users\Jack\AppData\Local\511558468.dat moved successfully.
C:\Users\Jack\AppData\Local\apphelpb.dat moved successfully.
C:\Users\Jack\AppData\Roaming\download2 folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\Installer\{23730dbc-c21c-19d4-0040-8135d4645f32}\U folder moved successfully.
C:\Windows\Installer\{23730dbc-c21c-19d4-0040-8135d4645f32}\L folder moved successfully.
C:\Windows\Installer\{23730dbc-c21c-19d4-0040-8135d4645f32} folder moved successfully.
C:\Users\Jack\AppData\Local\{23730dbc-c21c-19d4-0040-8135d4645f32}\U folder moved successfully.
C:\Users\Jack\AppData\Local\{23730dbc-c21c-19d4-0040-8135d4645f32}\L folder moved successfully.
C:\Users\Jack\AppData\Local\{23730dbc-c21c-19d4-0040-8135d4645f32} folder moved successfully.
File\Folder C:\Users\Jack\AppData\Local\{7158E12F-27A9-7CFB-A22F-B749811A2D0F} not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Jack
->Flash cache emptied: 2249413 bytes

User: Public

User: Selma
->Flash cache emptied: 897 bytes

User: Uri

Total Flash Files Cleaned = 2.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Jack
->Java cache emptied: 47563194 bytes

User: Public

User: Selma
->Java cache emptied: 25493434 bytes

User: Uri

Total Java Files Cleaned = 70.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.53.0 log created on 07072012_141225

Files\Folders moved on Reboot...
C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysNative\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysNative\%APPDATA%\Microsoft folder moved successfully.
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache not found!
File C:\Windows\SysNative\%APPDATA%\Microsoft\Windows not found!
File C:\Windows\SysNative\%APPDATA%\Microsoft not found!
File C:\Windows\SysNative\%APPDATA% not found!

Registry entries deleted on Reboot...


OTL.Txt:
OTL logfile created on: 07/07/2012 2:21:30 PM - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 54.84% Memory free
5.70 Gb Paging File | 4.34 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.53 Gb Total Space | 129.07 Gb Free Space | 61.31% Space Free | Partition Type: NTFS
Drive E: | 9.72 Gb Total Space | 9.64 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 19:24:55 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Downloads\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/25 23:20:00 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2009/05/13 01:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 21:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/01/14 00:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/09/25 13:46:38 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/24 14:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/22 01:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/04/09 22:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 21:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/22 02:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/03/23 19:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 19:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/09 17:39:52 | 000,564,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/02/16 18:01:48 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2008/04/28 12:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/04/23 16:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{3ED72821-2917-4D3D-A0C2-46EB97ADCF3D}: "URL" = http://www.rockanddi...chTerms}&srch=a
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...&rlz=1I7TSHC_en
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 21:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/25 23:17:07 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QACW5SL0.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/07 14:13:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093EB191-C5A8-481F-9AE8-EC5F28DF54BA}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89ADDAC-D084-4E81-B497-272CE53A6ECA}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 14:12:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/07 14:08:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/29 20:07:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/23 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viva Media Game Center
[2012/06/22 07:57:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/21 15:28:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 15:28:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 15:28:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 15:27:39 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 15:27:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 15:27:39 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 15:27:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 15:27:39 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 15:27:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 15:27:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 15:27:05 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 15:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 15:27:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/14 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Apps
[2012/06/14 16:48:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Deployment
[2012/06/13 06:22:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 06:22:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 06:22:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 06:22:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 06:22:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 06:22:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 06:22:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 06:22:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 06:22:04 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 06:22:04 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 06:22:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 06:22:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 06:22:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 18:04:43 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 18:04:42 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2010/01/15 21:07:38 | 027,024,112 | R--- | C] (Microsoft Corporation) -- C:\Users\Jack\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2012/07/07 14:22:26 | 000,703,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/07 14:22:26 | 000,609,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/07 14:22:26 | 000,109,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/07 14:15:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 14:15:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:15:24 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 14:15:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 14:15:12 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 14:13:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/07 13:15:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 01:29:48 | 000,000,416 | ---- | M] () -- C:\Users\Jack\Desktop\Free Space Invaders.website
[2012/07/07 00:37:04 | 000,000,668 | ---- | M] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/06/29 20:25:24 | 000,000,575 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/29 20:20:01 | 000,000,512 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/29 20:08:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/23 23:57:30 | 000,000,243 | ---- | M] () -- C:\Users\Jack\Desktop\Bidz.com Brand Name & Jewelry Auctions - Live Rings, Watches, Sunglasses.url
[2012/06/14 16:50:43 | 000,001,996 | ---- | M] () -- C:\Users\Jack\Desktop\Google Chrome.lnk
[2012/06/14 16:50:43 | 000,001,980 | ---- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/13 06:42:58 | 000,333,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/29 20:25:24 | 000,000,575 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/29 20:20:01 | 000,000,512 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/23 18:45:02 | 000,001,116 | ---- | C] () -- C:\Users\Jack\Desktop\Club Vegas Casino 10,000.lnk
[2012/06/23 18:30:41 | 000,000,668 | ---- | C] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/02/12 22:57:44 | 000,000,800 | ---- | C] () -- C:\Users\Jack\ATT00001
[2012/02/12 22:57:42 | 003,735,053 | ---- | C] () -- C:\Users\Jack\Under_arm_thermometer.wmv
[2012/02/12 22:27:18 | 000,004,086 | ---- | C] () -- C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml
[2011/02/10 09:56:48 | 000,000,680 | R--- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2010/06/21 22:38:15 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/05/05 23:20:21 | 000,530,886 | R--- | C] () -- C:\Users\Jack\Elvis Presley & Martina McBrid_.wmv
[2009/10/02 00:15:15 | 000,009,216 | R--- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 16:46:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/05/13 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\CasinoOnNet
[2010/06/21 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ludia
[2009/10/02 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Masque
[2010/09/22 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Thunderbird
[2010/04/16 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\TOSHIBA
[2009/10/23 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ulead Systems
[2012/06/13 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\WildTangent
[2011/01/06 08:26:58 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\Thunderbird
[2012/06/13 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\WildTangent
[2012/07/07 14:14:04 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/04 02:45:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6E6E3FD0-C28A-44E7-967A-45A1AD81E672}.job

========== Purity Check ==========



========== Custom Scans ==========

< C:\Users\Jack\AppData\Roaming\Masque\*.* /s >
[2009/10/19 02:32:57 | 000,000,205 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Masque\Lobby3.pref
[2009/10/19 02:32:57 | 000,000,032 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Masque\Lobby\reservations.pref
[2009/10/19 02:32:57 | 000,000,079 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Masque\slotsol\bslots.dat
[2009/10/19 02:30:22 | 000,000,027 | ---- | M] () -- C:\Users\Jack\AppData\Roaming\Masque\slotsol\hotlist.txt

< C:\Users\Jack\AppData\Local\*.* >
[2011/02/10 09:56:48 | 000,000,680 | R--- | M] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2011/01/23 12:01:51 | 000,009,216 | R--- | M] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/04 13:05:56 | 000,086,768 | R--- | M] () -- C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/03/09 07:19:04 | 002,059,325 | RH-- | M] () -- C:\Users\Jack\AppData\Local\IconCache.db

< netsh int ip reset all /c >
Reseting Echo Request, OK!
Reseting Global, OK!
Reseting Interface, OK!
A reboot is required to complete this action.

< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 907 bytes -> C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml:OECustomProperty

< End of report >

There was no Extras.txt file.

Thank you
  • 0

Advertisements


#17
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
hello

sorry for the late reply

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    [2012/06/22 07:57:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

    :Services

    :Reg

    :Files
    C:\Windows\System32\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe /replace
    C:\Windows\SysNative\%APPDATA%

    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.



Next:

Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsh int ip reset all /c
    netsh winsock reset /c
    /md5start
    services.exe
    /md5stop

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.

  • 0

#18
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi.

Here are the three results.

OTL Scan:

========== PROCESSES ==========
All processes killed
========== OTL ==========
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\services.exe with C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe without a reboot.
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Jack
->Flash cache emptied: 5292 bytes

User: Public

User: Selma
->Flash cache emptied: 0 bytes

User: Uri

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Jack
->Java cache emptied: 0 bytes

User: Public

User: Selma
->Java cache emptied: 0 bytes

User: Uri

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 07132012_185947

Files\Folders moved on Reboot...
Folder move failed. C:\Windows\SysNative\%APPDATA% scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) C:\Windows\System32\services.exe : MD5=D4E6D91C1349B7BFB3599A6ADA56851B

Registry entries deleted on Reboot...

OTL.txt:

OTL logfile created on: 13/07/2012 7:45:50 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 59.96% Memory free
5.72 Gb Paging File | 4.44 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.53 Gb Total Space | 132.18 Gb Free Space | 62.79% Space Free | Partition Type: NTFS
Drive E: | 9.72 Gb Total Space | 9.64 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 19:24:55 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Downloads\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/25 23:20:00 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2009/05/13 01:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 21:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/01/14 00:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/09/25 13:46:38 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/24 14:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/22 01:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/04/09 22:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 21:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/22 02:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/03/23 19:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 19:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/09 17:39:52 | 000,564,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/02/16 18:01:48 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2008/04/28 12:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/04/23 16:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{3ED72821-2917-4D3D-A0C2-46EB97ADCF3D}: "URL" = http://www.rockanddi...chTerms}&srch=a
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...&rlz=1I7TSHC_en
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 21:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/25 23:17:07 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QACW5SL0.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/07 14:13:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093EB191-C5A8-481F-9AE8-EC5F28DF54BA}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89ADDAC-D084-4E81-B497-272CE53A6ECA}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 14:12:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/07 14:08:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/29 20:07:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/23 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viva Media Game Center
[2012/06/22 07:57:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/21 15:28:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 15:28:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 15:28:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 15:27:39 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 15:27:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/21 15:27:39 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 15:27:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/21 15:27:39 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 15:27:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/21 15:27:05 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 15:27:05 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/21 15:27:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 15:27:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/14 16:48:13 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Apps
[2012/06/14 16:48:12 | 000,000,000 | ---D | C] -- C:\Users\Jack\AppData\Local\Deployment
[2010/01/15 21:07:38 | 027,024,112 | R--- | C] (Microsoft Corporation) -- C:\Users\Jack\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2012/07/13 19:15:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 19:15:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/13 19:10:38 | 000,703,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 19:10:38 | 000,609,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 19:10:38 | 000,109,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 19:03:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 19:03:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/13 19:03:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 19:03:13 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 22:19:00 | 000,000,668 | ---- | M] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/07/12 21:29:02 | 000,000,416 | ---- | M] () -- C:\Users\Jack\Desktop\Free Space Invaders.website
[2012/07/12 21:19:38 | 000,000,243 | ---- | M] () -- C:\Users\Jack\Desktop\Bidz.com Brand Name & Jewelry Auctions - Live Rings, Watches, Sunglasses.url
[2012/07/07 14:13:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/29 20:25:24 | 000,000,575 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/29 20:20:01 | 000,000,512 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/29 20:08:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/14 16:50:43 | 000,001,996 | ---- | M] () -- C:\Users\Jack\Desktop\Google Chrome.lnk
[2012/06/14 16:50:43 | 000,001,980 | ---- | M] () -- C:\Users\Jack\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/06/29 20:25:24 | 000,000,575 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/29 20:20:01 | 000,000,512 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.dat
[2012/06/23 18:45:02 | 000,001,116 | ---- | C] () -- C:\Users\Jack\Desktop\Club Vegas Casino 10,000.lnk
[2012/06/23 18:30:41 | 000,000,668 | ---- | C] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/02/12 22:57:44 | 000,000,800 | ---- | C] () -- C:\Users\Jack\ATT00001
[2012/02/12 22:57:42 | 003,735,053 | ---- | C] () -- C:\Users\Jack\Under_arm_thermometer.wmv
[2012/02/12 22:27:18 | 000,004,086 | ---- | C] () -- C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml
[2011/02/10 09:56:48 | 000,000,680 | R--- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2010/06/21 22:38:15 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/05/05 23:20:21 | 000,530,886 | R--- | C] () -- C:\Users\Jack\Elvis Presley &amp; Martina McBrid_.wmv
[2009/10/02 00:15:15 | 000,009,216 | R--- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 16:46:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/05/13 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\CasinoOnNet
[2010/06/21 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ludia
[2009/10/02 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Masque
[2010/09/22 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Thunderbird
[2010/04/16 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\TOSHIBA
[2009/10/23 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ulead Systems
[2012/06/13 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\WildTangent
[2011/01/06 08:26:58 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\Thunderbird
[2012/06/13 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\WildTangent
[2012/07/13 19:02:15 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/04 02:45:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6E6E3FD0-C28A-44E7-967A-45A1AD81E672}.job

========== Purity Check ==========



========== Custom Scans ==========

< netsh int ip reset all /c >
Reseting Echo Request, failed.
Access is denied.
Reseting Interface, OK!
A reboot is required to complete this action.

< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 907 bytes -> C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml:OECustomProperty

< End of report >


Extras.txt:

OTL Extras logfile created on: 13/07/2012 7:45:50 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 59.96% Memory free
5.72 Gb Paging File | 4.44 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.53 Gb Total Space | 132.18 Gb Free Space | 62.79% Space Free | Partition Type: NTFS
Drive E: | 9.72 Gb Total Space | 9.64 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D5 EF C1 DC 9A 1B CB 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10829AB-A90B-6358-94BC-64E43654DB45}" = ccc-utility64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E373807A-6079-B6C3-69D5-53B86C3B293F}" = ATI Catalyst Install Manager
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{050CE9FC-0C14-4A68-B491-F8DC3D2B5E1F}" = Masque Slots featuring WMS Gaming II
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0C1A6FCA-0775-D2EB-526A-DC9653758959}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{11208491-289A-4906-6BCF-2395B82AE50D}" = CCC Help Turkish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AD559D4-9DBC-0CF5-2360-7DA195CC36B9}" = CCC Help Korean
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{277021F7-387E-8508-6D81-D2F3AB37D010}" = CCC Help Czech
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A6B75A2-A3C4-8EAF-1954-9B4CBEA35513}" = Skins
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{32760231-5911-2B7E-45FC-EB5F3C0C40E2}" = CCC Help Danish
"{364BF1A4-721C-E739-F66A-3A38CE4FACA3}" = CCC Help French
"{3A2CAA46-4933-6F74-A190-56513A696137}" = Catalyst Control Center InstallProxy
"{3D0DC563-4C99-4AB1-8C22-514940666938}" = Catalyst Control Center - Branding
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5F47C5-3F92-A1C4-DC7A-244882D97194}" = CCC Help Japanese
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51AB6E77-4B57-7CB6-F2C7-AB87FDAC2EC3}" = CCC Help English
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58E0D2CC-5693-D69B-C732-C956845A3F88}" = CCC Help Spanish
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5ED0BEE0-AC0C-F478-728F-9FBFADCEF8DB}" = CCC Help Chinese Traditional
"{619C8F04-BEB8-BD0F-4CC0-ABF922BE1E64}" = CCC Help German
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70C335DB-BAE8-E513-A8E4-57351139C1AA}" = CCC Help Greek
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B053D0-709C-8BC3-ADA3-923C3524062F}" = CCC Help Finnish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{878D8350-B789-ED78-2F7D-86A3A98E4FAB}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9267E76A-77DC-D8E2-DDD6-7855487A1C4E}" = CCC Help Chinese Standard
"{9282C06B-7B63-37D7-D6FB-E8BBAAA81973}" = CCC Help Portuguese
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C3317F2-518F-D18A-2E94-97B781DCE713}" = CCC Help Norwegian
"{A0D76D9F-8957-E8D5-A44F-3AEDE09E64D1}" = CCC Help Italian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AE8FFD41-8BFC-47D3-829E-77D23BFF09FF}" = My TOSHIBA
"{B1FCFBC0-4169-E767-1F7E-F5A60E2EDBC1}" = Catalyst Control Center Graphics Previews Vista
"{B3B2C253-0AAA-075A-3BFE-63B23DB0826D}" = Catalyst Control Center Core Implementation
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE43988B-0BDC-4B15-D88F-CD01398CD8E7}" = Catalyst Control Center Graphics Light
"{C6ADD182-21AA-14BE-7CB9-5AEF364F5406}" = Catalyst Control Center Localization All
"{C9622E7C-94E3-7828-F3F9-21076B7F770B}" = CCC Help Swedish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D4AFD09A-1255-4E6D-4AD9-B076B97559D3}" = CCC Help Thai
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC53C564-A09A-DA0D-AA61-630AAF188857}" = CCC Help Polish
"{DD8D1F1D-7FA5-A563-143C-3860FD9537F0}" = Catalyst Control Center Graphics Full New
"{DDBECC63-7E39-076D-F638-4DF15EB20298}" = CCC Help Dutch
"{E09863DF-93B4-5A14-0DA6-1BA841CFFB85}" = ccc-core-static
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E8620372-B4D4-92C1-BD12-DBE2FF0F58C2}" = CCC Help Russian
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"888casino" = 888casino
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Casino-On-Net" = Casino-On-Net
"Cisco Connect" = Cisco Connect
"Club Vegas Casino 10,000" = Club Vegas Casino 10,000
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Thunderbird 13.0.1 (x86 en-US)" = Mozilla Thunderbird 13.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 1.0.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WTA-8bda3a88-ceee-4c98-879e-8ee532115f97" = Battle Group

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2011 12:54:02 AM | Computer Name = Jack-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/05/2011 10:51:48 AM | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0xb04dff06, process id 0xb7c, application start time
0x01cc07bd31976300.

Error - 03/05/2011 9:11:15 PM | Computer Name = Jack-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/05/2011 9:11:34 PM | Computer Name = Jack-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03/05/2011 9:14:23 PM | Computer Name = Jack-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 05/05/2011 11:57:38 PM | Computer Name = Jack-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 14/05/2011 6:37:32 PM | Computer Name = Jack-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 20/05/2011 7:41:37 AM | Computer Name = Jack-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6002.18005, time stamp
0x49e01e78, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x00180f89, process id 0x10e4, application
start time 0x01cc10ef87ec9230.

Error - 24/05/2011 4:29:13 PM | Computer Name = Jack-PC | Source = VSS | ID = 13
Description =

Error - 24/05/2011 4:29:13 PM | Computer Name = Jack-PC | Source = VSS | ID = 8193
Description =

[ Media Center Events ]
Error - 08/07/2012 2:27:13 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(5900.1114)

Error - 09/07/2012 2:58:53 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(9044.1114)

Error - 10/07/2012 12:09:25 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(2424.1114)

Error - 10/07/2012 12:09:31 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(3396.1114)

Error - 10/07/2012 7:49:43 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(9852.1114)

Error - 10/07/2012 7:50:07 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(5732.1114)

Error - 11/07/2012 12:22:45 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(9800.1114)

Error - 11/07/2012 5:45:48 PM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(5864.1114)

Error - 12/07/2012 12:51:57 PM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(8228.1114)

Error - 13/07/2012 2:16:54 AM | Computer Name = Jack-PC | Source = MCUpdate | ID = 0
Description = Failed to retrieve SportsSchedule-66.enc (Error: BITS 0x80070424)
(6916.1114)

[ System Events ]
Error - 23/06/2012 6:39:44 PM | Computer Name = Jack-PC | Source = DCOM | ID = 10016
Description =

Error - 06/07/2012 11:27:18 PM | Computer Name = Jack-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.129 for the Network Card with network
address 00235AFF26AC has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/07/2012 11:27:24 PM | Computer Name = Jack-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.130 for the Network Card with network
address 00225FE2EB5E has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/07/2012 2:16:53 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 07/07/2012 2:16:53 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 07/07/2012 2:16:53 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 13/07/2012 6:59:48 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 13/07/2012 7:04:54 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 13/07/2012 7:04:54 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 13/07/2012 7:04:54 PM | Computer Name = Jack-PC | Source = Service Control Manager | ID = 7003
Description =


< End of report >
  • 0

#19
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hmm... There's one thing remaining to do but it's stubborn so we'll do it outside of windows:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]At the bottom where it says Files of type: select All Files; We now have a fully functional windows explorer :happy:
[*]Select "Computer" and open your flash drive.
[*]Right click frst64.exe and click open
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]When the scan finishes, click OK to the pop up
[*]Type the following in the edit box after "Search:".

services.exe

[*]Click Search button and wait for it to finish.
[*]It will create two logs (FRST.txt and search.txt) on the flash drive. Please copy and paste them to your reply.[/list]
  • 0

#20
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Are you still here?
  • 0

#21
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Yes still on board all the way.
Sorry for my lack of reply.

I only have access to their computer on the weekend.
I will be heading over there tomorrow and will continue with your next step.

Thanks for your patience.
  • 0

#22
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi there.

Here are the results Michael

FRST.txt:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 16:28:37
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [487264 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [518008 2008-12-18] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [900096 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7574048 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1716008 2009-03-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [195112 2007-09-25] (Agere Systems)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1123840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451008 2009-04-24] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [422400 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL [438272 2008-11-21] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [16384 2009-03-24] (Toshiba Corporation)
HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1283384 2009-04-01] (TOSHIBA Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Jack\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Jack\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\Jack\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-07] (Google Inc.)
HKU\Jack\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Selma\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
HKU\Selma\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-07] (Google Inc.)
HKU\Selma\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [152064 2008-07-02] (Microsoft Corporation)
HKU\Uri\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.198
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 atashost; "C:\Windows\SysWOW64\atashost.exe" [20376 2009-03-06] (WebEx Communications, Inc.)
2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 gupdate1ca42d6d70f0ec0; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-10-01] (Google Inc.)
2 TNaviSrv; C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2009-02-16] (TOSHIBA Corporation)

========================== Drivers (Whitelisted) =============

0 LPCFilter; C:\Windows\SysWow64\Drivers\LPCFilter.sys [32040 2008-05-07] (COMPAL ELECTRONIC INC.)
3 rtl819xpn64; C:\Windows\System32\DRIVERS\rtl819xp.sys [564224 2009-03-09] (Realtek Semiconductor Corporation )
1 RtlProt; C:\Windows\System32\Drivers\RtlProt.sys [31016 2007-04-23] (Windows ® Codename Longhorn DDK provider)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 22:16 - 2012-07-18 22:16 - 00000000 ____D C:\Users\All Users\WindowsSearch
2012-07-18 14:10 - 2012-07-18 18:07 - 00002319 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2012-07-15 15:12 - 2012-07-15 15:12 - 00480040 ____A C:\Users\Jack\Downloads\incredimail_install.exe
2012-07-07 10:12 - 2012-07-07 10:12 - 00000000 ____D C:\_OTL
2012-07-04 04:04 - 2012-07-04 14:20 - 06567167 ____A C:\Users\Jack\Downloads\Nuevas_generaciones (1).wmv
2012-07-03 22:24 - 2012-07-03 22:24 - 06567167 ____A C:\Users\Jack\Downloads\Nuevas_generaciones.wmv
2012-06-29 16:25 - 2012-06-29 16:25 - 00000575 ____A C:\Users\Jack\Desktop\MBR.zip
2012-06-29 16:07 - 2012-06-29 16:08 - 04731392 ____A (AVAST Software) C:\Users\Jack\Desktop\aswMBR.exe
2012-06-29 15:24 - 2012-06-29 15:24 - 00596992 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe
2012-06-23 14:41 - 2012-06-23 14:41 - 00000000 ____D C:\Program Files (x86)\Viva Media Game Center
2012-06-23 14:30 - 2012-07-21 14:38 - 00000668 ____A C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
2012-06-22 20:36 - 2012-07-13 16:00 - 00040394 ____A C:\Users\Jack\Downloads\Extras.Txt
2012-06-22 20:33 - 2012-07-13 15:57 - 00068178 ____A C:\Users\Jack\Downloads\OTL.Txt
2012-06-22 20:21 - 2012-06-22 20:21 - 00596480 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe.rr6zwp7.partial
2012-06-22 03:57 - 2012-07-07 10:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%


============ 3 Months Modified Files ========================

2012-07-22 12:22 - 2006-11-02 07:42 - 00032656 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-22 12:22 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 12:22 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 12:22 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-22 12:20 - 2009-10-01 12:48 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-22 12:18 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-22 12:17 - 2006-11-02 07:27 - 00032983 ____A C:\Windows\setupact.log
2012-07-21 22:25 - 2009-08-07 15:53 - 01647428 ____A C:\Windows\WindowsUpdate.log
2012-07-21 22:20 - 2009-10-01 12:48 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-21 21:04 - 2012-05-31 14:30 - 00000416 ____A C:\Users\Jack\Desktop\Free Space Invaders.website
2012-07-21 14:38 - 2012-06-23 14:30 - 00000668 ____A C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
2012-07-18 18:07 - 2012-07-18 14:10 - 00002319 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2012-07-17 20:07 - 2009-10-01 13:21 - 00000243 ____A C:\Users\Jack\Desktop\Bidz.com Brand Name & Jewelry Auctions - Live Rings, Watches, Sunglasses.url
2012-07-15 15:12 - 2012-07-15 15:12 - 00480040 ____A C:\Users\Jack\Downloads\incredimail_install.exe
2012-07-13 16:00 - 2012-06-22 20:36 - 00040394 ____A C:\Users\Jack\Downloads\Extras.Txt
2012-07-13 15:57 - 2012-06-22 20:33 - 00068178 ____A C:\Users\Jack\Downloads\OTL.Txt
2012-07-13 15:03 - 2008-01-20 19:26 - 00356928 ____A C:\Windows\PFRO.log
2012-07-04 14:20 - 2012-07-04 04:04 - 06567167 ____A C:\Users\Jack\Downloads\Nuevas_generaciones (1).wmv
2012-07-03 22:24 - 2012-07-03 22:24 - 06567167 ____A C:\Users\Jack\Downloads\Nuevas_generaciones.wmv
2012-06-29 16:25 - 2012-06-29 16:25 - 00000575 ____A C:\Users\Jack\Desktop\MBR.zip
2012-06-29 16:08 - 2012-06-29 16:07 - 04731392 ____A (AVAST Software) C:\Users\Jack\Desktop\aswMBR.exe
2012-06-29 15:24 - 2012-06-29 15:24 - 00596992 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe
2012-06-22 20:21 - 2012-06-22 20:21 - 00596480 ____A (OldTimer Tools) C:\Users\Jack\Downloads\OTL.exe.rr6zwp7.partial
2012-06-14 12:50 - 2009-10-01 12:39 - 00001996 ____A C:\Users\Jack\Desktop\Google Chrome.lnk
2012-06-13 02:42 - 2006-11-02 07:21 - 00333576 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 02:13 - 2006-11-02 04:35 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-21 11:28 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:28 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:28 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:27 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:27 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:27 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 11:27 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-21 11:28 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:27 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 11:27 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 11:19 - 2012-06-21 11:27 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:19 - 2012-06-21 11:27 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 11:27 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 11:12 - 2012-06-21 11:27 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-05-25 17:56 - 2012-05-25 17:56 - 00001834 ____A C:\Users\Jack\Desktop\888casino.lnk
2012-05-17 18:47 - 2012-06-13 02:21 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 02:21 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 02:22 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 02:22 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 02:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 02:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 02:22 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 02:22 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 02:22 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 02:22 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 02:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 02:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 02:22 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 02:22 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 02:21 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 02:22 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 02:22 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 02:22 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 02:22 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 02:22 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 02:22 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 02:22 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 02:22 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 02:22 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 02:22 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 02:22 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 02:22 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 12:15 - 2012-06-12 14:04 - 02767360 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-13 13:50 - 2012-05-13 13:50 - 00001816 ____A C:\Users\Uri\Desktop\888casino.lnk
2012-05-13 13:50 - 2012-05-13 13:50 - 00001816 ____A C:\Users\Selma\Desktop\888casino.lnk
2012-05-01 06:29 - 2012-06-12 14:04 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-28 15:09 - 2009-10-01 12:35 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 2813.55 MB
Available physical RAM: 2288.85 MB
Total Pagefile: 2602.66 MB
Available Pagefile: 2274.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (S3A7082D005) (Fixed) (Total:210.53 GB) (Free:129.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:9.72 GB) (Free:9.64 GB) NTFS
4 Drive f: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 1909 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 211 GB 1501 MB
Partition 3 Primary 11 GB 212 GB
Partition 4 Primary 10 GB 223 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C S3A7082D005 NTFS Partition 211 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1909 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G FAT Removable 1909 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 15:43

