Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Only Safe Mode works, but not for long [Solved]

Started by zeeth , Nov 29 2012 05:12 AM

  • This topic is locked This topic is locked

#1
zeeth
Posted 29 November 2012 - 05:12 AM

zeeth

    Member

  • Member
  • PipPip
  • 21 posts
My daughter's 12 month old Toshiba Satellite suddenly became unresponsive a week ago. About a minute after boot it quickly gets slower & slower & then only holding down the power button has any effect.

I can get into safe mode, but that also starts to slow & freeze, depending on what I try to do...files tranfers to external drives for example.

HijackThis will not run. Malwarebytes freezes early in the scan. 5 or 6 of the MBAM Chameleon variants run, but never progress beyond " removing malicious processes,please wait..." the cursor keeps flashing for hours, but there is no cpu use in Task Manager.

OTL did work, with a quick scan at the default setings:

OTL logfile created on: 29-Nov-12 7:40:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sophie\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.70 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 86.32% Memory free
5.40 Gb Paging File | 5.06 Gb Available in Paging File | 93.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 582.17 Gb Total Space | 422.19 Gb Free Space | 72.52% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
PRC - [2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-10-29 19:03:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-12-25 14:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2010-12-21 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-12-21 12:25:52 | 000,685,488 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010-12-10 11:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010-12-09 09:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010-12-09 09:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-11-30 08:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-10-21 08:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010-04-13 04:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-04-04 10:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-01-29 10:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007-11-28 15:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (91581523)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (73311051)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (38774462)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (12882826)
DRV - [2012-11-28 19:22:41 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-09-24 22:01:24 | 000,095,224 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012-09-24 22:00:48 | 000,076,648 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012-09-24 22:00:12 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012-07-21 12:04:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012-07-21 12:04:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012-07-21 12:04:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012-01-18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 10:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011-01-28 09:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011-01-28 06:35:04 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011-01-21 04:26:26 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010-12-18 13:44:24 | 002,129,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-12-11 07:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010-12-11 07:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010-12-02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-12-02 10:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-12-01 08:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010-11-30 05:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010-11-20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-12 04:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010-11-09 06:43:48 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-10-20 10:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010-10-19 08:13:58 | 000,033,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010-10-15 18:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010-08-31 04:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010-06-19 10:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010-04-27 05:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009-07-31 11:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-25 05:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009-07-15 09:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-06-30 10:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009-06-30 04:25:28 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009-06-25 09:08:30 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009-06-23 11:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-06-20 13:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009-06-20 03:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009-06-18 05:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009-06-16 08:58:22 | 000,009,216 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sophie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2012-11-25 15:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012-07-21 12:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012-11-25 15:53:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.4.0.1023_0\

O1 HOSTS File: ([2009-06-11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43444E27-F7D3-4DD3-878C-46934E06979F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF2F08-DBBC-4551-8BBF-EA38FBBF83D9}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-29 19:12:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 18:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes
[2012-11-28 18:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}
[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}
[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}
[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}
[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}
[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}
[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}
[2012-11-25 23:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}
[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}
[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}
[2012-11-25 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\One Direction -Take Me Home (Limited Yearbook Edition) - 2012 - pLAN9
[2012-11-25 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}
[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}
[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}
[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}
[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}
[2012-11-12 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\Pretty In Pink 1986 DvDrip[Eng]-greenbud1969
[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}
[2012-11-05 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{C203DF9F-2562-4E60-B94D-9B4E332ADB53}
[2012-11-03 09:25:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BA305F3A-BEB0-4030-BC33-F9E2E5D9C934}
[2012-11-02 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{71954405-9DEE-4310-8BE9-CF191F16E037}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-29 19:39:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-11-29 19:39:51 | 2175,160,320 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-26 23:13:53 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 22:22:18 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-26 22:21:35 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-26 21:25:05 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 16:05:34 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-26 14:43:10 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-25 23:01:25 | 000,002,969 | ---- | M] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:58:45 | 009,036,526 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012-11-24 08:58:45 | 003,056,046 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012-11-24 08:28:55 | 000,001,782 | ---- | M] () -- C:\Users\Sophie\Desktop\iTunes.lnk
[2012-11-17 19:25:43 | 000,386,792 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-11-16 22:24:33 | 000,021,026 | ---- | M] () -- C:\Users\Sophie\Desktop\xxvbedfgbfgb.JPG
[2012-11-15 16:31:14 | 000,020,279 | ---- | M] () -- C:\Users\Sophie\Desktop\hot foreign boy.JPG
[2012-11-14 22:29:46 | 000,008,359 | ---- | M] () -- C:\Users\Sophie\Desktop\fgdfg.JPG
[2012-11-14 22:26:17 | 000,008,982 | ---- | M] () -- C:\Users\Sophie\Desktop\Capture.JPGdrfsgdfg.JPG
[2012-11-04 19:26:56 | 002,966,210 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0131.JPG
[2012-11-04 19:26:38 | 002,769,312 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0130.JPG
[2012-11-04 19:26:24 | 002,965,999 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0129.JPG
[2012-11-03 09:29:05 | 000,023,741 | ---- | M] () -- C:\Users\Sophie\Desktop\yolo.jpg
[2012-11-01 21:33:14 | 000,009,705 | ---- | M] () -- C:\Users\Sophie\Desktop\sgfdhgf.JPG
[2012-11-01 21:33:01 | 000,009,705 | ---- | M] () -- C:\Users\Sophie\Desktop\Capture.JPG
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-28 19:22:41 | 000,031,560 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-25 23:01:25 | 000,002,969 | ---- | C] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:28:55 | 000,001,782 | ---- | C] () -- C:\Users\Sophie\Desktop\iTunes.lnk
[2012-11-17 10:49:50 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 10:48:26 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-16 22:24:29 | 000,021,026 | ---- | C] () -- C:\Users\Sophie\Desktop\xxvbedfgbfgb.JPG
[2012-11-15 16:31:13 | 000,020,279 | ---- | C] () -- C:\Users\Sophie\Desktop\hot foreign boy.JPG
[2012-11-14 22:29:45 | 000,008,359 | ---- | C] () -- C:\Users\Sophie\Desktop\fgdfg.JPG
[2012-11-14 22:26:16 | 000,008,982 | ---- | C] () -- C:\Users\Sophie\Desktop\Capture.JPGdrfsgdfg.JPG
[2012-11-05 20:25:28 | 002,966,210 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0131.JPG
[2012-11-05 20:25:28 | 002,965,999 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0129.JPG
[2012-11-05 20:25:28 | 002,769,312 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0130.JPG
[2012-11-03 09:29:04 | 000,023,741 | ---- | C] () -- C:\Users\Sophie\Desktop\yolo.jpg
[2012-11-01 21:33:14 | 000,009,705 | ---- | C] () -- C:\Users\Sophie\Desktop\sgfdhgf.JPG
[2012-05-30 03:37:16 | 000,005,120 | ---- | C] () -- C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-15 07:50:59 | 000,086,016 | ---- | C] () -- C:\windows\System32\custmon32i.dll
[2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012-01-18 07:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011-10-29 23:11:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-29 20:00:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011-10-29 18:26:52 | 000,000,056 | ---- | C] () -- C:\windows\System32\SupportTool.exe.bat
[2011-07-30 06:27:54 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011-07-30 05:57:33 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011-04-05 20:58:28 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011-04-05 20:58:28 | 000,216,876 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011-04-05 20:23:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011-02-18 11:28:03 | 001,335,354 | ---- | C] () -- C:\windows\System32\WinIMGiT.exe
[2011-02-18 11:28:03 | 000,831,545 | ---- | C] () -- C:\windows\System32\SvrChooser.exe
[2011-02-18 11:28:03 | 000,524,288 | ---- | C] () -- C:\windows\System32\SvrChooser--bakup.exe
[2011-02-18 11:28:03 | 000,286,720 | ---- | C] () -- C:\windows\System32\QueryClient.exe
[2011-02-18 11:28:03 | 000,249,856 | ---- | C] () -- C:\windows\System32\WDiskClr.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\SmtRpt.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ReplaceS.exe
[2011-02-18 11:28:03 | 000,040,960 | ---- | C] () -- C:\windows\System32\WAITJOIN.EXE
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\TCLHK.INI
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\SinglePart.ini
[2011-02-18 11:28:02 | 000,221,184 | ---- | C] () -- C:\windows\System32\pf.exe
[2011-02-18 11:28:02 | 000,049,152 | ---- | C] () -- C:\windows\System32\ipart32.exe
[2011-02-18 11:28:02 | 000,045,056 | ---- | C] () -- C:\windows\System32\IniMdfy.exe
[2011-02-18 11:28:02 | 000,001,478 | ---- | C] () -- C:\windows\System32\linux_part.ini
[2011-02-18 11:28:02 | 000,000,716 | ---- | C] () -- C:\windows\System32\JAPAN.INI
[2011-02-18 11:28:02 | 000,000,711 | ---- | C] () -- C:\windows\System32\part.ini
[2011-02-18 11:28:02 | 000,000,578 | ---- | C] () -- C:\windows\System32\PART-N.INI
[2011-02-18 11:28:02 | 000,000,290 | ---- | C] () -- C:\windows\System32\PART-S.INI
[2011-02-18 11:28:02 | 000,000,286 | ---- | C] () -- C:\windows\System32\JPNXP.INI
[2011-02-18 11:28:02 | 000,000,063 | ---- | C] () -- C:\windows\System32\PORTMAP.INI
[2011-02-18 11:28:01 | 002,770,568 | ---- | C] () -- C:\windows\System32\gdisk32.exe
[2011-02-18 11:28:01 | 000,925,757 | ---- | C] () -- C:\windows\System32\IMGiTSetting.exe
[2011-02-18 11:28:01 | 000,495,616 | ---- | C] () -- C:\windows\System32\IMGFileChk.exe
[2011-02-18 11:28:01 | 000,069,632 | ---- | C] () -- C:\windows\System32\GetNicSpeed.exe
[2011-02-18 11:28:01 | 000,001,743 | ---- | C] () -- C:\windows\System32\imgit-rs.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit-b.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit.ini
[2011-02-18 11:28:01 | 000,001,314 | ---- | C] () -- C:\windows\System32\imgit-cp.ini
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\DisMount.exe
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\bwSleep.exe
[2011-02-18 11:27:58 | 000,000,718 | ---- | C] () -- C:\windows\System32\FAAAA.INI
[2011-02-18 11:27:58 | 000,000,716 | ---- | C] () -- C:\windows\System32\FAFFF.INI
[2011-02-18 11:27:58 | 000,000,712 | ---- | C] () -- C:\windows\System32\AFFFF.INI
[2011-02-18 11:27:58 | 000,000,434 | ---- | C] () -- C:\windows\System32\ENG.INI
[2011-02-18 11:27:57 | 000,000,720 | ---- | C] () -- C:\windows\System32\AAAAA.INI
[2011-01-28 02:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011-01-28 02:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011-01-28 02:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2010-12-15 10:20:28 | 000,009,728 | ---- | C] () -- C:\windows\System32\shortcut.dll

========== ZeroAccess Check ==========

[2009-07-14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-10-29 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Amazon
[2011-11-22 22:02:19 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Azureus
[2012-06-14 04:14:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Media Get LLC
[2011-10-29 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Tific
[2011-10-30 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Toshiba
[2012-09-26 00:53:41 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Ulead Systems
[2011-10-29 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WildTangent
[2011-10-30 10:58:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >



OTL logfile created on: 29-Nov-12 7:40:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sophie\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.70 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 86.32% Memory free
5.40 Gb Paging File | 5.06 Gb Available in Paging File | 93.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 582.17 Gb Total Space | 422.19 Gb Free Space | 72.52% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
PRC - [2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-07-13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-10-29 19:03:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-12-25 14:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2010-12-21 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-12-21 12:25:52 | 000,685,488 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010-12-10 11:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010-12-09 09:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010-12-09 09:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-11-30 08:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-10-21 08:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010-04-13 04:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-04-04 10:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-01-29 10:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007-11-28 15:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (91581523)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (73311051)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (38774462)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (12882826)
DRV - [2012-11-28 19:22:41 | 000,031,560 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012-09-29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-09-24 22:01:24 | 000,095,224 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012-09-24 22:00:48 | 000,076,648 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012-09-24 22:00:12 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012-07-21 12:04:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012-07-21 12:04:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012-07-21 12:04:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012-01-18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 10:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011-01-28 09:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011-01-28 06:35:04 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011-01-21 04:26:26 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010-12-18 13:44:24 | 002,129,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-12-11 07:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010-12-11 07:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010-12-02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-12-02 10:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-12-01 08:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010-11-30 05:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010-11-20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-12 04:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010-11-09 06:43:48 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-10-20 10:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010-10-19 08:13:58 | 000,033,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010-10-15 18:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010-08-31 04:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010-06-19 10:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010-04-27 05:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009-07-31 11:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-25 05:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009-07-15 09:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-06-30 10:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009-06-30 04:25:28 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009-06-25 09:08:30 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009-06-23 11:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-06-20 13:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009-06-20 03:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009-06-18 05:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009-06-16 08:58:22 | 000,009,216 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sophie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2012-11-25 15:49:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012-07-21 12:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012-11-25 15:53:56 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\5.4.0.1023_0\

O1 HOSTS File: ([2009-06-11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43444E27-F7D3-4DD3-878C-46934E06979F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF2F08-DBBC-4551-8BBF-EA38FBBF83D9}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-29 19:12:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 18:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes
[2012-11-28 18:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}
[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}
[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}
[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}
[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}
[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}
[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}
[2012-11-25 23:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}
[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}
[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}
[2012-11-25 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\One Direction -Take Me Home (Limited Yearbook Edition) - 2012 - pLAN9
[2012-11-25 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}
[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}
[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}
[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}
[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}
[2012-11-12 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\Pretty In Pink 1986 DvDrip[Eng]-greenbud1969
[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}
[2012-11-05 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{C203DF9F-2562-4E60-B94D-9B4E332ADB53}
[2012-11-03 09:25:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BA305F3A-BEB0-4030-BC33-F9E2E5D9C934}
[2012-11-02 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{71954405-9DEE-4310-8BE9-CF191F16E037}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-29 19:39:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-11-29 19:39:51 | 2175,160,320 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-26 23:13:53 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 22:22:18 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-26 22:21:35 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-26 21:25:05 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 16:05:34 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-26 14:43:10 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-25 23:01:25 | 000,002,969 | ---- | M] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:58:45 | 009,036,526 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012-11-24 08:58:45 | 003,056,046 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012-11-24 08:28:55 | 000,001,782 | ---- | M] () -- C:\Users\Sophie\Desktop\iTunes.lnk
[2012-11-17 19:25:43 | 000,386,792 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-11-16 22:24:33 | 000,021,026 | ---- | M] () -- C:\Users\Sophie\Desktop\xxvbedfgbfgb.JPG
[2012-11-15 16:31:14 | 000,020,279 | ---- | M] () -- C:\Users\Sophie\Desktop\hot foreign boy.JPG
[2012-11-14 22:29:46 | 000,008,359 | ---- | M] () -- C:\Users\Sophie\Desktop\fgdfg.JPG
[2012-11-14 22:26:17 | 000,008,982 | ---- | M] () -- C:\Users\Sophie\Desktop\Capture.JPGdrfsgdfg.JPG
[2012-11-04 19:26:56 | 002,966,210 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0131.JPG
[2012-11-04 19:26:38 | 002,769,312 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0130.JPG
[2012-11-04 19:26:24 | 002,965,999 | ---- | M] () -- C:\Users\Sophie\Desktop\SANY0129.JPG
[2012-11-03 09:29:05 | 000,023,741 | ---- | M] () -- C:\Users\Sophie\Desktop\yolo.jpg
[2012-11-01 21:33:14 | 000,009,705 | ---- | M] () -- C:\Users\Sophie\Desktop\sgfdhgf.JPG
[2012-11-01 21:33:01 | 000,009,705 | ---- | M] () -- C:\Users\Sophie\Desktop\Capture.JPG
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-28 19:22:41 | 000,031,560 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-25 23:01:25 | 000,002,969 | ---- | C] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:28:55 | 000,001,782 | ---- | C] () -- C:\Users\Sophie\Desktop\iTunes.lnk
[2012-11-17 10:49:50 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 10:48:26 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-11-16 22:24:29 | 000,021,026 | ---- | C] () -- C:\Users\Sophie\Desktop\xxvbedfgbfgb.JPG
[2012-11-15 16:31:13 | 000,020,279 | ---- | C] () -- C:\Users\Sophie\Desktop\hot foreign boy.JPG
[2012-11-14 22:29:45 | 000,008,359 | ---- | C] () -- C:\Users\Sophie\Desktop\fgdfg.JPG
[2012-11-14 22:26:16 | 000,008,982 | ---- | C] () -- C:\Users\Sophie\Desktop\Capture.JPGdrfsgdfg.JPG
[2012-11-05 20:25:28 | 002,966,210 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0131.JPG
[2012-11-05 20:25:28 | 002,965,999 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0129.JPG
[2012-11-05 20:25:28 | 002,769,312 | ---- | C] () -- C:\Users\Sophie\Desktop\SANY0130.JPG
[2012-11-03 09:29:04 | 000,023,741 | ---- | C] () -- C:\Users\Sophie\Desktop\yolo.jpg
[2012-11-01 21:33:14 | 000,009,705 | ---- | C] () -- C:\Users\Sophie\Desktop\sgfdhgf.JPG
[2012-05-30 03:37:16 | 000,005,120 | ---- | C] () -- C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-15 07:50:59 | 000,086,016 | ---- | C] () -- C:\windows\System32\custmon32i.dll
[2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012-01-18 07:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011-10-29 23:11:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-29 20:00:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011-10-29 18:26:52 | 000,000,056 | ---- | C] () -- C:\windows\System32\SupportTool.exe.bat
[2011-07-30 06:27:54 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011-07-30 05:57:33 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011-04-05 20:58:28 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011-04-05 20:58:28 | 000,216,876 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011-04-05 20:23:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011-02-18 11:28:03 | 001,335,354 | ---- | C] () -- C:\windows\System32\WinIMGiT.exe
[2011-02-18 11:28:03 | 000,831,545 | ---- | C] () -- C:\windows\System32\SvrChooser.exe
[2011-02-18 11:28:03 | 000,524,288 | ---- | C] () -- C:\windows\System32\SvrChooser--bakup.exe
[2011-02-18 11:28:03 | 000,286,720 | ---- | C] () -- C:\windows\System32\QueryClient.exe
[2011-02-18 11:28:03 | 000,249,856 | ---- | C] () -- C:\windows\System32\WDiskClr.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\SmtRpt.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ReplaceS.exe
[2011-02-18 11:28:03 | 000,040,960 | ---- | C] () -- C:\windows\System32\WAITJOIN.EXE
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\TCLHK.INI
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\SinglePart.ini
[2011-02-18 11:28:02 | 000,221,184 | ---- | C] () -- C:\windows\System32\pf.exe
[2011-02-18 11:28:02 | 000,049,152 | ---- | C] () -- C:\windows\System32\ipart32.exe
[2011-02-18 11:28:02 | 000,045,056 | ---- | C] () -- C:\windows\System32\IniMdfy.exe
[2011-02-18 11:28:02 | 000,001,478 | ---- | C] () -- C:\windows\System32\linux_part.ini
[2011-02-18 11:28:02 | 000,000,716 | ---- | C] () -- C:\windows\System32\JAPAN.INI
[2011-02-18 11:28:02 | 000,000,711 | ---- | C] () -- C:\windows\System32\part.ini
[2011-02-18 11:28:02 | 000,000,578 | ---- | C] () -- C:\windows\System32\PART-N.INI
[2011-02-18 11:28:02 | 000,000,290 | ---- | C] () -- C:\windows\System32\PART-S.INI
[2011-02-18 11:28:02 | 000,000,286 | ---- | C] () -- C:\windows\System32\JPNXP.INI
[2011-02-18 11:28:02 | 000,000,063 | ---- | C] () -- C:\windows\System32\PORTMAP.INI
[2011-02-18 11:28:01 | 002,770,568 | ---- | C] () -- C:\windows\System32\gdisk32.exe
[2011-02-18 11:28:01 | 000,925,757 | ---- | C] () -- C:\windows\System32\IMGiTSetting.exe
[2011-02-18 11:28:01 | 000,495,616 | ---- | C] () -- C:\windows\System32\IMGFileChk.exe
[2011-02-18 11:28:01 | 000,069,632 | ---- | C] () -- C:\windows\System32\GetNicSpeed.exe
[2011-02-18 11:28:01 | 000,001,743 | ---- | C] () -- C:\windows\System32\imgit-rs.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit-b.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit.ini
[2011-02-18 11:28:01 | 000,001,314 | ---- | C] () -- C:\windows\System32\imgit-cp.ini
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\DisMount.exe
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\bwSleep.exe
[2011-02-18 11:27:58 | 000,000,718 | ---- | C] () -- C:\windows\System32\FAAAA.INI
[2011-02-18 11:27:58 | 000,000,716 | ---- | C] () -- C:\windows\System32\FAFFF.INI
[2011-02-18 11:27:58 | 000,000,712 | ---- | C] () -- C:\windows\System32\AFFFF.INI
[2011-02-18 11:27:58 | 000,000,434 | ---- | C] () -- C:\windows\System32\ENG.INI
[2011-02-18 11:27:57 | 000,000,720 | ---- | C] () -- C:\windows\System32\AAAAA.INI
[2011-01-28 02:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011-01-28 02:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011-01-28 02:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2010-12-15 10:20:28 | 000,009,728 | ---- | C] () -- C:\windows\System32\shortcut.dll