======================= End Of Log ==========================

Search.txt:
Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-22 16:29:39
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-10-20 12:21] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-10-20 12:21] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-10-20 12:21] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-10-20 12:21] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) BC81150939BD52DBC7A08C245F1FB229

====== End Of Search ======
  • 0

#23
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [] [x]
2012-06-22 03:57 - 2012-07-07 10:15 - 00000000 __SHD C:\Windows\System32\%APPDATA%
C:\Windows\Installer\{23730dbc-c21c-19d4-0040-8135d4645f32}
C:\Users\Jack\AppData\Local\{23730dbc-c21c-19d4-0040-8135d4645f32}
CMD: netsh int ip reset all
CMD: netsh winsock reset
CMD: ipconfig /flushdns
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe C:\Windows\System32\services.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After this fix, I'm confident that the infection will be gone. Tell me what other symptoms remain and how is the computer running


Next:

Run this from normal mode:
Posted Image OTL Custom Scan
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    /md5start
    services.exe
    /md5stop
    C:\Users\All Users\WindowsSearch\*.* /s

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.



Next:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#24
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-22 18:56:33 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\System32\%APPDATA% moved successfully.
C:\Windows\Installer\{23730dbc-c21c-19d4-0040-8135d4645f32} not found.
C:\Users\Jack\AppData\Local\{23730dbc-c21c-19d4-0040-8135d4645f32} not found.

========= netsh int ip reset all =========

Reseting Echo Request, failed.
Access is denied.

Reseting Interface, OK!
A reboot is required to complete this action.


========= End of CMD: =========


========= netsh winsock reset =========

The system cannot find the file specified.



========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.


========= End of CMD: =========

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

After I rebooted to enter normal windows mode, I once again saw the Catalyst Control Centre Message.
Other thne this the pc appears to be running ok.


OTL.txt

OTL logfile created on: 22/07/2012 7:01:10 PM - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Jack\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.64% Memory free
5.70 Gb Paging File | 4.42 Gb Available in Paging File | 77.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 210.53 Gb Total Space | 129.45 Gb Free Space | 61.49% Space Free | Partition Type: NTFS
Drive D: | 1.86 Gb Total Space | 1.78 Gb Free Space | 95.44% Space Free | Partition Type: FAT
Drive E: | 9.72 Gb Total Space | 9.64 Gb Free Space | 99.20% Space Free | Partition Type: NTFS

Computer Name: JACK-PC | User Name: Jack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/29 19:24:55 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Jack\Downloads\OTL.exe
PRC - [2011/10/25 23:20:00 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2009/05/13 01:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 21:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/09/25 13:46:38 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/04/24 14:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/04/22 01:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/04/09 22:03:58 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/03/17 14:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/03/06 21:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/02/19 17:53:28 | 000,055,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2008/03/18 15:26:56 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/11/21 19:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/04/01 21:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 20:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009/02/16 18:50:48 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/24 17:29:40 | 000,206,336 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/22 02:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/03/23 19:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/03/20 19:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/03/18 14:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)
DRV:64bit: - [2009/03/09 17:39:52 | 000,564,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl819xp.sys -- (rtl819xpn64) Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)
DRV:64bit: - [2009/02/16 18:01:48 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2008/04/28 12:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/03/21 15:47:14 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2007/12/11 17:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 17:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2007/04/23 16:15:48 | 000,031,016 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt)
DRV - [2008/05/07 14:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...ie7&rlz=1I7TSHC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes,DefaultScope = {87394793-8317-426A-A380-443282519A7D}
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{3ED72821-2917-4D3D-A0C2-46EB97ADCF3D}: "URL" = http://www.rockanddi...chTerms}&srch=a
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca...&rlz=1I7TSHC_en
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/21 21:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions
[2010/09/22 21:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jack\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/25 23:17:07 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\JACK\APPDATA\ROAMING\THUNDERBIRD\PROFILES\QACW5SL0.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Picasa2\npPicasa3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/07 14:13:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1518022060-2281292150-985881486-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPCHWMsg] C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1518022060-2281292150-985881486-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{093EB191-C5A8-481F-9AE8-EC5F28DF54BA}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C89ADDAC-D084-4E81-B497-272CE53A6ECA}: DhcpNameServer = 64.71.255.198
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 20:24:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/22 14:16:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/19 02:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/07/07 14:12:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/29 20:07:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe
[2012/06/23 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Viva Media Game Center
[2010/01/15 21:07:38 | 027,024,112 | R--- | C] (Microsoft Corporation) -- C:\Users\Jack\PowerPointViewer.exe

========== Files - Modified Within 30 Days ==========

[2012/07/22 19:05:24 | 000,703,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 19:05:24 | 000,609,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 19:05:24 | 000,109,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 18:57:53 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 18:57:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 18:57:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 18:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 18:57:32 | 2951,069,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 18:20:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 01:04:52 | 000,000,416 | ---- | M] () -- C:\Users\Jack\Desktop\Free Space Invaders.website
[2012/07/21 18:38:25 | 000,000,668 | ---- | M] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/07/18 22:07:11 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2012/07/18 00:07:15 | 000,000,243 | ---- | M] () -- C:\Users\Jack\Desktop\Bidz.com Brand Name & Jewelry Auctions - Live Rings, Watches, Sunglasses.url
[2012/07/07 14:13:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/29 20:25:24 | 000,000,575 | ---- | M] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/29 20:08:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jack\Desktop\aswMBR.exe

========== Files Created - No Company Name ==========

[2012/07/22 16:46:59 | 000,001,116 | ---- | C] () -- C:\Users\Jack\Desktop\Club Vegas Casino 10,000.lnk
[2012/07/18 18:10:45 | 000,002,319 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
[2012/06/29 20:25:24 | 000,000,575 | ---- | C] () -- C:\Users\Jack\Desktop\MBR.zip
[2012/06/23 18:30:41 | 000,000,668 | ---- | C] () -- C:\Users\Jack\Desktop\Tetris® N-Blox - Play a quick game of Tetris for free!.website
[2012/02/12 22:57:44 | 000,000,800 | ---- | C] () -- C:\Users\Jack\ATT00001
[2012/02/12 22:57:42 | 003,735,053 | ---- | C] () -- C:\Users\Jack\Under_arm_thermometer.wmv
[2012/02/12 22:27:18 | 000,004,086 | ---- | C] () -- C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml
[2011/02/10 09:56:48 | 000,000,680 | R--- | C] () -- C:\Users\Jack\AppData\Local\d3d9caps.dat
[2010/06/21 22:38:15 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/05/05 23:20:21 | 000,530,886 | R--- | C] () -- C:\Users\Jack\Elvis Presley &amp; Martina McBrid_.wmv
[2009/10/02 00:15:15 | 000,009,216 | R--- | C] () -- C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 16:46:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/05/13 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\CasinoOnNet
[2010/06/21 23:36:04 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ludia
[2009/10/02 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Masque
[2010/09/22 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Thunderbird
[2010/04/16 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\TOSHIBA
[2009/10/23 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\Ulead Systems
[2012/06/13 15:45:34 | 000,000,000 | ---D | M] -- C:\Users\Jack\AppData\Roaming\WildTangent
[2011/01/06 08:26:58 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\Thunderbird
[2012/06/13 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\Selma\AppData\Roaming\WildTangent
[2012/07/22 18:54:30 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/04 02:45:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6E6E3FD0-C28A-44E7-967A-45A1AD81E672}.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\FRST\Quarantine\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< C:\Users\All Users\WindowsSearch\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 907 bytes -> C:\Users\Jack\FW The Ultimate Train Set and other settings - From Hamburg.eml:OECustomProperty

< End of report >


TDSSKiller:

19:14:38.0053 4340 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:14:38.0475 4340 ============================================================
19:14:38.0475 4340 Current date / time: 2012/07/22 19:14:38.0475
19:14:38.0475 4340 SystemInfo:
19:14:38.0475 4340
19:14:38.0475 4340 OS Version: 6.0.6002 ServicePack: 2.0
19:14:38.0475 4340 Product type: Workstation
19:14:38.0475 4340 ComputerName: JACK-PC
19:14:38.0475 4340 UserName: Jack
19:14:38.0475 4340 Windows directory: C:\Windows
19:14:38.0475 4340 System windows directory: C:\Windows
19:14:38.0475 4340 Running under WOW64
19:14:38.0475 4340 Processor architecture: Intel x64
19:14:38.0475 4340 Number of processors: 2
19:14:38.0475 4340 Page size: 0x1000
19:14:38.0475 4340 Boot type: Normal boot
19:14:38.0475 4340 ============================================================
19:14:39.0629 4340 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:14:39.0629 4340 Drive \Device\Harddisk1\DR1 - Size: 0x774E4E00 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:14:39.0629 4340 ============================================================
19:14:39.0629 4340 \Device\Harddisk0\DR0:
19:14:39.0629 4340 MBR partitions:
19:14:39.0629 4340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1A50D800
19:14:39.0629 4340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BE55000, BlocksNum 0x1370800
19:14:39.0629 4340 \Device\Harddisk1\DR1:
19:14:39.0629 4340 MBR partitions:
19:14:39.0629 4340 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3BA561
19:14:39.0629 4340 ============================================================
19:14:39.0676 4340 C: <-> \Device\Harddisk0\DR0\Partition0
19:14:39.0738 4340 E: <-> \Device\Harddisk0\DR0\Partition1
19:14:39.0738 4340 ============================================================
19:14:39.0738 4340 Initialize success
19:14:39.0738 4340 ============================================================
19:15:19.0549 4316 ============================================================
19:15:19.0549 4316 Scan started
19:15:19.0549 4316 Mode: Manual; SigCheck; TDLFS;
19:15:19.0549 4316 ============================================================
19:15:20.0627 4316 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:15:20.0783 4316 ACPI - ok
19:15:20.0876 4316 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:15:20.0908 4316 adp94xx - ok
19:15:20.0954 4316 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:15:20.0970 4316 adpahci - ok
19:15:21.0001 4316 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:15:21.0017 4316 adpu160m - ok
19:15:21.0032 4316 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:15:21.0064 4316 adpu320 - ok
19:15:21.0095 4316 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:15:21.0204 4316 AeLookupSvc - ok
19:15:21.0298 4316 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:15:21.0360 4316 AFD - ok
19:15:21.0422 4316 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
19:15:21.0485 4316 AgereModemAudio - ok
19:15:21.0657 4316 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
19:15:21.0767 4316 AgereSoftModem - ok
19:15:21.0829 4316 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:15:21.0845 4316 agp440 - ok
19:15:21.0891 4316 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:15:21.0907 4316 aic78xx - ok
19:15:21.0938 4316 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:15:22.0016 4316 ALG - ok
19:15:22.0063 4316 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:15:22.0079 4316 aliide - ok
19:15:22.0141 4316 AMD External Events Utility (c5ef0a376ce36979409774a5b9dc7903) C:\Windows\system32\atiesrxx.exe
19:15:22.0188 4316 AMD External Events Utility - ok
19:15:22.0235 4316 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:15:22.0250 4316 amdide - ok
19:15:22.0281 4316 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:15:22.0391 4316 AmdK8 - ok
19:15:22.0437 4316 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:15:22.0500 4316 Appinfo - ok
19:15:22.0626 4316 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:15:22.0641 4316 Apple Mobile Device - ok
19:15:22.0688 4316 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:15:22.0719 4316 arc - ok
19:15:22.0750 4316 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:15:22.0766 4316 arcsas - ok
19:15:22.0797 4316 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:15:22.0875 4316 AsyncMac - ok
19:15:22.0906 4316 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:15:22.0938 4316 atapi - ok
19:15:23.0062 4316 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe
19:15:23.0062 4316 atashost - ok
19:15:23.0640 4316 atikmdag (c28928becd9d35248c2a6cb18032cacc) C:\Windows\system32\DRIVERS\atikmdag.sys
19:15:23.0983 4316 atikmdag - ok
19:15:24.0154 4316 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:15:24.0186 4316 AtiPcie - ok
19:15:24.0279 4316 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:15:24.0373 4316 AudioEndpointBuilder - ok
19:15:24.0388 4316 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:15:24.0498 4316 AudioSrv - ok
19:15:24.0544 4316 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:15:24.0638 4316 blbdrive - ok
19:15:24.0778 4316 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:15:24.0794 4316 Bonjour Service - ok
19:15:24.0856 4316 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:15:24.0888 4316 bowser - ok
19:15:24.0934 4316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:15:24.0997 4316 BrFiltLo - ok
19:15:25.0012 4316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:15:25.0075 4316 BrFiltUp - ok
19:15:25.0122 4316 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:15:25.0246 4316 Browser - ok
19:15:25.0293 4316 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:15:25.0418 4316 Brserid - ok
19:15:25.0434 4316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:15:25.0543 4316 BrSerWdm - ok
19:15:25.0543 4316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:15:25.0668 4316 BrUsbMdm - ok
19:15:25.0699 4316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:15:25.0777 4316 BrUsbSer - ok
19:15:25.0824 4316 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:15:25.0933 4316 BTHMODEM - ok
19:15:26.0042 4316 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
19:15:26.0058 4316 camsvc - ok
19:15:26.0073 4316 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:15:26.0136 4316 cdfs - ok
19:15:26.0198 4316 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:15:26.0245 4316 cdrom - ok
19:15:26.0292 4316 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:15:26.0323 4316 CertPropSvc - ok
19:15:26.0354 4316 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:15:26.0416 4316 circlass - ok
19:15:26.0479 4316 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:15:26.0510 4316 CLFS - ok
19:15:26.0604 4316 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:15:26.0619 4316 clr_optimization_v2.0.50727_32 - ok
19:15:26.0697 4316 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:15:26.0713 4316 clr_optimization_v2.0.50727_64 - ok
19:15:26.0822 4316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:15:26.0853 4316 clr_optimization_v4.0.30319_32 - ok
19:15:26.0900 4316 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:15:26.0916 4316 clr_optimization_v4.0.30319_64 - ok
19:15:26.0947 4316 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:15:27.0040 4316 CmBatt - ok
19:15:27.0056 4316 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:15:27.0072 4316 cmdide - ok
19:15:27.0103 4316 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:15:27.0118 4316 Compbatt - ok
19:15:27.0118 4316 COMSysApp - ok
19:15:27.0290 4316 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
19:15:27.0306 4316 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
19:15:27.0306 4316 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
19:15:27.0337 4316 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:15:27.0352 4316 ConfigFree Service - ok
19:15:27.0384 4316 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:15:27.0415 4316 crcdisk - ok
19:15:27.0493 4316 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
19:15:27.0524 4316 CryptSvc - ok
19:15:27.0664 4316 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:15:27.0789 4316 DcomLaunch - ok
19:15:27.0836 4316 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:15:27.0867 4316 DfsC - ok
19:15:28.0288 4316 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:15:28.0522 4316 DFSR - ok
19:15:28.0694 4316 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:15:28.0788 4316 Dhcp - ok
19:15:28.0850 4316 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:15:28.0881 4316 disk - ok
19:15:28.0944 4316 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:15:29.0006 4316 Dnscache - ok
19:15:29.0068 4316 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:15:29.0146 4316 dot3svc - ok
19:15:29.0209 4316 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:15:29.0302 4316 DPS - ok
19:15:29.0349 4316 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:15:29.0412 4316 drmkaud - ok
19:15:29.0521 4316 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:15:29.0568 4316 DXGKrnl - ok
19:15:29.0630 4316 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:15:29.0692 4316 E1G60 - ok
19:15:29.0724 4316 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:15:29.0786 4316 EapHost - ok
19:15:29.0848 4316 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:15:29.0880 4316 Ecache - ok
19:15:29.0973 4316 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
19:15:30.0036 4316 ehRecvr - ok
19:15:30.0067 4316 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
19:15:30.0114 4316 ehSched - ok
19:15:30.0160 4316 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
19:15:30.0207 4316 ehstart - ok
19:15:30.0285 4316 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:15:30.0363 4316 elxstor - ok
19:15:30.0457 4316 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:15:30.0535 4316 EMDMgmt - ok
19:15:30.0550 4316 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:15:30.0644 4316 ErrDev - ok
19:15:30.0706 4316 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:15:30.0769 4316 EventSystem - ok
19:15:30.0816 4316 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:15:30.0862 4316 exfat - ok
19:15:30.0909 4316 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:15:31.0003 4316 fastfat - ok
19:15:31.0050 4316 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:15:31.0143 4316 fdc - ok
19:15:31.0190 4316 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:15:31.0284 4316 fdPHost - ok
19:15:31.0315 4316 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:15:31.0455 4316 FDResPub - ok
19:15:31.0486 4316 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:15:31.0502 4316 FileInfo - ok
19:15:31.0549 4316 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:15:31.0611 4316 Filetrace - ok
19:15:31.0627 4316 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:15:31.0674 4316 flpydisk - ok
19:15:31.0720 4316 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:15:31.0752 4316 FltMgr - ok
19:15:31.0908 4316 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:15:32.0017 4316 FontCache - ok
19:15:32.0126 4316 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:15:32.0142 4316 FontCache3.0.0.0 - ok
19:15:32.0204 4316 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
19:15:32.0251 4316 Fs_Rec - ok
19:15:32.0282 4316 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:15:32.0313 4316 gagp30kx - ok
19:15:32.0407 4316 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:15:32.0438 4316 GamesAppService - ok
19:15:32.0485 4316 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:15:32.0500 4316 GEARAspiWDM - ok
19:15:32.0610 4316 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:15:32.0703 4316 gpsvc - ok
19:15:32.0812 4316 gupdate1ca42d6d70f0ec0 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:15:32.0828 4316 gupdate1ca42d6d70f0ec0 - ok
19:15:32.0828 4316 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:15:32.0844 4316 gupdatem - ok
19:15:32.0890 4316 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:15:32.0906 4316 gusvc - ok
19:15:32.0968 4316 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:15:33.0093 4316 HdAudAddService - ok
19:15:33.0218 4316 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:15:33.0296 4316 HDAudBus - ok
19:15:33.0343 4316 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:15:33.0436 4316 HidBth - ok
19:15:33.0468 4316 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:15:33.0546 4316 HidIr - ok
19:15:33.0608 4316 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:15:33.0655 4316 hidserv - ok
19:15:33.0702 4316 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:15:33.0764 4316 HidUsb - ok
19:15:33.0795 4316 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:15:33.0889 4316 hkmsvc - ok
19:15:33.0936 4316 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:15:33.0951 4316 HpCISSs - ok
19:15:34.0045 4316 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:15:34.0154 4316 HTTP - ok
19:15:34.0185 4316 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:15:34.0201 4316 i2omp - ok
19:15:34.0248 4316 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:15:34.0326 4316 i8042prt - ok
19:15:34.0388 4316 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:15:34.0435 4316 iaStorV - ok
19:15:34.0591 4316 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:34.0653 4316 idsvc - ok
19:15:34.0684 4316 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:15:34.0700 4316 iirsp - ok
19:15:34.0762 4316 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:15:34.0825 4316 IKEEXT - ok
19:15:35.0028 4316 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
19:15:35.0090 4316 IntcAzAudAddService - ok
19:15:35.0340 4316 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:15:35.0371 4316 intelide - ok
19:15:35.0386 4316 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:15:35.0511 4316 intelppm - ok
19:15:35.0589 4316 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:15:35.0683 4316 IPBusEnum - ok
19:15:35.0730 4316 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:35.0854 4316 IpFilterDriver - ok
19:15:35.0854 4316 IpInIp - ok
19:15:35.0979 4316 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:15:36.0104 4316 IPMIDRV - ok
19:15:36.0135 4316 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:15:36.0229 4316 IPNAT - ok
19:15:36.0416 4316 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
19:15:36.0541 4316 iPod Service - ok
19:15:36.0588 4316 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:15:36.0681 4316 IRENUM - ok
19:15:36.0744 4316 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:15:36.0759 4316 isapnp - ok
19:15:36.0837 4316 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:15:36.0884 4316 iScsiPrt - ok
19:15:36.0915 4316 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:15:36.0931 4316 iteatapi - ok
19:15:36.0978 4316 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:15:36.0978 4316 iteraid - ok
19:15:37.0009 4316 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:15:37.0024 4316 kbdclass - ok
19:15:37.0040 4316 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:15:37.0102 4316 kbdhid - ok
19:15:37.0165 4316 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:15:37.0212 4316 KeyIso - ok
19:15:37.0274 4316 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:15:37.0305 4316 KSecDD - ok
19:15:37.0336 4316 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:15:37.0399 4316 ksthunk - ok
19:15:37.0477 4316 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:15:37.0617 4316 KtmRm - ok
19:15:37.0680 4316 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:15:37.0742 4316 LanmanServer - ok
19:15:37.0804 4316 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:15:37.0836 4316 LanmanWorkstation - ok
19:15:37.0945 4316 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:15:37.0976 4316 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:15:37.0976 4316 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:15:38.0023 4316 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:15:38.0116 4316 lltdio - ok
19:15:38.0226 4316 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:15:38.0335 4316 lltdsvc - ok
19:15:38.0382 4316 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:15:38.0475 4316 lmhosts - ok
19:15:38.0522 4316 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
19:15:38.0538 4316 LPCFilter - ok
19:15:38.0600 4316 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:15:38.0631 4316 LSI_FC - ok
19:15:38.0662 4316 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:15:38.0694 4316 LSI_SAS - ok
19:15:38.0756 4316 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:15:38.0787 4316 LSI_SCSI - ok
19:15:38.0818 4316 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:15:38.0928 4316 luafv - ok
19:15:38.0959 4316 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
19:15:38.0990 4316 Mcx2Svc - ok
19:15:39.0021 4316 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:15:39.0052 4316 megasas - ok
19:15:39.0130 4316 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:15:39.0177 4316 MegaSR - ok
19:15:39.0208 4316 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:15:39.0286 4316 MMCSS - ok
19:15:39.0302 4316 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:15:39.0396 4316 Modem - ok
19:15:39.0427 4316 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:15:39.0489 4316 monitor - ok
19:15:39.0505 4316 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:15:39.0520 4316 mouclass - ok
19:15:39.0552 4316 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:15:39.0614 4316 mouhid - ok
19:15:39.0645 4316 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:15:39.0661 4316 MountMgr - ok
19:15:39.0723 4316 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:15:39.0739 4316 mpio - ok
19:15:39.0786 4316 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:15:39.0848 4316 mpsdrv - ok
19:15:39.0926 4316 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:15:39.0942 4316 Mraid35x - ok
19:15:39.0973 4316 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:15:40.0004 4316 MRxDAV - ok
19:15:40.0066 4316 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:15:40.0082 4316 mrxsmb - ok
19:15:40.0160 4316 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:15:40.0207 4316 mrxsmb10 - ok
19:15:40.0254 4316 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:15:40.0300 4316 mrxsmb20 - ok
19:15:40.0363 4316 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
19:15:40.0394 4316 msahci - ok
19:15:40.0456 4316 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:15:40.0488 4316 msdsm - ok
19:15:40.0566 4316 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:15:40.0659 4316 MSDTC - ok
19:15:40.0690 4316 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:15:40.0737 4316 Msfs - ok
19:15:40.0800 4316 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:15:40.0815 4316 msisadrv - ok
19:15:40.0862 4316 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:15:40.0924 4316 MSiSCSI - ok
19:15:40.0940 4316 msiserver - ok
19:15:41.0034 4316 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:15:41.0096 4316 MSKSSRV - ok
19:15:41.0112 4316 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:15:41.0205 4316 MSPCLOCK - ok
19:15:41.0314 4316 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:15:41.0377 4316 MSPQM - ok
19:15:41.0502 4316 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:15:41.0564 4316 MsRPC - ok
19:15:41.0626 4316 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:15:41.0642 4316 mssmbios - ok
19:15:41.0704 4316 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:15:41.0814 4316 MSTEE - ok
19:15:41.0892 4316 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:15:41.0907 4316 Mup - ok
19:15:41.0985 4316 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:15:42.0048 4316 napagent - ok
19:15:42.0110 4316 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:15:42.0172 4316 NativeWifiP - ok
19:15:42.0266 4316 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:15:42.0313 4316 NDIS - ok
19:15:42.0360 4316 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:15:42.0422 4316 NdisTapi - ok
19:15:42.0438 4316 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:15:42.0516 4316 Ndisuio - ok
19:15:42.0578 4316 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:15:42.0625 4316 NdisWan - ok
19:15:42.0672 4316 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:15:42.0718 4316 NDProxy - ok