========== ZeroAccess Check ==========

[2009-07-14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-10-29 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Amazon
[2011-11-22 22:02:19 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Azureus
[2012-06-14 04:14:04 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Media Get LLC
[2011-10-29 23:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Tific
[2011-10-30 20:16:40 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Toshiba
[2012-09-26 00:53:41 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Ulead Systems
[2011-10-29 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\WildTangent
[2011-10-30 10:58:08 | 000,000,000 | ---D | M] -- C:\Users\Sophie\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 02 December 2012 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay, when you try to enter normal windows what errors do you get ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (91581523)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (73311051)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (38774462)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (12882826)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}
[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}
[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}
[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}
[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}
[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}
[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}
[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}
[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}
[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}
[2012-11-25 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}
[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}
[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}
[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}
[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}
[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}
[2012-11-05 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{C203DF9F-2562-4E60-B94D-9B4E332ADB53}
[2012-11-03 09:25:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BA305F3A-BEB0-4030-BC33-F9E2E5D9C934}
[2012-11-02 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{71954405-9DEE-4310-8BE9-CF191F16E037}

:Files
C:\PROGRA~1\WI3C8A~1

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

I would like a different OTL scan, this will only produce one log


  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
zeeth
Posted 02 December 2012 - 06:18 PM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you so much for your time.

This has been EXTREMELY frustrating. This is the fourth time I've tried responding,hard rebooting into safe mode getting lgged back into your site getting OTL to work, having to use a usb stick to copy & paste & back again in case everything freezes up again, etc.

My version of OTL does not have the "include 64bit scans" check box.

As well, system restore seems to have been turned off by the virus & nothing I have tried will enable it or get it to start, including various CMD entries.It's just not there.

Your first instructions for Run Fix:

All processes killed
Error: Unable to interpret <:OTLDRV - File not found [Kernel | On_Demand | Stopped] -- -- (91581523)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (73311051)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (38774462)DRV - File not found [Kernel | On_Demand | Stopped] -- -- (12882826)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not foundO3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - HKLM..\Run: [] File not found[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData> in the current context!
Error: Unable to interpret <\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}[2012-11-25 09:37:24 | 000,000,000 > in the current context!
Error: Unable to interpret <| ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}[2012-11-05 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{C203DF9F-2562-4E60-B94D-9B4E332ADB53}[2012-11-03 09:25:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BA305F3A-BEB0-4030-BC33-F9E2E5D9C934}[2012-11-02 18:50:47 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{71954405-9DEE-4310-8BE9-CF191F16E0> in the current context!
Error: Unable to interpret <37}> in the current context!
Error: Unable to interpret <:FilesC:\PROGRA~1\WI3C8A~1:Commands[resethosts][emptytemp][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12032012_075438

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Your second instruction Scan only produced an OTL.txt, no extras.txt:

OTL logfile created on: 03-Dec-12 10:11:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sophie\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.70 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 85.98% Memory free
5.40 Gb Paging File | 5.05 Gb Available in Paging File | 93.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 582.17 Gb Total Space | 422.23 Gb Free Space | 72.53% Space Free | Partition Type: NTFS
Drive E: | 3.72 Gb Total Space | 2.73 Gb Free Space | 73.28% Space Free | Partition Type: FAT32

Computer Name: TOSHIBA-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
PRC - [2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012-07-13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-10-29 19:03:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-12-25 14:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2010-12-21 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-12-21 12:25:52 | 000,685,488 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010-12-10 11:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010-12-09 09:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010-12-09 09:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-11-30 08:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-10-21 08:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010-04-13 04:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-04-04 10:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-01-29 10:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007-11-28 15:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV - [2012-12-02 13:02:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-09-24 22:01:24 | 000,095,224 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012-09-24 22:00:48 | 000,076,648 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012-09-24 22:00:12 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012-07-21 12:04:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012-07-21 12:04:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012-07-21 12:04:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012-01-18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 10:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011-01-28 09:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011-01-28 06:35:04 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011-01-21 04:26:26 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010-12-18 13:44:24 | 002,129,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-12-11 07:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010-12-11 07:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010-12-02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-12-02 10:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-12-01 08:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010-11-30 05:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010-11-20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-12 04:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010-11-09 06:43:48 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-10-20 10:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010-10-19 08:13:58 | 000,033,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010-10-15 18:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010-08-31 04:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010-06-19 10:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010-04-27 05:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009-07-31 11:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-25 05:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009-07-15 09:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-06-30 10:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009-06-30 04:25:28 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009-06-25 09:08:30 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009-06-23 11:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-06-20 13:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009-06-20 03:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009-06-18 05:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009-06-16 08:58:22 | 000,009,216 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sophie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2012-12-03 08:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012-07-21 12:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012-11-25 15:53:56 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2009-06-11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI3C8A~1\Datamngr\BROWSE~1.DLL File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001..\Run: [Facebook Update] C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.17.36.1 203.17.36.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43444E27-F7D3-4DD3-878C-46934E06979F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF2F08-DBBC-4551-8BBF-EA38FBBF83D9}: DhcpNameServer = 203.17.36.1 203.17.36.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-11-22 14:08:16 | 000,000,110 | -H-- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012-12-03 09:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Soph Desktop
[2012-12-03 07:54:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-02 13:02:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012-12-02 09:42:23 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BFE2B5A1-2AED-43E3-8B9D-0BD0C8146324}
[2012-12-02 08:12:30 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{66A69A5C-A9DC-4C52-890F-CDD31D6D43D3}
[2012-11-30 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{41CAFB37-B7C6-4A63-AF9A-B96067593799}
[2012-11-29 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\RK_Quarantine
[2012-11-29 19:12:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 18:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes
[2012-11-28 18:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}
[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}
[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}
[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}
[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}
[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}
[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}
[2012-11-25 23:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}
[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}
[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}
[2012-11-25 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\One Direction -Take Me Home (Limited Yearbook Edition) - 2012 - pLAN9
[2012-11-25 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}
[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}
[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}
[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}
[2012-11-17 10:49:37 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012-11-17 10:49:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012-11-17 10:48:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012-11-17 10:48:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012-11-17 10:48:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012-11-17 10:47:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012-11-17 10:47:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012-11-17 10:47:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012-11-17 10:47:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012-11-17 10:47:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012-11-17 10:47:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012-11-17 10:47:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012-11-17 10:47:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012-11-16 07:45:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012-11-16 07:45:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012-11-16 07:45:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012-11-16 07:45:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012-11-16 07:45:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012-11-16 07:45:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012-11-16 07:45:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}
[2012-11-12 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\Pretty In Pink 1986 DvDrip[Eng]-greenbud1969
[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}
[2012-11-05 19:51:12 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{C203DF9F-2562-4E60-B94D-9B4E332ADB53}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-12-03 10:09:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-12-03 10:09:06 | 2175,160,320 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-02 13:02:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012-12-02 11:48:10 | 000,385,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-12-02 09:37:47 | 000,003,536 | ---- | M] () -- C:\bootsqm.dat
[2012-11-30 20:58:21 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-30 20:58:21 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-29 20:37:46 | 000,752,128 | ---- | M] () -- C:\Users\Sophie\Desktop\RogueKiller.exe
[2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-26 23:13:53 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 21:25:05 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-11-26 16:05:34 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-26 14:43:10 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-25 23:01:25 | 000,002,969 | ---- | M] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:58:45 | 009,036,526 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012-11-24 08:58:45 | 003,056,046 | ---- | M] () -- C:\windows\System32\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-02 09:37:47 | 000,003,536 | ---- | C] () -- C:\bootsqm.dat
[2012-11-29 20:37:22 | 000,752,128 | ---- | C] () -- C:\Users\Sophie\Desktop\RogueKiller.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-25 23:01:25 | 000,002,969 | ---- | C] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-17 10:49:50 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 10:48:26 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-05-30 03:37:16 | 000,005,120 | ---- | C] () -- C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-15 07:50:59 | 000,086,016 | ---- | C] () -- C:\windows\System32\custmon32i.dll
[2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012-01-18 07:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011-10-29 23:11:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-29 20:00:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011-10-29 18:26:52 | 000,000,056 | ---- | C] () -- C:\windows\System32\SupportTool.exe.bat
[2011-07-30 06:27:54 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011-07-30 05:57:33 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011-04-05 20:58:28 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011-04-05 20:58:28 | 000,216,876 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011-04-05 20:23:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011-02-18 11:28:03 | 001,335,354 | ---- | C] () -- C:\windows\System32\WinIMGiT.exe
[2011-02-18 11:28:03 | 000,831,545 | ---- | C] () -- C:\windows\System32\SvrChooser.exe
[2011-02-18 11:28:03 | 000,524,288 | ---- | C] () -- C:\windows\System32\SvrChooser--bakup.exe
[2011-02-18 11:28:03 | 000,286,720 | ---- | C] () -- C:\windows\System32\QueryClient.exe
[2011-02-18 11:28:03 | 000,249,856 | ---- | C] () -- C:\windows\System32\WDiskClr.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\SmtRpt.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ReplaceS.exe
[2011-02-18 11:28:03 | 000,040,960 | ---- | C] () -- C:\windows\System32\WAITJOIN.EXE
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\TCLHK.INI
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\SinglePart.ini
[2011-02-18 11:28:02 | 000,221,184 | ---- | C] () -- C:\windows\System32\pf.exe
[2011-02-18 11:28:02 | 000,049,152 | ---- | C] () -- C:\windows\System32\ipart32.exe
[2011-02-18 11:28:02 | 000,045,056 | ---- | C] () -- C:\windows\System32\IniMdfy.exe
[2011-02-18 11:28:02 | 000,001,478 | ---- | C] () -- C:\windows\System32\linux_part.ini
[2011-02-18 11:28:02 | 000,000,716 | ---- | C] () -- C:\windows\System32\JAPAN.INI
[2011-02-18 11:28:02 | 000,000,711 | ---- | C] () -- C:\windows\System32\part.ini
[2011-02-18 11:28:02 | 000,000,578 | ---- | C] () -- C:\windows\System32\PART-N.INI
[2011-02-18 11:28:02 | 000,000,290 | ---- | C] () -- C:\windows\System32\PART-S.INI
[2011-02-18 11:28:02 | 000,000,286 | ---- | C] () -- C:\windows\System32\JPNXP.INI
[2011-02-18 11:28:02 | 000,000,063 | ---- | C] () -- C:\windows\System32\PORTMAP.INI
[2011-02-18 11:28:01 | 002,770,568 | ---- | C] () -- C:\windows\System32\gdisk32.exe
[2011-02-18 11:28:01 | 000,925,757 | ---- | C] () -- C:\windows\System32\IMGiTSetting.exe
[2011-02-18 11:28:01 | 000,495,616 | ---- | C] () -- C:\windows\System32\IMGFileChk.exe
[2011-02-18 11:28:01 | 000,069,632 | ---- | C] () -- C:\windows\System32\GetNicSpeed.exe
[2011-02-18 11:28:01 | 000,001,743 | ---- | C] () -- C:\windows\System32\imgit-rs.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit-b.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit.ini
[2011-02-18 11:28:01 | 000,001,314 | ---- | C] () -- C:\windows\System32\imgit-cp.ini
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\DisMount.exe
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\bwSleep.exe
[2011-02-18 11:27:58 | 000,000,718 | ---- | C] () -- C:\windows\System32\FAAAA.INI
[2011-02-18 11:27:58 | 000,000,716 | ---- | C] () -- C:\windows\System32\FAFFF.INI
[2011-02-18 11:27:58 | 000,000,712 | ---- | C] () -- C:\windows\System32\AFFFF.INI
[2011-02-18 11:27:58 | 000,000,434 | ---- | C] () -- C:\windows\System32\ENG.INI
[2011-02-18 11:27:57 | 000,000,720 | ---- | C] () -- C:\windows\System32\AAAAA.INI
[2011-01-28 02:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011-01-28 02:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011-01-28 02:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2010-12-15 10:20:28 | 000,009,728 | ---- | C] () -- C:\windows\System32\shortcut.dll

========== ZeroAccess Check ==========

[2009-07-14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009-07-14 12:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2010-11-20 23:18:03 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009-07-14 12:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010-11-20 23:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010-11-20 23:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011-11-17 16:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009-07-14 12:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012-07-05 08:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012-06-02 15:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010-11-20 23:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010-11-20 23:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011-03-03 16:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009-07-14 12:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009-07-14 12:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009-07-14 12:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010-11-20 23:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009-07-14 12:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009-07-14 12:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009-07-14 12:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009-07-14 12:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012-10-04 03:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009-07-14 12:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011-05-24 21:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012-02-11 16:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011-11-17 16:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009-07-14 12:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010-11-20 23:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010-11-20 23:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009-07-14 12:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011-11-17 16:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009-07-14 12:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010-11-20 23:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010-11-20 23:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010-11-20 23:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010-11-20 23:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009-07-14 12:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012-05-01 15:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010-11-20 23:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010-11-20 23:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010-11-20 23:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010-11-20 23:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009-07-14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-11-20 23:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010-11-20 23:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010-11-20 23:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010-11-20 23:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009-07-14 12:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012-06-03 09:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010-11-20 23:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009-07-14 12:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010-11-20 23:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-02-26 16:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 12:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011-02-26 16:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009-10-31 16:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011-02-26 16:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010-11-20 23:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009-08-03 16:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-08-03 16:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-10-31 17:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009-06-11 08:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009-06-11 08:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.DLL >
[2010-03-01 13:47:38 | 004,463,896 | ---- | M] (SmartSound Software Inc.) MD5=3BA7FCEA9125BF98CE228551324E3EDA -- C:\Program Files\SmartSound Software\Quicktracks 5\Services.dll

< MD5 for: SERVICES.EXE >
[2009-07-14 12:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009-07-14 12:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009-07-14 13:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Users\Sophie\AppData\Local\Temp\services.exe.mui
[2009-07-14 13:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009-07-14 13:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009-07-14 15:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 15:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009-06-11 08:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009-06-11 08:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009-07-14 13:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009-06-11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009-07-14 13:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-11 08:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-14 07:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009-07-14 07:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009-07-14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 12:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012-09-29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 23:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 12:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-10-28 17:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 16:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 23:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 23:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012-09-29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-07-14 12:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009-07-14 08:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009-07-14 08:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009-07-14 08:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< End of report >


Thanks again for your time. I suspect I'm in a different time zone to you. I'm in Sydney.
  • 0

#4
Essexboy
Posted 03 December 2012 - 07:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A small time zone difference I am in the UK :)

Again these may be run from safe mode

OK to work

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#5
zeeth
Posted 03 December 2012 - 02:45 PM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks; your reply doesn't seem to become visible until many hours after you post it. Aargh.