19:15:42.0765 4316 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:15:42.0812 4316 NetBIOS - ok
19:15:42.0874 4316 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:15:42.0937 4316 netbt - ok
19:15:42.0968 4316 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:15:42.0999 4316 Netlogon - ok
19:15:43.0046 4316 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:15:43.0171 4316 Netman - ok
19:15:43.0233 4316 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:15:43.0327 4316 netprofm - ok
19:15:43.0420 4316 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:15:43.0452 4316 NetTcpPortSharing - ok
19:15:43.0498 4316 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:15:43.0514 4316 nfrd960 - ok
19:15:43.0576 4316 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:15:43.0639 4316 NlaSvc - ok
19:15:43.0670 4316 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:15:43.0748 4316 Npfs - ok
19:15:43.0779 4316 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:15:43.0873 4316 nsi - ok
19:15:43.0904 4316 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:15:43.0998 4316 nsiproxy - ok
19:15:44.0200 4316 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:15:44.0278 4316 Ntfs - ok
19:15:44.0419 4316 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:15:44.0466 4316 Null - ok
19:15:44.0497 4316 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:15:44.0512 4316 nvraid - ok
19:15:44.0528 4316 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:15:44.0544 4316 nvstor - ok
19:15:44.0559 4316 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:15:44.0590 4316 nv_agp - ok
19:15:44.0590 4316 NwlnkFlt - ok
19:15:44.0590 4316 NwlnkFwd - ok
19:15:44.0622 4316 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:15:44.0700 4316 ohci1394 - ok
19:15:44.0809 4316 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:15:44.0856 4316 p2pimsvc - ok
19:15:44.0871 4316 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:15:44.0902 4316 p2psvc - ok
19:15:44.0934 4316 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:15:45.0012 4316 Parport - ok
19:15:45.0043 4316 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
19:15:45.0058 4316 partmgr - ok
19:15:45.0105 4316 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:15:45.0121 4316 PcaSvc - ok
19:15:45.0168 4316 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:15:45.0183 4316 pci - ok
19:15:45.0230 4316 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:15:45.0246 4316 pciide - ok
19:15:45.0277 4316 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:15:45.0292 4316 pcmcia - ok
19:15:45.0370 4316 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:15:45.0495 4316 PEAUTH - ok
19:15:45.0589 4316 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:15:45.0636 4316 PerfHost - ok
19:15:45.0714 4316 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
19:15:45.0729 4316 PGEffect - ok
19:15:45.0885 4316 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:15:45.0994 4316 pla - ok
19:15:46.0057 4316 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:15:46.0088 4316 PlugPlay - ok
19:15:46.0197 4316 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:15:46.0228 4316 PNRPAutoReg - ok
19:15:46.0244 4316 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:15:46.0275 4316 PNRPsvc - ok
19:15:46.0384 4316 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:15:46.0431 4316 PolicyAgent - ok
19:15:46.0509 4316 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:15:46.0556 4316 PptpMiniport - ok
19:15:46.0587 4316 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
19:15:46.0634 4316 Processor - ok
19:15:46.0681 4316 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:15:46.0728 4316 ProfSvc - ok
19:15:46.0790 4316 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:15:46.0806 4316 ProtectedStorage - ok
19:15:46.0837 4316 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:15:46.0868 4316 PSched - ok
19:15:47.0024 4316 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:15:47.0086 4316 ql2300 - ok
19:15:47.0102 4316 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:15:47.0118 4316 ql40xx - ok
19:15:47.0180 4316 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:15:47.0227 4316 QWAVE - ok
19:15:47.0258 4316 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:15:47.0305 4316 QWAVEdrv - ok
19:15:47.0336 4316 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:15:47.0398 4316 RasAcd - ok
19:15:47.0445 4316 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:15:47.0508 4316 RasAuto - ok
19:15:47.0554 4316 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:15:47.0586 4316 Rasl2tp - ok
19:15:47.0632 4316 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:15:47.0695 4316 RasMan - ok
19:15:47.0742 4316 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:15:47.0804 4316 RasPppoe - ok
19:15:47.0835 4316 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:15:47.0898 4316 RasSstp - ok
19:15:47.0960 4316 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:15:48.0007 4316 rdbss - ok
19:15:48.0038 4316 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:15:48.0100 4316 RDPCDD - ok
19:15:48.0163 4316 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:15:48.0256 4316 rdpdr - ok
19:15:48.0272 4316 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:15:48.0319 4316 RDPENCDD - ok
19:15:48.0366 4316 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
19:15:48.0412 4316 RDPWD - ok
19:15:48.0490 4316 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:15:48.0553 4316 RemoteAccess - ok
19:15:48.0600 4316 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:15:48.0678 4316 RemoteRegistry - ok
19:15:48.0724 4316 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:15:48.0756 4316 RpcLocator - ok
19:15:48.0880 4316 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:15:48.0958 4316 RpcSs - ok
19:15:49.0005 4316 RSELSVC - ok
19:15:49.0052 4316 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:15:49.0114 4316 rspndr - ok
19:15:49.0177 4316 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:15:49.0255 4316 RTL8169 - ok
19:15:49.0364 4316 rtl819xpn64 (7e0d84db38e8645997318d5cc33650fa) C:\Windows\system32\DRIVERS\rtl819xp.sys
19:15:49.0426 4316 rtl819xpn64 - ok
19:15:49.0489 4316 RtlProt (d1664991a07acf2703d4a4e5be4b6c80) C:\Windows\system32\DRIVERS\rtlprot.sys
19:15:49.0504 4316 RtlProt - ok
19:15:49.0551 4316 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:15:49.0582 4316 SamSs - ok
19:15:49.0629 4316 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:15:49.0645 4316 sbp2port - ok
19:15:49.0707 4316 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:15:49.0785 4316 SCardSvr - ok
19:15:49.0894 4316 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:15:49.0972 4316 Schedule - ok
19:15:50.0019 4316 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:15:50.0082 4316 SCPolicySvc - ok
19:15:50.0113 4316 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:15:50.0144 4316 SDRSVC - ok
19:15:50.0175 4316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:15:50.0269 4316 secdrv - ok
19:15:50.0316 4316 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:15:50.0378 4316 seclogon - ok
19:15:50.0409 4316 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:15:50.0472 4316 SENS - ok
19:15:50.0503 4316 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:15:50.0612 4316 Serenum - ok
19:15:50.0643 4316 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:15:50.0768 4316 Serial - ok
19:15:50.0768 4316 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:15:50.0846 4316 sermouse - ok
19:15:50.0893 4316 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:15:50.0940 4316 SessionEnv - ok
19:15:50.0955 4316 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:15:51.0018 4316 sffdisk - ok
19:15:51.0033 4316 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:15:51.0096 4316 sffp_mmc - ok
19:15:51.0111 4316 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:15:51.0174 4316 sffp_sd - ok
19:15:51.0174 4316 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:15:51.0314 4316 sfloppy - ok
19:15:51.0408 4316 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:15:51.0454 4316 ShellHWDetection - ok
19:15:51.0486 4316 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:15:51.0501 4316 SiSRaid2 - ok
19:15:51.0517 4316 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:15:51.0548 4316 SiSRaid4 - ok
19:15:51.0922 4316 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:15:52.0032 4316 Skype C2C Service - ok
19:15:52.0094 4316 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:15:52.0110 4316 SkypeUpdate - ok
19:15:52.0422 4316 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:15:52.0640 4316 slsvc - ok
19:15:52.0765 4316 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:15:52.0843 4316 SLUINotify - ok
19:15:52.0921 4316 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:15:52.0952 4316 Smb - ok
19:15:52.0999 4316 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:15:53.0030 4316 SNMPTRAP - ok
19:15:53.0061 4316 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:15:53.0077 4316 spldr - ok
19:15:53.0155 4316 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:15:53.0186 4316 Spooler - ok
19:15:53.0264 4316 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:15:53.0311 4316 srv - ok
19:15:53.0358 4316 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:15:53.0404 4316 srv2 - ok
19:15:53.0451 4316 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:15:53.0482 4316 srvnet - ok
19:15:53.0529 4316 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:15:53.0623 4316 SSDPSRV - ok
19:15:53.0685 4316 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:15:53.0732 4316 SstpSvc - ok
19:15:53.0810 4316 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:15:53.0857 4316 stisvc - ok
19:15:53.0904 4316 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:15:53.0904 4316 swenum - ok
19:15:53.0997 4316 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:15:54.0044 4316 swprv - ok
19:15:54.0075 4316 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:15:54.0091 4316 Symc8xx - ok
19:15:54.0106 4316 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:15:54.0122 4316 Sym_hi - ok
19:15:54.0138 4316 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:15:54.0153 4316 Sym_u3 - ok
19:15:54.0216 4316 SynTP (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys
19:15:54.0231 4316 SynTP - ok
19:15:54.0356 4316 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:15:54.0450 4316 SysMain - ok
19:15:54.0496 4316 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:15:54.0528 4316 TabletInputService - ok
19:15:54.0606 4316 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:15:54.0668 4316 TapiSrv - ok
19:15:54.0699 4316 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:15:54.0762 4316 TBS - ok
19:15:54.0933 4316 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
19:15:55.0011 4316 Tcpip - ok
19:15:55.0027 4316 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
19:15:55.0105 4316 Tcpip6 - ok
19:15:55.0152 4316 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:15:55.0167 4316 tcpipreg - ok
19:15:55.0214 4316 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:15:55.0230 4316 tdcmdpst - ok
19:15:55.0261 4316 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:15:55.0339 4316 TDPIPE - ok
19:15:55.0370 4316 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:15:55.0432 4316 TDTCP - ok
19:15:55.0464 4316 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:15:55.0510 4316 tdx - ok
19:15:55.0557 4316 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:15:55.0573 4316 TermDD - ok
19:15:55.0666 4316 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:15:55.0744 4316 TermService - ok
19:15:55.0807 4316 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:15:55.0838 4316 Themes - ok
19:15:55.0869 4316 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:15:55.0932 4316 THREADORDER - ok
19:15:56.0041 4316 TMachInfo (fb8448d1b0da00d70c28adf9282b31bb) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:15:56.0056 4316 TMachInfo - ok
19:15:56.0103 4316 TNaviSrv (9077a1666fd02440818570a00cb37fdd) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:15:56.0134 4316 TNaviSrv - ok
19:15:56.0181 4316 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
19:15:56.0197 4316 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
19:15:56.0197 4316 TODDSrv - detected UnsignedFile.Multi.Generic (1)
19:15:56.0306 4316 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:15:56.0353 4316 TosCoSrv - ok
19:15:56.0462 4316 TOSHIBA eco Utility Service (97735d78da5737ea8428d551fa263eea) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:15:56.0493 4316 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
19:15:56.0493 4316 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
19:15:56.0540 4316 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:15:56.0556 4316 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
19:15:56.0556 4316 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
19:15:56.0665 4316 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
19:15:56.0743 4316 tos_sps64 - ok
19:15:56.0899 4316 TPCHSrv (66c4503d050dbacafc5b38fe54edd86f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:15:56.0961 4316 TPCHSrv - ok
19:15:57.0008 4316 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:15:57.0086 4316 TrkWks - ok
19:15:57.0164 4316 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:15:57.0211 4316 TrustedInstaller - ok
19:15:57.0273 4316 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:15:57.0351 4316 tssecsrv - ok
19:15:57.0382 4316 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:15:57.0429 4316 tunmp - ok
19:15:57.0492 4316 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:15:57.0523 4316 tunnel - ok
19:15:57.0554 4316 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:15:57.0585 4316 TVALZ - ok
19:15:57.0601 4316 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
19:15:57.0616 4316 TVALZFL - ok
19:15:57.0663 4316 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:15:57.0679 4316 uagp35 - ok
19:15:57.0741 4316 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:15:57.0804 4316 udfs - ok
19:15:57.0850 4316 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:15:57.0913 4316 UI0Detect - ok
19:15:57.0944 4316 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:15:57.0975 4316 uliagpkx - ok
19:15:58.0022 4316 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:15:58.0057 4316 uliahci - ok
19:15:58.0088 4316 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:15:58.0120 4316 UlSata - ok
19:15:58.0151 4316 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:15:58.0166 4316 ulsata2 - ok
19:15:58.0198 4316 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:15:58.0244 4316 umbus - ok
19:15:58.0291 4316 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:15:58.0432 4316 upnphost - ok
19:15:58.0494 4316 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:15:58.0525 4316 USBAAPL64 - ok
19:15:58.0572 4316 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:15:58.0619 4316 usbccgp - ok
19:15:58.0666 4316 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:15:58.0759 4316 usbcir - ok
19:15:58.0806 4316 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:15:58.0868 4316 usbehci - ok
19:15:58.0900 4316 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:15:58.0962 4316 usbhub - ok
19:15:58.0993 4316 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
19:15:59.0040 4316 usbohci - ok
19:15:59.0071 4316 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:15:59.0165 4316 usbprint - ok
19:15:59.0196 4316 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:15:59.0258 4316 USBSTOR - ok
19:15:59.0305 4316 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:15:59.0336 4316 usbuhci - ok
19:15:59.0399 4316 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:15:59.0461 4316 usbvideo - ok
19:15:59.0477 4316 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:15:59.0539 4316 UxSms - ok
19:15:59.0617 4316 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:15:59.0726 4316 vds - ok
19:15:59.0758 4316 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:15:59.0836 4316 vga - ok
19:15:59.0867 4316 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:15:59.0945 4316 VgaSave - ok
19:15:59.0976 4316 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:16:00.0007 4316 viaide - ok
19:16:00.0038 4316 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:16:00.0070 4316 volmgr - ok
19:16:00.0148 4316 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:16:00.0194 4316 volmgrx - ok
19:16:00.0257 4316 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:16:00.0304 4316 volsnap - ok
19:16:00.0350 4316 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:16:00.0382 4316 vsmraid - ok
19:16:00.0553 4316 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:16:00.0694 4316 VSS - ok
19:16:00.0772 4316 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:16:00.0896 4316 W32Time - ok
19:16:00.0959 4316 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:16:01.0052 4316 WacomPen - ok
19:16:01.0115 4316 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:01.0162 4316 Wanarp - ok
19:16:01.0177 4316 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:16:01.0240 4316 Wanarpv6 - ok
19:16:01.0333 4316 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:16:01.0427 4316 wcncsvc - ok
19:16:01.0458 4316 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:16:01.0520 4316 WcsPlugInService - ok
19:16:01.0567 4316 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:16:01.0598 4316 Wd - ok
19:16:01.0708 4316 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:16:01.0770 4316 Wdf01000 - ok
19:16:01.0801 4316 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:16:01.0864 4316 WdiServiceHost - ok
19:16:01.0864 4316 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:16:01.0910 4316 WdiSystemHost - ok
19:16:01.0973 4316 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:16:02.0004 4316 WebClient - ok
19:16:02.0051 4316 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:16:02.0082 4316 Wecsvc - ok
19:16:02.0113 4316 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:16:02.0160 4316 wercplsupport - ok
19:16:02.0176 4316 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:16:02.0254 4316 WerSvc - ok
19:16:02.0254 4316 WinHttpAutoProxySvc - ok
19:16:02.0347 4316 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:16:02.0410 4316 Winmgmt - ok
19:16:02.0644 4316 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:16:02.0768 4316 WinRM - ok
19:16:02.0940 4316 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:16:03.0065 4316 Wlansvc - ok
19:16:03.0158 4316 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:16:03.0252 4316 WmiAcpi - ok
19:16:03.0346 4316 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:16:03.0424 4316 wmiApSrv - ok
19:16:03.0470 4316 WMPNetworkSvc - ok
19:16:03.0517 4316 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:16:03.0580 4316 WPCSvc - ok
19:16:03.0626 4316 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:16:03.0689 4316 WPDBusEnum - ok
19:16:03.0736 4316 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:16:03.0767 4316 WpdUsb - ok
19:16:03.0985 4316 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:16:04.0048 4316 WPFFontCache_v0400 - ok
19:16:04.0079 4316 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:16:04.0157 4316 ws2ifsl - ok
19:16:04.0157 4316 WSearch - ok
19:16:04.0219 4316 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:16:04.0282 4316 WUDFRd - ok
19:16:04.0328 4316 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:16:04.0360 4316 wudfsvc - ok
19:16:04.0391 4316 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:16:06.0076 4316 \Device\Harddisk0\DR0 - ok
19:16:06.0091 4316 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
19:16:06.0232 4316 \Device\Harddisk1\DR1 - ok
19:16:06.0263 4316 Boot (0x1200) (84644ca6a1d665ede26cb197bedf8961) \Device\Harddisk0\DR0\Partition0
19:16:06.0278 4316 \Device\Harddisk0\DR0\Partition0 - ok
19:16:06.0310 4316 Boot (0x1200) (cbb4fa0294d0a0214c4f7b3d29d935c6) \Device\Harddisk0\DR0\Partition1
19:16:06.0310 4316 \Device\Harddisk0\DR0\Partition1 - ok
19:16:06.0325 4316 Boot (0x1200) (ec79b992a82fd06ab1807e3b83b7ed60) \Device\Harddisk1\DR1\Partition0
19:16:06.0325 4316 \Device\Harddisk1\DR1\Partition0 - ok