ADW ran:

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 07:22:27
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Sophie - TOSHIBA-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Sophie\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Sophie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [680 octets] - [04/12/2012 07:22:27]
AdwCleaner[S1].txt - [4103 octets] - [04/12/2012 07:18:58]

########## EOF - C:\AdwCleaner[R1].txt - [799 octets] ##########


TDSKiller ran:

07:41:49.0545 1732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:41:50.0715 1732 ============================================================
07:41:50.0715 1732 Current date / time: 2012/12/04 07:41:50.0715
07:41:50.0715 1732 SystemInfo:
07:41:50.0715 1732
07:41:50.0715 1732 OS Version: 6.1.7601 ServicePack: 1.0
07:41:50.0715 1732 Product type: Workstation
07:41:50.0715 1732 ComputerName: TOSHIBA-PC
07:41:50.0715 1732 UserName: Sophie
07:41:50.0715 1732 Windows directory: C:\windows
07:41:50.0715 1732 System windows directory: C:\windows
07:41:50.0715 1732 Processor architecture: Intel x86
07:41:50.0715 1732 Number of processors: 4
07:41:50.0715 1732 Page size: 0x1000
07:41:50.0715 1732 Boot type: Safe boot with network
07:41:50.0715 1732 ============================================================
07:41:51.0043 1732 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:41:51.0043 1732 Drive \Device\Harddisk1\DR1 - Size: 0xEE700000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:41:51.0043 1732 ============================================================
07:41:51.0043 1732 \Device\Harddisk0\DR0:
07:41:51.0043 1732 MBR partitions:
07:41:51.0043 1732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48C54800
07:41:51.0043 1732 \Device\Harddisk1\DR1:
07:41:51.0043 1732 MBR partitions:
07:41:51.0043 1732 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x10, BlocksNum 0x7737F0
07:41:51.0043 1732 ============================================================
07:41:51.0105 1732 C: <-> \Device\Harddisk0\DR0\Partition1
07:41:51.0105 1732 ============================================================
07:41:51.0105 1732 Initialize success
07:41:51.0105 1732 ============================================================
07:41:59.0576 1076 ============================================================
07:41:59.0576 1076 Scan started
07:41:59.0576 1076 Mode: Manual; SigCheck; TDLFS;
07:41:59.0576 1076 ============================================================
07:41:59.0670 1076 ================ Scan system memory ========================
07:41:59.0670 1076 System memory - ok
07:41:59.0670 1076 ================ Scan services =============================
07:41:59.0873 1076 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
07:41:59.0919 1076 1394ohci - ok
07:41:59.0935 1076 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
07:41:59.0951 1076 ACPI - ok
07:41:59.0982 1076 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
07:41:59.0997 1076 AcpiPmi - ok
07:42:00.0044 1076 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
07:42:00.0060 1076 adp94xx - ok
07:42:00.0091 1076 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
07:42:00.0091 1076 adpahci - ok
07:42:00.0122 1076 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
07:42:00.0138 1076 adpu320 - ok
07:42:00.0200 1076 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
07:42:00.0200 1076 AeLookupSvc - ok
07:42:00.0247 1076 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
07:42:00.0247 1076 AFD - ok
07:42:00.0278 1076 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
07:42:00.0278 1076 agp440 - ok
07:42:00.0325 1076 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
07:42:00.0341 1076 aic78xx - ok
07:42:00.0372 1076 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
07:42:00.0387 1076 ALG - ok
07:42:00.0434 1076 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
07:42:00.0434 1076 aliide - ok
07:42:00.0450 1076 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
07:42:00.0465 1076 amdagp - ok
07:42:00.0497 1076 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
07:42:00.0512 1076 amdide - ok
07:42:00.0543 1076 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
07:42:00.0543 1076 AmdK8 - ok
07:42:00.0606 1076 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
07:42:00.0621 1076 AmdPPM - ok
07:42:00.0653 1076 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
07:42:00.0668 1076 amdsata - ok
07:42:00.0699 1076 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
07:42:00.0715 1076 amdsbs - ok
07:42:00.0731 1076 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
07:42:00.0731 1076 amdxata - ok
07:42:00.0902 1076 [ FEB0B5022C012A4A68DABCB711FAFF03 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
07:42:00.0918 1076 Amsp - ok
07:42:00.0949 1076 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\windows\system32\Drivers\ssadadb.sys
07:42:00.0965 1076 androidusb - ok
07:42:01.0011 1076 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
07:42:01.0027 1076 AppID - ok
07:42:01.0058 1076 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
07:42:01.0089 1076 AppIDSvc - ok
07:42:01.0121 1076 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
07:42:01.0136 1076 Appinfo - ok
07:42:01.0230 1076 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:42:01.0230 1076 Apple Mobile Device - ok
07:42:01.0261 1076 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
07:42:01.0277 1076 arc - ok
07:42:01.0292 1076 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
07:42:01.0308 1076 arcsas - ok
07:42:01.0323 1076 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
07:42:01.0339 1076 AsyncMac - ok
07:42:01.0370 1076 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
07:42:01.0386 1076 atapi - ok
07:42:01.0464 1076 [ 3DD5636164BA137089AF39E55F00FD2E ] athr C:\windows\system32\DRIVERS\athr.sys
07:42:01.0495 1076 athr - ok
07:42:01.0526 1076 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
07:42:01.0557 1076 AudioEndpointBuilder - ok
07:42:01.0557 1076 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
07:42:01.0589 1076 Audiosrv - ok
07:42:01.0620 1076 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
07:42:01.0635 1076 AxInstSV - ok
07:42:01.0667 1076 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
07:42:01.0682 1076 b06bdrv - ok
07:42:01.0713 1076 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
07:42:01.0729 1076 b57nd60x - ok
07:42:01.0776 1076 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
07:42:01.0791 1076 BDESVC - ok
07:42:01.0807 1076 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
07:42:01.0823 1076 Beep - ok
07:42:01.0869 1076 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
07:42:01.0885 1076 BFE - ok
07:42:01.0916 1076 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
07:42:01.0932 1076 BITS - ok
07:42:01.0963 1076 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
07:42:01.0979 1076 blbdrive - ok
07:42:02.0041 1076 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:42:02.0041 1076 Bonjour Service - ok
07:42:02.0072 1076 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
07:42:02.0072 1076 bowser - ok
07:42:02.0103 1076 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
07:42:02.0119 1076 BrFiltLo - ok
07:42:02.0135 1076 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
07:42:02.0135 1076 BrFiltUp - ok
07:42:02.0181 1076 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
07:42:02.0197 1076 Browser - ok
07:42:02.0213 1076 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
07:42:02.0228 1076 Brserid - ok
07:42:02.0228 1076 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
07:42:02.0244 1076 BrSerWdm - ok
07:42:02.0259 1076 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
07:42:02.0275 1076 BrUsbMdm - ok
07:42:02.0291 1076 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
07:42:02.0306 1076 BrUsbSer - ok
07:42:02.0353 1076 [ A65E0C67612ED2DE58DC80E7CDD8CB14 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
07:42:02.0353 1076 BtFilter - ok
07:42:02.0369 1076 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
07:42:02.0384 1076 BTHMODEM - ok
07:42:02.0431 1076 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
07:42:02.0447 1076 bthserv - ok
07:42:02.0462 1076 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
07:42:02.0493 1076 cdfs - ok
07:42:02.0540 1076 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
07:42:02.0540 1076 cdrom - ok
07:42:02.0587 1076 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
07:42:02.0603 1076 CertPropSvc - ok
07:42:02.0681 1076 [ 3653FD7871E8B5B92E9C3E2945BD293D ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
07:42:02.0681 1076 cfWiMAXService - ok
07:42:02.0727 1076 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
07:42:02.0727 1076 circlass - ok
07:42:02.0759 1076 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
07:42:02.0774 1076 CLFS - ok
07:42:02.0852 1076 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:42:02.0852 1076 clr_optimization_v2.0.50727_32 - ok
07:42:02.0915 1076 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:42:02.0915 1076 clr_optimization_v4.0.30319_32 - ok
07:42:02.0946 1076 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
07:42:02.0961 1076 CmBatt - ok
07:42:02.0977 1076 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
07:42:02.0977 1076 cmdide - ok
07:42:03.0024 1076 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
07:42:03.0039 1076 CNG - ok
07:42:03.0102 1076 [ DD308E51103270E3EB550574E3E27731 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT32.sys
07:42:03.0133 1076 CnxtHdAudService - ok
07:42:03.0164 1076 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
07:42:03.0180 1076 Compbatt - ok
07:42:03.0227 1076 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
07:42:03.0227 1076 CompositeBus - ok
07:42:03.0258 1076 COMSysApp - ok
07:42:03.0273 1076 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
07:42:03.0273 1076 ConfigFree Service - ok
07:42:03.0289 1076 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
07:42:03.0305 1076 crcdisk - ok
07:42:03.0336 1076 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
07:42:03.0336 1076 CryptSvc - ok
07:42:03.0383 1076 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
07:42:03.0398 1076 DcomLaunch - ok
07:42:03.0429 1076 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
07:42:03.0461 1076 defragsvc - ok
07:42:03.0507 1076 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
07:42:03.0523 1076 DfsC - ok
07:42:03.0570 1076 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
07:42:03.0570 1076 Dhcp - ok
07:42:03.0617 1076 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
07:42:03.0632 1076 discache - ok
07:42:03.0663 1076 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
07:42:03.0663 1076 Disk - ok
07:42:03.0695 1076 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
07:42:03.0710 1076 Dnscache - ok
07:42:03.0726 1076 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
07:42:03.0757 1076 dot3svc - ok
07:42:03.0788 1076 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
07:42:03.0804 1076 DPS - ok
07:42:03.0835 1076 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
07:42:03.0851 1076 drmkaud - ok
07:42:03.0897 1076 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
07:42:03.0913 1076 DXGKrnl - ok
07:42:03.0960 1076 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
07:42:03.0991 1076 EapHost - ok
07:42:04.0100 1076 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
07:42:04.0147 1076 ebdrv - ok
07:42:04.0178 1076 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
07:42:04.0178 1076 EFS - ok
07:42:04.0225 1076 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
07:42:04.0241 1076 ehRecvr - ok
07:42:04.0272 1076 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
07:42:04.0272 1076 ehSched - ok
07:42:04.0334 1076 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
07:42:04.0350 1076 elxstor - ok
07:42:04.0381 1076 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
07:42:04.0381 1076 ErrDev - ok
07:42:04.0428 1076 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
07:42:04.0443 1076 EventSystem - ok
07:42:04.0459 1076 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
07:42:04.0475 1076 exfat - ok
07:42:04.0490 1076 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
07:42:04.0506 1076 fastfat - ok
07:42:04.0568 1076 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
07:42:04.0584 1076 Fax - ok
07:42:04.0646 1076 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
07:42:04.0662 1076 fdc - ok
07:42:04.0677 1076 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
07:42:04.0709 1076 fdPHost - ok
07:42:04.0740 1076 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
07:42:04.0755 1076 FDResPub - ok
07:42:04.0771 1076 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
07:42:04.0771 1076 FileInfo - ok
07:42:04.0787 1076 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
07:42:04.0802 1076 Filetrace - ok
07:42:04.0802 1076 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
07:42:04.0818 1076 flpydisk - ok
07:42:04.0865 1076 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
07:42:04.0880 1076 FltMgr - ok
07:42:04.0911 1076 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
07:42:04.0927 1076 FontCache - ok
07:42:04.0989 1076 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:42:05.0005 1076 FontCache3.0.0.0 - ok
07:42:05.0005 1076 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
07:42:05.0021 1076 FsDepends - ok
07:42:05.0067 1076 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
07:42:05.0067 1076 fssfltr - ok
07:42:05.0161 1076 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
07:42:05.0192 1076 fsssvc - ok
07:42:05.0223 1076 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
07:42:05.0239 1076 Fs_Rec - ok
07:42:05.0286 1076 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
07:42:05.0301 1076 fvevol - ok
07:42:05.0333 1076 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
07:42:05.0348 1076 gagp30kx - ok
07:42:05.0411 1076 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
07:42:05.0411 1076 GameConsoleService - ok
07:42:05.0442 1076 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:42:05.0442 1076 GEARAspiWDM - ok
07:42:05.0489 1076 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
07:42:05.0504 1076 gpsvc - ok
07:42:05.0535 1076 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
07:42:05.0551 1076 hcw85cir - ok
07:42:05.0582 1076 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
07:42:05.0598 1076 HdAudAddService - ok
07:42:05.0613 1076 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
07:42:05.0629 1076 HDAudBus - ok
07:42:05.0660 1076 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
07:42:05.0660 1076 HidBatt - ok
07:42:05.0691 1076 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
07:42:05.0707 1076 HidBth - ok
07:42:05.0738 1076 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
07:42:05.0754 1076 HidIr - ok
07:42:05.0769 1076 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
07:42:05.0801 1076 hidserv - ok
07:42:05.0832 1076 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
07:42:05.0832 1076 HidUsb - ok
07:42:05.0863 1076 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
07:42:05.0879 1076 hkmsvc - ok
07:42:05.0894 1076 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
07:42:05.0910 1076 HomeGroupListener - ok
07:42:05.0941 1076 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
07:42:05.0957 1076 HomeGroupProvider - ok
07:42:05.0988 1076 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
07:42:06.0003 1076 HpSAMD - ok
07:42:06.0050 1076 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
07:42:06.0081 1076 HTTP - ok
07:42:06.0097 1076 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
07:42:06.0097 1076 hwpolicy - ok
07:42:06.0128 1076 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
07:42:06.0144 1076 i8042prt - ok
07:42:06.0191 1076 [ F989555F1662581032CCE1578A8FF28E ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
07:42:06.0191 1076 iaStor - ok
07:42:06.0237 1076 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
07:42:06.0253 1076 iaStorV - ok
07:42:06.0331 1076 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
07:42:06.0347 1076 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:42:06.0347 1076 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:42:06.0393 1076 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:42:06.0409 1076 idsvc - ok
07:42:06.0627 1076 [ CA7A6DFE9B6F2686B68C4D97CB42F63A ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
07:42:06.0752 1076 igfx - ok
07:42:06.0830 1076 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
07:42:06.0830 1076 iirsp - ok
07:42:06.0861 1076 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
07:42:06.0893 1076 IKEEXT - ok
07:42:06.0939 1076 [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
07:42:06.0939 1076 IntcDAud - ok
07:42:06.0986 1076 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
07:42:06.0986 1076 intelide - ok
07:42:07.0049 1076 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
07:42:07.0049 1076 intelppm - ok
07:42:07.0064 1076 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
07:42:07.0095 1076 IPBusEnum - ok
07:42:07.0095 1076 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
07:42:07.0127 1076 IpFilterDriver - ok
07:42:07.0173 1076 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
07:42:07.0189 1076 iphlpsvc - ok
07:42:07.0205 1076 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
07:42:07.0220 1076 IPMIDRV - ok
07:42:07.0283 1076 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
07:42:07.0298 1076 IPNAT - ok
07:42:07.0345 1076 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
07:42:07.0361 1076 iPod Service - ok
07:42:07.0392 1076 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
07:42:07.0407 1076 IRENUM - ok
07:42:07.0439 1076 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
07:42:07.0439 1076 isapnp - ok
07:42:07.0470 1076 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
07:42:07.0470 1076 iScsiPrt - ok
07:42:07.0517 1076 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
07:42:07.0517 1076 kbdclass - ok
07:42:07.0532 1076 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
07:42:07.0548 1076 kbdhid - ok
07:42:07.0579 1076 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
07:42:07.0579 1076 KeyIso - ok
07:42:07.0610 1076 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
07:42:07.0626 1076 KSecDD - ok
07:42:07.0657 1076 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
07:42:07.0657 1076 KSecPkg - ok
07:42:07.0688 1076 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
07:42:07.0704 1076 KtmRm - ok
07:42:07.0751 1076 [ E8E3B9DC901303BD8F590ADA711DE243 ] L1C C:\windows\system32\DRIVERS\L1C62x86.sys
07:42:07.0766 1076 L1C - ok
07:42:07.0797 1076 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
07:42:07.0829 1076 LanmanServer - ok
07:42:07.0844 1076 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
07:42:07.0860 1076 LanmanWorkstation - ok
07:42:07.0938 1076 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
07:42:07.0953 1076 lltdio - ok
07:42:07.0985 1076 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
07:42:08.0016 1076 lltdsvc - ok
07:42:08.0031 1076 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
07:42:08.0047 1076 lmhosts - ok
07:42:08.0109 1076 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:42:08.0125 1076 LMS - ok
07:42:08.0156 1076 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
07:42:08.0156 1076 LSI_FC - ok
07:42:08.0203 1076 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
07:42:08.0219 1076 LSI_SAS - ok
07:42:08.0234 1076 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
07:42:08.0234 1076 LSI_SAS2 - ok
07:42:08.0250 1076 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
07:42:08.0265 1076 LSI_SCSI - ok
07:42:08.0297 1076 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
07:42:08.0312 1076 luafv - ok
07:42:08.0359 1076 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\windows\system32\DRIVERS\lvrs.sys
07:42:08.0375 1076 LVRS - ok
07:42:08.0499 1076 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\windows\system32\DRIVERS\lvuvc.sys
07:42:08.0577 1076 LVUVC - ok
07:42:08.0609 1076 lxdn_device - ok
07:42:08.0655 1076 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\windows\system32\drivers\mbamswissarmy.sys
07:42:08.0671 1076 MBAMSwissArmy - ok
07:42:08.0718 1076 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
07:42:08.0718 1076 Mcx2Svc - ok
07:42:08.0765 1076 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
07:42:08.0765 1076 megasas - ok
07:42:08.0796 1076 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
07:42:08.0811 1076 MegaSR - ok