19:16:06.0325 4316 ============================================================
19:16:06.0325 4316 Scan finished
19:16:06.0325 4316 ============================================================
19:16:06.0356 3248 Detected object count: 5
19:16:06.0356 3248 Actual detected object count: 5
19:16:22.0097 3248 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:22.0097 3248 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:22.0097 3248 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:22.0097 3248 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:22.0097 3248 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:22.0097 3248 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:22.0097 3248 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:22.0097 3248 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:22.0097 3248 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:16:22.0097 3248 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:16:47.0400 4884 ============================================================
19:16:47.0400 4884 Scan started
19:16:47.0400 4884 Mode: Manual; SigCheck; TDLFS;
19:16:47.0400 4884 ============================================================
19:16:47.0915 4884 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:16:47.0962 4884 ACPI - ok
19:16:48.0040 4884 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:16:48.0071 4884 adp94xx - ok
19:16:48.0118 4884 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:16:48.0133 4884 adpahci - ok
19:16:48.0164 4884 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:16:48.0180 4884 adpu160m - ok
19:16:48.0211 4884 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:16:48.0227 4884 adpu320 - ok
19:16:48.0274 4884 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:16:48.0305 4884 AeLookupSvc - ok
19:16:48.0367 4884 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:16:48.0383 4884 AFD - ok
19:16:48.0398 4884 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
19:16:48.0414 4884 AgereModemAudio - ok
19:16:48.0539 4884 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
19:16:48.0586 4884 AgereSoftModem - ok
19:16:48.0617 4884 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:16:48.0632 4884 agp440 - ok
19:16:48.0664 4884 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:16:48.0679 4884 aic78xx - ok
19:16:48.0726 4884 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:16:48.0788 4884 ALG - ok
19:16:48.0804 4884 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:16:48.0820 4884 aliide - ok
19:16:48.0866 4884 AMD External Events Utility (c5ef0a376ce36979409774a5b9dc7903) C:\Windows\system32\atiesrxx.exe
19:16:48.0882 4884 AMD External Events Utility - ok
19:16:48.0929 4884 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:16:48.0929 4884 amdide - ok
19:16:48.0944 4884 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:16:49.0007 4884 AmdK8 - ok
19:16:49.0054 4884 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:16:49.0085 4884 Appinfo - ok
19:16:49.0178 4884 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:16:49.0210 4884 Apple Mobile Device - ok
19:16:49.0241 4884 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:16:49.0272 4884 arc - ok
19:16:49.0303 4884 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:16:49.0319 4884 arcsas - ok
19:16:49.0350 4884 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:49.0397 4884 AsyncMac - ok
19:16:49.0428 4884 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:16:49.0444 4884 atapi - ok
19:16:49.0537 4884 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\SysWOW64\atashost.exe
19:16:49.0553 4884 atashost - ok
19:16:50.0052 4884 atikmdag (c28928becd9d35248c2a6cb18032cacc) C:\Windows\system32\DRIVERS\atikmdag.sys
19:16:50.0208 4884 atikmdag - ok
19:16:50.0364 4884 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:16:50.0380 4884 AtiPcie - ok
19:16:50.0426 4884 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:16:50.0473 4884 AudioEndpointBuilder - ok
19:16:50.0473 4884 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:16:50.0520 4884 AudioSrv - ok
19:16:50.0567 4884 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:16:50.0614 4884 blbdrive - ok
19:16:50.0723 4884 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:16:50.0738 4884 Bonjour Service - ok
19:16:50.0785 4884 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:16:50.0801 4884 bowser - ok
19:16:50.0848 4884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:16:50.0879 4884 BrFiltLo - ok
19:16:50.0910 4884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:16:50.0941 4884 BrFiltUp - ok
19:16:50.0972 4884 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:16:51.0019 4884 Browser - ok
19:16:51.0050 4884 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:16:51.0144 4884 Brserid - ok
19:16:51.0160 4884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:16:51.0238 4884 BrSerWdm - ok
19:16:51.0238 4884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:16:51.0300 4884 BrUsbMdm - ok
19:16:51.0316 4884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:16:51.0378 4884 BrUsbSer - ok
19:16:51.0394 4884 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:16:51.0472 4884 BTHMODEM - ok
19:16:51.0565 4884 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
19:16:51.0581 4884 camsvc - ok
19:16:51.0612 4884 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:16:51.0659 4884 cdfs - ok
19:16:51.0706 4884 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:16:51.0737 4884 cdrom - ok
19:16:51.0784 4884 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:16:51.0815 4884 CertPropSvc - ok
19:16:51.0846 4884 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:16:51.0893 4884 circlass - ok
19:16:51.0955 4884 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:16:51.0971 4884 CLFS - ok
19:16:52.0049 4884 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:52.0064 4884 clr_optimization_v2.0.50727_32 - ok
19:16:52.0111 4884 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:16:52.0127 4884 clr_optimization_v2.0.50727_64 - ok
19:16:52.0205 4884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:52.0220 4884 clr_optimization_v4.0.30319_32 - ok
19:16:52.0252 4884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:16:52.0267 4884 clr_optimization_v4.0.30319_64 - ok
19:16:52.0298 4884 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
19:16:52.0330 4884 CmBatt - ok
19:16:52.0361 4884 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:16:52.0376 4884 cmdide - ok
19:16:52.0392 4884 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
19:16:52.0408 4884 Compbatt - ok
19:16:52.0423 4884 COMSysApp - ok
19:16:52.0501 4884 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
19:16:52.0501 4884 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
19:16:52.0501 4884 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
19:16:52.0532 4884 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:16:52.0548 4884 ConfigFree Service - ok
19:16:52.0579 4884 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:16:52.0610 4884 crcdisk - ok
19:16:52.0673 4884 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
19:16:52.0688 4884 CryptSvc - ok
19:16:52.0782 4884 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:16:52.0829 4884 DcomLaunch - ok
19:16:52.0876 4884 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:16:52.0907 4884 DfsC - ok
19:16:53.0219 4884 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:16:53.0328 4884 DFSR - ok
19:16:53.0468 4884 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:16:53.0515 4884 Dhcp - ok
19:16:53.0578 4884 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:16:53.0593 4884 disk - ok
19:16:53.0656 4884 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:16:53.0671 4884 Dnscache - ok
19:16:53.0718 4884 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:16:53.0765 4884 dot3svc - ok
19:16:53.0796 4884 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:16:53.0858 4884 DPS - ok
19:16:53.0890 4884 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:16:53.0921 4884 drmkaud - ok
19:16:54.0014 4884 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:16:54.0061 4884 DXGKrnl - ok
19:16:54.0108 4884 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:16:54.0170 4884 E1G60 - ok
19:16:54.0217 4884 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:16:54.0264 4884 EapHost - ok
19:16:54.0311 4884 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:16:54.0342 4884 Ecache - ok
19:16:54.0451 4884 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
19:16:54.0482 4884 ehRecvr - ok
19:16:54.0514 4884 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
19:16:54.0529 4884 ehSched - ok
19:16:54.0545 4884 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
19:16:54.0560 4884 ehstart - ok
19:16:54.0623 4884 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:16:54.0638 4884 elxstor - ok
19:16:54.0716 4884 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:16:54.0748 4884 EMDMgmt - ok
19:16:54.0748 4884 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:16:54.0810 4884 ErrDev - ok
19:16:54.0872 4884 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:16:54.0935 4884 EventSystem - ok
19:16:54.0982 4884 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:16:54.0997 4884 exfat - ok
19:16:55.0044 4884 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:16:55.0091 4884 fastfat - ok
19:16:55.0122 4884 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:16:55.0169 4884 fdc - ok
19:16:55.0184 4884 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:16:55.0247 4884 fdPHost - ok
19:16:55.0262 4884 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:16:55.0325 4884 FDResPub - ok
19:16:55.0340 4884 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:16:55.0356 4884 FileInfo - ok
19:16:55.0403 4884 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:16:55.0465 4884 Filetrace - ok
19:16:55.0481 4884 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:55.0528 4884 flpydisk - ok
19:16:55.0574 4884 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:16:55.0590 4884 FltMgr - ok
19:16:55.0730 4884 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:16:55.0793 4884 FontCache - ok
19:16:55.0903 4884 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:16:55.0919 4884 FontCache3.0.0.0 - ok
19:16:55.0997 4884 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
19:16:56.0028 4884 Fs_Rec - ok
19:16:56.0075 4884 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:16:56.0090 4884 gagp30kx - ok
19:16:56.0184 4884 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:16:56.0199 4884 GamesAppService - ok
19:16:56.0231 4884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:16:56.0246 4884 GEARAspiWDM - ok
19:16:56.0340 4884 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:16:56.0387 4884 gpsvc - ok
19:16:56.0480 4884 gupdate1ca42d6d70f0ec0 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:16:56.0496 4884 gupdate1ca42d6d70f0ec0 - ok
19:16:56.0496 4884 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:16:56.0511 4884 gupdatem - ok
19:16:56.0558 4884 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:16:56.0574 4884 gusvc - ok
19:16:56.0621 4884 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:16:56.0699 4884 HdAudAddService - ok
19:16:56.0808 4884 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:56.0855 4884 HDAudBus - ok
19:16:56.0886 4884 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:16:56.0979 4884 HidBth - ok
19:16:57.0026 4884 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:16:57.0089 4884 HidIr - ok
19:16:57.0120 4884 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:16:57.0151 4884 hidserv - ok
19:16:57.0198 4884 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:16:57.0260 4884 HidUsb - ok
19:16:57.0291 4884 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:16:57.0323 4884 hkmsvc - ok
19:16:57.0369 4884 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:16:57.0385 4884 HpCISSs - ok
19:16:57.0479 4884 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:16:57.0525 4884 HTTP - ok
19:16:57.0572 4884 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:16:57.0588 4884 i2omp - ok
19:16:57.0619 4884 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:16:57.0650 4884 i8042prt - ok
19:16:57.0681 4884 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:16:57.0713 4884 iaStorV - ok
19:16:57.0869 4884 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:16:57.0915 4884 idsvc - ok
19:16:57.0947 4884 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:16:57.0962 4884 iirsp - ok
19:16:58.0025 4884 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:16:58.0103 4884 IKEEXT - ok
19:16:58.0290 4884 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
19:16:58.0337 4884 IntcAzAudAddService - ok
19:16:58.0508 4884 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:16:58.0524 4884 intelide - ok
19:16:58.0555 4884 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:16:58.0602 4884 intelppm - ok
19:16:58.0633 4884 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:16:58.0711 4884 IPBusEnum - ok
19:16:58.0742 4884 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:58.0805 4884 IpFilterDriver - ok
19:16:58.0805 4884 IpInIp - ok
19:16:58.0851 4884 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:16:58.0898 4884 IPMIDRV - ok
19:16:58.0914 4884 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:16:58.0961 4884 IPNAT - ok
19:16:59.0117 4884 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
19:16:59.0179 4884 iPod Service - ok
19:16:59.0226 4884 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:16:59.0273 4884 IRENUM - ok
19:16:59.0304 4884 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:16:59.0319 4884 isapnp - ok
19:16:59.0382 4884 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:59.0397 4884 iScsiPrt - ok
19:16:59.0429 4884 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:16:59.0444 4884 iteatapi - ok
19:16:59.0475 4884 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:16:59.0491 4884 iteraid - ok
19:16:59.0522 4884 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:59.0538 4884 kbdclass - ok
19:16:59.0553 4884 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:59.0631 4884 kbdhid - ok
19:16:59.0678 4884 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:16:59.0694 4884 KeyIso - ok
19:16:59.0756 4884 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:16:59.0787 4884 KSecDD - ok
19:16:59.0803 4884 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:16:59.0881 4884 ksthunk - ok
19:16:59.0943 4884 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:17:00.0037 4884 KtmRm - ok
19:17:00.0084 4884 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:17:00.0115 4884 LanmanServer - ok
19:17:00.0162 4884 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:17:00.0177 4884 LanmanWorkstation - ok
19:17:00.0255 4884 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:17:00.0255 4884 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:17:00.0255 4884 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:17:00.0302 4884 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:17:00.0349 4884 lltdio - ok
19:17:00.0396 4884 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:17:00.0443 4884 lltdsvc - ok
19:17:00.0474 4884 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:17:00.0521 4884 lmhosts - ok
19:17:00.0536 4884 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
19:17:00.0552 4884 LPCFilter - ok
19:17:00.0599 4884 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:17:00.0614 4884 LSI_FC - ok
19:17:00.0630 4884 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:17:00.0645 4884 LSI_SAS - ok
19:17:00.0661 4884 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:17:00.0677 4884 LSI_SCSI - ok
19:17:00.0708 4884 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:17:00.0770 4884 luafv - ok
19:17:00.0801 4884 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
19:17:00.0817 4884 Mcx2Svc - ok
19:17:00.0864 4884 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:17:00.0879 4884 megasas - ok
19:17:00.0926 4884 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:17:00.0942 4884 MegaSR - ok
19:17:00.0973 4884 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:17:01.0020 4884 MMCSS - ok
19:17:01.0035 4884 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:17:01.0082 4884 Modem - ok
19:17:01.0113 4884 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:17:01.0160 4884 monitor - ok
19:17:01.0191 4884 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:17:01.0207 4884 mouclass - ok
19:17:01.0223 4884 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:17:01.0269 4884 mouhid - ok
19:17:01.0285 4884 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:17:01.0301 4884 MountMgr - ok
19:17:01.0332 4884 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:17:01.0347 4884 mpio - ok
19:17:01.0379 4884 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:17:01.0410 4884 mpsdrv - ok
19:17:01.0425 4884 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:17:01.0441 4884 Mraid35x - ok
19:17:01.0488 4884 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:17:01.0503 4884 MRxDAV - ok
19:17:01.0566 4884 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:01.0581 4884 mrxsmb - ok
19:17:01.0628 4884 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:01.0659 4884 mrxsmb10 - ok
19:17:01.0675 4884 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:01.0691 4884 mrxsmb20 - ok
19:17:01.0722 4884 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
19:17:01.0737 4884 msahci - ok
19:17:01.0784 4884 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:17:01.0800 4884 msdsm - ok
19:17:01.0847 4884 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:17:01.0878 4884 MSDTC - ok
19:17:01.0925 4884 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:17:01.0971 4884 Msfs - ok
19:17:02.0003 4884 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:17:02.0018 4884 msisadrv - ok
19:17:02.0065 4884 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:17:02.0112 4884 MSiSCSI - ok
19:17:02.0127 4884 msiserver - ok
19:17:02.0159 4884 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:17:02.0205 4884 MSKSSRV - ok
19:17:02.0221 4884 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:02.0283 4884 MSPCLOCK - ok
19:17:02.0299 4884 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:17:02.0346 4884 MSPQM - ok
19:17:02.0408 4884 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:17:02.0424 4884 MsRPC - ok
19:17:02.0471 4884 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:17:02.0486 4884 mssmbios - ok
19:17:02.0517 4884 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:17:02.0564 4884 MSTEE - ok
19:17:02.0595 4884 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:17:02.0611 4884 Mup - ok
19:17:02.0673 4884 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:17:02.0720 4884 napagent - ok
19:17:02.0767 4884 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:17:02.0798 4884 NativeWifiP - ok
19:17:02.0892 4884 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:17:02.0939 4884 NDIS - ok
19:17:02.0970 4884 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:03.0001 4884 NdisTapi - ok
19:17:03.0017 4884 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:03.0063 4884 Ndisuio - ok
19:17:03.0126 4884 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:03.0157 4884 NdisWan - ok
19:17:03.0188 4884 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:17:03.0219 4884 NDProxy - ok
19:17:03.0251 4884 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:17:03.0297 4884 NetBIOS - ok
19:17:03.0360 4884 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:17:03.0391 4884 netbt - ok
19:17:03.0438 4884 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:17:03.0453 4884 Netlogon - ok
19:17:03.0500 4884 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:17:03.0547 4884 Netman - ok
19:17:03.0594 4884 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:17:03.0641 4884 netprofm - ok
19:17:03.0719 4884 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:17:03.0734 4884 NetTcpPortSharing - ok
19:17:03.0781 4884 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:17:03.0781 4884 nfrd960 - ok
19:17:03.0828 4884 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:17:03.0875 4884 NlaSvc - ok
19:17:03.0906 4884 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:17:03.0953 4884 Npfs - ok
19:17:03.0968 4884 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:17:04.0015 4884 nsi - ok
19:17:04.0046 4884 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:17:04.0093 4884 nsiproxy - ok
19:17:04.0233 4884 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:17:04.0296 4884 Ntfs - ok
19:17:04.0436 4884 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:17:04.0514 4884 Null - ok
19:17:04.0545 4884 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:17:04.0561 4884 nvraid - ok
19:17:04.0577 4884 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:17:04.0592 4884 nvstor - ok
19:17:04.0608 4884 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:17:04.0623 4884 nv_agp - ok
19:17:04.0623 4884 NwlnkFlt - ok
19:17:04.0639 4884 NwlnkFwd - ok
19:17:04.0655 4884 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
19:17:04.0717 4884 ohci1394 - ok
19:17:04.0811 4884 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:17:04.0842 4884 p2pimsvc - ok
19:17:04.0857 4884 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:17:04.0904 4884 p2psvc - ok
19:17:04.0935 4884 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:17:05.0045 4884 Parport - ok
19:17:05.0091 4884 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
19:17:05.0107 4884 partmgr - ok
19:17:05.0154 4884 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:17:05.0185 4884 PcaSvc - ok
19:17:05.0247 4884 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:17:05.0263 4884 pci - ok
19:17:05.0294 4884 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:17:05.0310 4884 pciide - ok
19:17:05.0341 4884 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:17:05.0357 4884 pcmcia - ok
19:17:05.0435 4884 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:17:05.0513 4884 PEAUTH - ok
19:17:05.0606 4884 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:17:05.0653 4884 PerfHost - ok
19:17:05.0700 4884 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
19:17:05.0731 4884 PGEffect - ok
19:17:06.0137 4884 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:17:06.0230 4884 pla - ok
19:17:06.0293 4884 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:17:06.0324 4884 PlugPlay - ok
19:17:06.0433 4884 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:17:06.0464 4884 PNRPAutoReg - ok
19:17:06.0480 4884 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:17:06.0527 4884 PNRPsvc - ok
19:17:06.0605 4884 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:17:06.0667 4884 PolicyAgent - ok
19:17:06.0729 4884 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:17:06.0761 4884 PptpMiniport - ok
19:17:06.0792 4884 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
19:17:06.0870 4884 Processor - ok
19:17:06.0917 4884 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:17:06.0948 4884 ProfSvc - ok
19:17:06.0995 4884 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:17:07.0010 4884 ProtectedStorage - ok
19:17:07.0041 4884 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:17:07.0073 4884 PSched - ok
19:17:07.0197 4884 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:17:07.0260 4884 ql2300 - ok
19:17:07.0275 4884 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:17:07.0291 4884 ql40xx - ok
19:17:07.0353 4884 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:17:07.0369 4884 QWAVE - ok
19:17:07.0416 4884 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:17:07.0431 4884 QWAVEdrv - ok
19:17:07.0447 4884 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:17:07.0494 4884 RasAcd - ok
19:17:07.0541 4884 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:17:07.0587 4884 RasAuto - ok
19:17:07.0650 4884 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:07.0681 4884 Rasl2tp - ok
19:17:07.0712 4884 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:17:07.0759 4884 RasMan - ok
19:17:07.0790 4884 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:07.0821 4884 RasPppoe - ok
19:17:07.0868 4884 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:17:07.0884 4884 RasSstp - ok
19:17:07.0931 4884 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:17:07.0962 4884 rdbss - ok
19:17:07.0993 4884 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:08.0040 4884 RDPCDD - ok
19:17:08.0087 4884 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:17:08.0133 4884 rdpdr - ok
19:17:08.0149 4884 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:17:08.0196 4884 RDPENCDD - ok
19:17:08.0258 4884 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
19:17:08.0274 4884 RDPWD - ok
19:17:08.0305 4884 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:17:08.0352 4884 RemoteAccess - ok
19:17:08.0399 4884 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:17:08.0445 4884 RemoteRegistry - ok
19:17:08.0477 4884 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:17:08.0492 4884 RpcLocator - ok
19:17:08.0586 4884 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:17:08.0633 4884 RpcSs - ok
19:17:08.0695 4884 RSELSVC - ok
19:17:08.0726 4884 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:17:08.0773 4884 rspndr - ok
19:17:08.0820 4884 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
19:17:08.0867 4884 RTL8169 - ok
19:17:08.0945 4884 rtl819xpn64 (7e0d84db38e8645997318d5cc33650fa) C:\Windows\system32\DRIVERS\rtl819xp.sys
19:17:08.0976 4884 rtl819xpn64 - ok
19:17:09.0007 4884 RtlProt (d1664991a07acf2703d4a4e5be4b6c80) C:\Windows\system32\DRIVERS\rtlprot.sys
19:17:09.0023 4884 RtlProt - ok
19:17:09.0054 4884 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:17:09.0069 4884 SamSs - ok
19:17:09.0116 4884 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:17:09.0132 4884 sbp2port - ok
19:17:09.0179 4884 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:17:09.0210 4884 SCardSvr - ok
19:17:09.0319 4884 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:17:09.0350 4884 Schedule - ok
19:17:09.0381 4884 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:17:09.0413 4884 SCPolicySvc - ok
19:17:09.0459 4884 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:17:09.0475 4884 SDRSVC - ok
19:17:09.0491 4884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:17:09.0569 4884 secdrv - ok
19:17:09.0584 4884 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:17:09.0647 4884 seclogon - ok
19:17:09.0678 4884 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:17:09.0725 4884 SENS - ok
19:17:09.0740 4884 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
19:17:09.0818 4884 Serenum - ok
19:17:09.0834 4884 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
19:17:09.0896 4884 Serial - ok
19:17:09.0912 4884 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:17:09.0959 4884 sermouse - ok
19:17:10.0005 4884 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:17:10.0068 4884 SessionEnv - ok
19:17:10.0083 4884 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:17:10.0130 4884 sffdisk - ok
19:17:10.0161 4884 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:17:10.0208 4884 sffp_mmc - ok
19:17:10.0224 4884 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:17:10.0271 4884 sffp_sd - ok
19:17:10.0271 4884 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:17:10.0333 4884 sfloppy - ok
19:17:10.0395 4884 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:17:10.0427 4884 ShellHWDetection - ok
19:17:10.0442 4884 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:17:10.0442 4884 SiSRaid2 - ok
19:17:10.0473 4884 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:17:10.0489 4884 SiSRaid4 - ok
19:17:10.0848 4884 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:17:10.0957 4884 Skype C2C Service - ok
19:17:11.0066 4884 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:17:11.0082 4884 SkypeUpdate - ok
19:17:11.0394 4884 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:17:11.0472 4884 slsvc - ok
19:17:11.0612 4884 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:17:11.0675 4884 SLUINotify - ok
19:17:11.0737 4884 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:17:11.0799 4884 Smb - ok
19:17:11.0846 4884 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:17:11.0877 4884 SNMPTRAP - ok
19:17:11.0909 4884 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:17:11.0940 4884 spldr - ok
19:17:12.0018 4884 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:17:12.0033 4884 Spooler - ok
19:17:12.0111 4884 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:17:12.0143 4884 srv - ok
19:17:12.0189 4884 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:17:12.0205 4884 srv2 - ok
19:17:12.0236 4884 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:17:12.0252 4884 srvnet - ok
19:17:12.0299 4884 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:17:12.0345 4884 SSDPSRV - ok
19:17:12.0361 4884 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:17:12.0392 4884 SstpSvc - ok
19:17:12.0470 4884 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:17:12.0501 4884 stisvc - ok
19:17:12.0517 4884 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:17:12.0533 4884 swenum - ok
19:17:12.0626 4884 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:17:12.0673 4884 swprv - ok
19:17:12.0704 4884 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:17:12.0720 4884 Symc8xx - ok
19:17:12.0735 4884 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:17:12.0735 4884 Sym_hi - ok
19:17:12.0751 4884 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:17:12.0782 4884 Sym_u3 - ok
19:17:12.0845 4884 SynTP (ea7043973d9305235e7b68ac0c6ec889) C:\Windows\system32\DRIVERS\SynTP.sys
19:17:12.0860 4884 SynTP - ok
19:17:12.0954 4884 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:17:13.0032 4884 SysMain - ok
19:17:13.0079 4884 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:17:13.0110 4884 TabletInputService - ok
19:17:13.0172 4884 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:17:13.0219 4884 TapiSrv - ok
19:17:13.0235 4884 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:17:13.0281 4884 TBS - ok
19:17:13.0453 4884 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
19:17:13.0515 4884 Tcpip - ok
19:17:13.0531 4884 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
19:17:13.0578 4884 Tcpip6 - ok
19:17:13.0609 4884 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:17:13.0640 4884 tcpipreg - ok
19:17:13.0671 4884 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:17:13.0687 4884 tdcmdpst - ok
19:17:13.0718 4884 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:17:13.0765 4884 TDPIPE - ok
19:17:13.0781 4884 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:17:13.0827 4884 TDTCP - ok
19:17:13.0859 4884 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:17:13.0890 4884 tdx - ok
19:17:13.0937 4884 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:17:13.0968 4884 TermDD - ok
19:17:14.0061 4884 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:17:14.0139 4884 TermService - ok
19:17:14.0202 4884 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:17:14.0249 4884 Themes - ok
19:17:14.0280 4884 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:17:14.0358 4884 THREADORDER - ok
19:17:14.0467 4884 TMachInfo (fb8448d1b0da00d70c28adf9282b31bb) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:17:14.0483 4884 TMachInfo - ok
19:17:14.0529 4884 TNaviSrv (9077a1666fd02440818570a00cb37fdd) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:17:14.0545 4884 TNaviSrv - ok
19:17:14.0592 4884 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
19:17:14.0592 4884 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
19:17:14.0592 4884 TODDSrv - detected UnsignedFile.Multi.Generic (1)
19:17:14.0701 4884 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:17:14.0732 4884 TosCoSrv - ok
19:17:14.0795 4884 TOSHIBA eco Utility Service (97735d78da5737ea8428d551fa263eea) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:17:14.0795 4884 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
19:17:14.0795 4884 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
19:17:14.0857 4884 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:17:14.0857 4884 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
19:17:14.0857 4884 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
19:17:14.0966 4884 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
19:17:14.0982 4884 tos_sps64 - ok
19:17:15.0091 4884 TPCHSrv (66c4503d050dbacafc5b38fe54edd86f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:17:15.0153 4884 TPCHSrv - ok
19:17:15.0200 4884 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:17:15.0247 4884 TrkWks - ok
19:17:15.0325 4884 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:17:15.0356 4884 TrustedInstaller - ok
19:17:15.0403 4884 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:15.0450 4884 tssecsrv - ok
19:17:15.0465 4884 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:17:15.0481 4884 tunmp - ok
19:17:15.0528 4884 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:17:15.0543 4884 tunnel - ok
19:17:15.0575 4884 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:17:15.0590 4884 TVALZ - ok
19:17:15.0606 4884 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
19:17:15.0621 4884 TVALZFL - ok
19:17:15.0668 4884 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:17:15.0684 4884 uagp35 - ok
19:17:15.0731 4884 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:17:15.0777 4884 udfs - ok
19:17:15.0840 4884 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:17:15.0902 4884 UI0Detect - ok
19:17:15.0933 4884 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:17:15.0949 4884 uliagpkx - ok
19:17:15.0996 4884 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:17:16.0011 4884 uliahci - ok
19:17:16.0043 4884 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:17:16.0058 4884 UlSata - ok
19:17:16.0089 4884 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:17:16.0105 4884 ulsata2 - ok
19:17:16.0121 4884 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:17:16.0199 4884 umbus - ok
19:17:16.0261 4884 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:17:16.0308 4884 upnphost - ok
19:17:16.0355 4884 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:17:16.0370 4884 USBAAPL64 - ok
19:17:16.0401 4884 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:16.0433 4884 usbccgp - ok
19:17:16.0479 4884 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:17:16.0542 4884 usbcir - ok
19:17:16.0557 4884 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:17:16.0589 4884 usbehci - ok
19:17:16.0651 4884 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:17:16.0682 4884 usbhub - ok
19:17:16.0713 4884 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
19:17:16.0745 4884 usbohci - ok
19:17:16.0760 4884 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:17:16.0869 4884 usbprint - ok
19:17:16.0901 4884 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:16.0932 4884 USBSTOR - ok
19:17:16.0963 4884 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:17:16.0994 4884 usbuhci - ok
19:17:17.0025 4884 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
19:17:17.0072 4884 usbvideo - ok
19:17:17.0103 4884 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:17:17.0135 4884 UxSms - ok
19:17:17.0197 4884 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:17:17.0244 4884 vds - ok
19:17:17.0275 4884 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:17.0322 4884 vga - ok
19:17:17.0353 4884 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:17:17.0400 4884 VgaSave - ok
19:17:17.0400 4884 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:17:17.0415 4884 viaide - ok
19:17:17.0462 4884 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:17:17.0478 4884 volmgr - ok
19:17:17.0540 4884 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:17:17.0571 4884 volmgrx - ok
19:17:17.0618 4884 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:17:17.0634 4884 volsnap - ok
19:17:17.0681 4884 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:17:17.0696 4884 vsmraid - ok
19:17:17.0837 4884 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:17:17.0930 4884 VSS - ok
19:17:17.0993 4884 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:17:18.0039 4884 W32Time - ok
19:17:18.0102 4884 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:17:18.0180 4884 WacomPen - ok
19:17:18.0227 4884 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:18.0258 4884 Wanarp - ok
19:17:18.0258 4884 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:17:18.0305 4884 Wanarpv6 - ok
19:17:18.0383 4884 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:17:18.0414 4884 wcncsvc - ok
19:17:18.0445 4884 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:17:18.0476 4884 WcsPlugInService - ok
19:17:18.0507 4884 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:17:18.0523 4884 Wd - ok
19:17:18.0617 4884 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:17:18.0663 4884 Wdf01000 - ok
19:17:18.0695 4884 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:17:18.0788 4884 WdiServiceHost - ok
19:17:18.0788 4884 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:17:18.0851 4884 WdiSystemHost - ok
19:17:19.0007 4884 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:17:19.0038 4884 WebClient - ok
19:17:19.0100 4884 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:17:19.0116 4884 Wecsvc - ok
19:17:19.0147 4884 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:17:19.0178 4884 wercplsupport - ok
19:17:19.0209 4884 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:17:19.0241 4884 WerSvc - ok
19:17:19.0256 4884 WinHttpAutoProxySvc - ok
19:17:19.0334 4884 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:17:19.0365 4884 Winmgmt - ok
19:17:19.0584 4884 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:17:19.0631 4884 WinRM - ok
19:17:19.0818 4884 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:17:19.0849 4884 Wlansvc - ok
19:17:19.0896 4884 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:17:19.0943 4884 WmiAcpi - ok
19:17:20.0021 4884 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:17:20.0052 4884 wmiApSrv - ok
19:17:20.0099 4884 WMPNetworkSvc - ok
19:17:20.0145 4884 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:17:20.0177 4884 WPCSvc - ok
19:17:20.0223 4884 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:17:20.0255 4884 WPDBusEnum - ok
19:17:20.0286 4884 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:17:20.0301 4884 WpdUsb - ok
19:17:20.0504 4884 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:17:20.0551 4884 WPFFontCache_v0400 - ok
19:17:20.0582 4884 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:17:20.0660 4884 ws2ifsl - ok
19:17:20.0660 4884 WSearch - ok
19:17:20.0707 4884 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:20.0738 4884 WUDFRd - ok
19:17:20.0785 4884 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:17:20.0832 4884 wudfsvc - ok
19:17:20.0863 4884 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:17:22.0361 4884 \Device\Harddisk0\DR0 - ok
19:17:22.0376 4884 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
19:17:22.0517 4884 \Device\Harddisk1\DR1 - ok
19:17:22.0548 4884 Boot (0x1200) (84644ca6a1d665ede26cb197bedf8961) \Device\Harddisk0\DR0\Partition0
19:17:22.0548 4884 \Device\Harddisk0\DR0\Partition0 - ok
19:17:22.0595 4884 Boot (0x1200) (cbb4fa0294d0a0214c4f7b3d29d935c6) \Device\Harddisk0\DR0\Partition1
19:17:22.0595 4884 \Device\Harddisk0\DR0\Partition1 - ok
19:17:22.0610 4884 Boot (0x1200) (ec79b992a82fd06ab1807e3b83b7ed60) \Device\Harddisk1\DR1\Partition0
19:17:22.0610 4884 \Device\Harddisk1\DR1\Partition0 - ok
19:17:22.0610 4884 ============================================================
19:17:22.0610 4884 Scan finished
19:17:22.0610 4884 ============================================================
19:17:22.0641 4272 Detected object count: 5
19:17:22.0641 4272 Actual detected object count: 5
19:17:24.0794 4272 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:24.0794 4272 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:24.0794 4272 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:24.0794 4272 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:24.0794 4272 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:24.0794 4272 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:24.0810 4272 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:24.0810 4272 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:24.0810 4272 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:17:24.0810 4272 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:17:27.0883 4056 Deinitialize success
  • 0