07:42:08.0843 1076 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\windows\system32\DRIVERS\HECI.sys
07:42:08.0843 1076 MEI - ok
07:42:08.0874 1076 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
07:42:08.0889 1076 MMCSS - ok
07:42:08.0905 1076 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
07:42:08.0921 1076 Modem - ok
07:42:08.0983 1076 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
07:42:08.0983 1076 monitor - ok
07:42:09.0014 1076 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
07:42:09.0014 1076 mouclass - ok
07:42:09.0045 1076 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
07:42:09.0061 1076 mouhid - ok
07:42:09.0092 1076 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
07:42:09.0108 1076 mountmgr - ok
07:42:09.0123 1076 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
07:42:09.0139 1076 mpio - ok
07:42:09.0201 1076 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
07:42:09.0217 1076 mpsdrv - ok
07:42:09.0248 1076 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
07:42:09.0279 1076 MpsSvc - ok
07:42:09.0295 1076 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
07:42:09.0311 1076 MRxDAV - ok
07:42:09.0357 1076 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
07:42:09.0357 1076 mrxsmb - ok
07:42:09.0373 1076 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
07:42:09.0389 1076 mrxsmb10 - ok
07:42:09.0404 1076 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
07:42:09.0420 1076 mrxsmb20 - ok
07:42:09.0451 1076 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
07:42:09.0451 1076 msahci - ok
07:42:09.0482 1076 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
07:42:09.0498 1076 msdsm - ok
07:42:09.0529 1076 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
07:42:09.0529 1076 MSDTC - ok
07:42:09.0576 1076 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
07:42:09.0591 1076 Msfs - ok
07:42:09.0638 1076 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
07:42:09.0654 1076 mshidkmdf - ok
07:42:09.0685 1076 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
07:42:09.0685 1076 msisadrv - ok
07:42:09.0732 1076 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
07:42:09.0747 1076 MSiSCSI - ok
07:42:09.0763 1076 msiserver - ok
07:42:09.0810 1076 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
07:42:09.0841 1076 MSKSSRV - ok
07:42:09.0857 1076 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
07:42:09.0888 1076 MSPCLOCK - ok
07:42:09.0903 1076 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
07:42:09.0919 1076 MSPQM - ok
07:42:09.0935 1076 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
07:42:09.0950 1076 MsRPC - ok
07:42:09.0981 1076 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
07:42:09.0997 1076 mssmbios - ok
07:42:10.0044 1076 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
07:42:10.0059 1076 MSTEE - ok
07:42:10.0075 1076 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
07:42:10.0091 1076 MTConfig - ok
07:42:10.0122 1076 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
07:42:10.0122 1076 Mup - ok
07:42:10.0153 1076 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
07:42:10.0169 1076 napagent - ok
07:42:10.0215 1076 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
07:42:10.0231 1076 NativeWifiP - ok
07:42:10.0293 1076 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
07:42:10.0309 1076 NDIS - ok
07:42:10.0325 1076 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
07:42:10.0356 1076 NdisCap - ok
07:42:10.0387 1076 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
07:42:10.0403 1076 NdisTapi - ok
07:42:10.0449 1076 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
07:42:10.0465 1076 Ndisuio - ok
07:42:10.0496 1076 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
07:42:10.0512 1076 NdisWan - ok
07:42:10.0543 1076 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
07:42:10.0574 1076 NDProxy - ok
07:42:10.0590 1076 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
07:42:10.0605 1076 NetBIOS - ok
07:42:10.0637 1076 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
07:42:10.0652 1076 NetBT - ok
07:42:10.0683 1076 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
07:42:10.0699 1076 Netlogon - ok
07:42:10.0730 1076 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
07:42:10.0761 1076 Netman - ok
07:42:10.0777 1076 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
07:42:10.0808 1076 netprofm - ok
07:42:10.0839 1076 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:42:10.0839 1076 NetTcpPortSharing - ok
07:42:10.0886 1076 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
07:42:10.0902 1076 nfrd960 - ok
07:42:10.0933 1076 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
07:42:10.0949 1076 NlaSvc - ok
07:42:11.0011 1076 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\windows\system32\drivers\ccdcmb.sys
07:42:11.0027 1076 nmwcd - ok
07:42:11.0058 1076 [ 4F0DE685A96DC843CCC8A861B3FAC12D ] nmwcdnsu C:\windows\system32\drivers\nmwcdnsu.sys
07:42:11.0073 1076 nmwcdnsu - ok
07:42:11.0089 1076 [ 578117C0C0CF10D99C8853E83C4BC63C ] nmwcdnsuc C:\windows\system32\drivers\nmwcdnsuc.sys
07:42:11.0105 1076 nmwcdnsuc - ok
07:42:11.0120 1076 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
07:42:11.0136 1076 Npfs - ok
07:42:11.0183 1076 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
07:42:11.0214 1076 nsi - ok
07:42:11.0245 1076 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
07:42:11.0261 1076 nsiproxy - ok
07:42:11.0292 1076 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
07:42:11.0323 1076 Ntfs - ok
07:42:11.0339 1076 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
07:42:11.0370 1076 Null - ok
07:42:11.0385 1076 [ F0CBF252811BC5FC49E7ECCA3EE9519F ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
07:42:11.0401 1076 nusb3hub - ok
07:42:11.0417 1076 [ BDC5FF9B669B5475E3A6E47E5608205C ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
07:42:11.0417 1076 nusb3xhc - ok
07:42:11.0463 1076 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
07:42:11.0479 1076 nvraid - ok
07:42:11.0495 1076 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
07:42:11.0510 1076 nvstor - ok
07:42:11.0510 1076 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
07:42:11.0526 1076 nv_agp - ok
07:42:11.0557 1076 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
07:42:11.0557 1076 ohci1394 - ok
07:42:11.0619 1076 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:42:11.0619 1076 ose - ok
07:42:11.0666 1076 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
07:42:11.0666 1076 p2pimsvc - ok
07:42:11.0713 1076 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
07:42:11.0729 1076 p2psvc - ok
07:42:11.0744 1076 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
07:42:11.0744 1076 Parport - ok
07:42:11.0775 1076 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
07:42:11.0775 1076 partmgr - ok
07:42:11.0791 1076 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
07:42:11.0807 1076 Parvdm - ok
07:42:11.0822 1076 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
07:42:11.0838 1076 PcaSvc - ok
07:42:11.0853 1076 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
07:42:11.0869 1076 pci - ok
07:42:11.0885 1076 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
07:42:11.0900 1076 pciide - ok
07:42:11.0931 1076 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
07:42:11.0931 1076 pcmcia - ok
07:42:11.0947 1076 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
07:42:11.0963 1076 pcw - ok
07:42:11.0994 1076 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
07:42:12.0025 1076 PEAUTH - ok
07:42:12.0072 1076 [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
07:42:12.0087 1076 PGEffect - ok
07:42:12.0134 1076 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
07:42:12.0181 1076 pla - ok
07:42:12.0212 1076 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
07:42:12.0212 1076 PlugPlay - ok
07:42:12.0228 1076 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
07:42:12.0243 1076 PNRPAutoReg - ok
07:42:12.0275 1076 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
07:42:12.0290 1076 PNRPsvc - ok
07:42:12.0306 1076 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
07:42:12.0337 1076 PolicyAgent - ok
07:42:12.0368 1076 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
07:42:12.0384 1076 Power - ok
07:42:12.0415 1076 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
07:42:12.0446 1076 PptpMiniport - ok
07:42:12.0446 1076 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
07:42:12.0462 1076 Processor - ok
07:42:12.0509 1076 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
07:42:12.0509 1076 ProfSvc - ok
07:42:12.0555 1076 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
07:42:12.0555 1076 ProtectedStorage - ok
07:42:12.0602 1076 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
07:42:12.0633 1076 Psched - ok
07:42:12.0711 1076 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
07:42:12.0711 1076 PSI_SVC_2 - ok
07:42:12.0758 1076 [ A0DB243AF3A2E427C172AF2BBA325473 ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
07:42:12.0758 1076 QIOMem - ok
07:42:12.0789 1076 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
07:42:12.0821 1076 ql2300 - ok
07:42:12.0852 1076 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
07:42:12.0867 1076 ql40xx - ok
07:42:12.0883 1076 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
07:42:12.0899 1076 QWAVE - ok
07:42:12.0914 1076 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
07:42:12.0930 1076 QWAVEdrv - ok
07:42:12.0930 1076 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
07:42:12.0961 1076 RasAcd - ok
07:42:13.0008 1076 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
07:42:13.0023 1076 RasAgileVpn - ok
07:42:13.0039 1076 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
07:42:13.0055 1076 RasAuto - ok
07:42:13.0070 1076 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
07:42:13.0101 1076 Rasl2tp - ok
07:42:13.0133 1076 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
07:42:13.0164 1076 RasMan - ok
07:42:13.0179 1076 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
07:42:13.0211 1076 RasPppoe - ok
07:42:13.0226 1076 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
07:42:13.0242 1076 RasSstp - ok
07:42:13.0273 1076 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
07:42:13.0289 1076 rdbss - ok
07:42:13.0320 1076 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
07:42:13.0320 1076 rdpbus - ok
07:42:13.0351 1076 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
07:42:13.0367 1076 RDPCDD - ok
07:42:13.0398 1076 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
07:42:13.0413 1076 RDPENCDD - ok
07:42:13.0429 1076 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
07:42:13.0445 1076 RDPREFMP - ok
07:42:13.0523 1076 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
07:42:13.0538 1076 RDPWD - ok
07:42:13.0585 1076 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
07:42:13.0585 1076 rdyboost - ok
07:42:13.0616 1076 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
07:42:13.0632 1076 RemoteAccess - ok
07:42:13.0663 1076 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
07:42:13.0679 1076 RemoteRegistry - ok
07:42:13.0710 1076 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
07:42:13.0725 1076 ROOTMODEM - ok
07:42:13.0757 1076 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
07:42:13.0772 1076 RpcEptMapper - ok
07:42:13.0788 1076 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
07:42:13.0803 1076 RpcLocator - ok
07:42:13.0835 1076 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
07:42:13.0850 1076 RpcSs - ok
07:42:13.0881 1076 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
07:42:13.0897 1076 rspndr - ok
07:42:13.0944 1076 [ C5ACB4D2CA623F678257B0844BD1AC8A ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
07:42:13.0944 1076 RSUSBSTOR - ok
07:42:13.0975 1076 [ 45449ACF2B9DD9278A40FCFB2DAA7969 ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
07:42:13.0975 1076 RSUSBVSTOR - ok
07:42:13.0991 1076 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
07:42:13.0991 1076 SamSs - ok
07:42:14.0037 1076 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
07:42:14.0037 1076 sbp2port - ok
07:42:14.0069 1076 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
07:42:14.0084 1076 SCardSvr - ok
07:42:14.0100 1076 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
07:42:14.0115 1076 scfilter - ok
07:42:14.0147 1076 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
07:42:14.0178 1076 Schedule - ok
07:42:14.0193 1076 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
07:42:14.0209 1076 SCPolicySvc - ok
07:42:14.0240 1076 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
07:42:14.0240 1076 SDRSVC - ok
07:42:14.0271 1076 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
07:42:14.0287 1076 secdrv - ok
07:42:14.0318 1076 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
07:42:14.0334 1076 seclogon - ok
07:42:14.0365 1076 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
07:42:14.0381 1076 SENS - ok
07:42:14.0396 1076 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
07:42:14.0412 1076 SensrSvc - ok
07:42:14.0427 1076 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
07:42:14.0427 1076 Serenum - ok
07:42:14.0459 1076 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
07:42:14.0474 1076 Serial - ok
07:42:14.0505 1076 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
07:42:14.0505 1076 sermouse - ok
07:42:14.0552 1076 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
07:42:14.0568 1076 SessionEnv - ok
07:42:14.0599 1076 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
07:42:14.0599 1076 sffdisk - ok
07:42:14.0615 1076 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
07:42:14.0630 1076 sffp_mmc - ok
07:42:14.0630 1076 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
07:42:14.0646 1076 sffp_sd - ok
07:42:14.0677 1076 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
07:42:14.0693 1076 sfloppy - ok
07:42:14.0708 1076 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
07:42:14.0739 1076 SharedAccess - ok
07:42:14.0755 1076 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
07:42:14.0786 1076 ShellHWDetection - ok
07:42:14.0833 1076 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
07:42:14.0833 1076 sisagp - ok
07:42:14.0880 1076 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
07:42:14.0895 1076 SiSRaid2 - ok
07:42:14.0911 1076 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
07:42:14.0911 1076 SiSRaid4 - ok
07:42:14.0958 1076 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:42:14.0958 1076 SkypeUpdate - ok
07:42:14.0973 1076 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
07:42:14.0989 1076 Smb - ok
07:42:15.0020 1076 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
07:42:15.0036 1076 SNMPTRAP - ok
07:42:15.0067 1076 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
07:42:15.0067 1076 spldr - ok
07:42:15.0114 1076 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
07:42:15.0129 1076 Spooler - ok
07:42:15.0207 1076 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
07:42:15.0254 1076 sppsvc - ok
07:42:15.0285 1076 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
07:42:15.0301 1076 sppuinotify - ok
07:42:15.0332 1076 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
07:42:15.0348 1076 srv - ok
07:42:15.0348 1076 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
07:42:15.0363 1076 srv2 - ok
07:42:15.0379 1076 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
07:42:15.0395 1076 srvnet - ok
07:42:15.0441 1076 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
07:42:15.0457 1076 ssadbus - ok
07:42:15.0473 1076 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
07:42:15.0488 1076 ssadmdfl - ok
07:42:15.0488 1076 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
07:42:15.0504 1076 ssadmdm - ok
07:42:15.0551 1076 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
07:42:15.0551 1076 ssadserd - ok
07:42:15.0582 1076 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
07:42:15.0613 1076 SSDPSRV - ok
07:42:15.0629 1076 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
07:42:15.0644 1076 SstpSvc - ok
07:42:15.0675 1076 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
07:42:15.0675 1076 stexstor - ok
07:42:15.0738 1076 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
07:42:15.0753 1076 StiSvc - ok
07:42:15.0785 1076 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
07:42:15.0785 1076 swenum - ok
07:42:15.0816 1076 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
07:42:15.0847 1076 swprv - ok
07:42:15.0909 1076 [ 6944C0884AB8445433DE0DC03F48137A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
07:42:15.0925 1076 SynTP - ok
07:42:15.0972 1076 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
07:42:15.0987 1076 SysMain - ok
07:42:16.0019 1076 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
07:42:16.0034 1076 TabletInputService - ok
07:42:16.0065 1076 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
07:42:16.0081 1076 TapiSrv - ok
07:42:16.0097 1076 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
07:42:16.0128 1076 TBS - ok
07:42:16.0206 1076 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
07:42:16.0237 1076 Tcpip - ok
07:42:16.0253 1076 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
07:42:16.0268 1076 TCPIP6 - ok
07:42:16.0299 1076 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
07:42:16.0299 1076 tcpipreg - ok
07:42:16.0346 1076 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
07:42:16.0346 1076 tdcmdpst - ok
07:42:16.0377 1076 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
07:42:16.0377 1076 TDPIPE - ok
07:42:16.0409 1076 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
07:42:16.0409 1076 TDTCP - ok
07:42:16.0440 1076 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
07:42:16.0471 1076 tdx - ok
07:42:16.0471 1076 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
07:42:16.0487 1076 TermDD - ok
07:42:16.0533 1076 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
07:42:16.0549 1076 TermService - ok
07:42:16.0580 1076 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
07:42:16.0596 1076 Themes - ok
07:42:16.0627 1076 [ 76F07330749A49542C480B81896E3E81 ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
07:42:16.0627 1076 Thpdrv - ok
07:42:16.0643 1076 [ E17DCDE74FF00CA802643B4A9A4A4A5C ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
07:42:16.0643 1076 Thpevm - ok
07:42:16.0689 1076 [ B7D18DE454219E1C08480578AFFD725D ] Thpsrv C:\windows\system32\ThpSrv.exe
07:42:16.0689 1076 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
07:42:16.0689 1076 Thpsrv - detected UnsignedFile.Multi.Generic (1)
07:42:16.0721 1076 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
07:42:16.0752 1076 THREADORDER - ok
07:42:16.0767 1076 [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
07:42:16.0783 1076 TMachInfo - ok
07:42:16.0830 1076 [ FB5DFD175E3BE936D87CCBA4A2B0EAAD ] tmactmon C:\windows\system32\DRIVERS\tmactmon.sys
07:42:16.0845 1076 tmactmon - ok
07:42:16.0908 1076 [ 20AC031A8E2AC58EC9F04BD728071D43 ] tmcomm C:\windows\system32\DRIVERS\tmcomm.sys
07:42:16.0923 1076 tmcomm - ok
07:42:16.0986 1076 [ F49CA5C26378F4D5603F2A2FC86E09A1 ] tmeevw C:\windows\system32\DRIVERS\tmeevw.sys
07:42:17.0001 1076 tmeevw - ok
07:42:17.0033 1076 [ 96132CF615891C05494F5321C8245086 ] tmevtmgr C:\windows\system32\DRIVERS\tmevtmgr.sys
07:42:17.0048 1076 tmevtmgr - ok
07:42:17.0095 1076 [ 2E078184034A179C47787F87F238D5BA ] tmnciesc C:\windows\system32\DRIVERS\tmnciesc.sys
07:42:17.0095 1076 tmnciesc - ok
07:42:17.0142 1076 [ A6E20B094A8D3E3F46D10BBE7E1EBB82 ] tmtdi C:\windows\system32\DRIVERS\tmtdi.sys
07:42:17.0157 1076 tmtdi - ok
07:42:17.0173 1076 [ 6F0257EE066B689350F6B0AA9861BF95 ] TODDSrv C:\windows\system32\TODDSrv.exe
07:42:17.0189 1076 TODDSrv - ok
07:42:17.0267 1076 [ 0FF4C65E18D884955D76D90CDF2ED6A9 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
07:42:17.0282 1076 TosCoSrv - ok
07:42:17.0329 1076 [ 3C47A2841BB479201CB356285BC2B18E ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
07:42:17.0329 1076 TOSHIBA Bluetooth Service - ok
07:42:17.0376 1076 [ 6F92798C956FF8343C187E0353DDFBD7 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
07:42:17.0391 1076 TOSHIBA eco Utility Service - ok
07:42:17.0438 1076 [ C704D592A965235E4012A8DAE99167E8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
07:42:17.0438 1076 TOSHIBA HDD SSD Alert Service - ok
07:42:17.0501 1076 [ 85B6FF02491B6DB3572B4F93E56CAB7C ] toshidpt C:\windows\system32\drivers\Toshidpt.sys
07:42:17.0501 1076 toshidpt - ok
07:42:17.0532 1076 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\windows\system32\DRIVERS\tosporte.sys
07:42:17.0532 1076 tosporte - ok
07:42:17.0