#25
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
  • Boot into safe mode. Instructions here
  • Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    netsh int ip reset all /c
    netsh winsock reset /c

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Next:

I can see you don't have an antivirus program right? If not, do this:

Antivirus - No need to explain how important is the use of ONE antivirus. It is not recommended to run more than one firewall or anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other
If you already have one installed, keep it.


Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Next:

Run a full scan with the antivirus you have chosen and remove anything found. Tell me if it found anything and what was that



Next:
Go here, download the tool and run it. If it detects a new version, download it and install it.

Tell me how's your computer running after this and if any other problems exist
  • 0

Advertisements


#26
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Michael.

I got your last set of instructions but unfortunately can not run these steps as I have already left for the evening.
Can we touch base again on the weekend to continue?

Thanks for your understanding and continued support.
  • 0

#27
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello :)
Yes, there's no problem as long as I'm notified. Otherwise I may think that you abandoned the topic ;)
  • 0

#28
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Michael.

Thanks for your patience.

The full scan (using Avast) is taking quite a while so this response will only include the reports up until that step. It is still running in background.

Here are the reports for the first few items you requested.

OTL Fix:

========== FILES ==========
< netsh int ip reset all /c >
There's no user specified settings to be reset.
C:\Users\Jack\Downloads\cmd.bat deleted successfully.
C:\Users\Jack\Downloads\cmd.txt deleted successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Jack\Downloads\cmd.bat deleted successfully.
C:\Users\Jack\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.53.0 log created on 07292012_144043

Malware Bytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jack :: JACK-PC [administrator]

29/07/2012 2:52:44 PM
mbam-log-2012-07-29 (14-52-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 265231
Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Jack\AppData\Local\Temp\123.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jack\AppData\Local\Temp\6622376.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Jack\Local Settings\Temporary Internet Files\Content.IE5\KIG7R50L\svchost[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


If it's safe to run and send you back the fourth and final step before the antivirus software completes it full system scan I can also send you that.
  • 0

#29
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Is it normal that the Avast antivirus is currently at 34 minutes in, and yet the percentage progress bar is still at 0%?
  • 0

#30
ugrinwa

ugrinwa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Hi Michael.

Avast found 48 infected files after it finally completed running a full sys scan.
I took the deafult action, which was to Move to Chest. Not sure what that means exactly.

There is no way for me to copy and paste the results to show you unless you have suggestion?

Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP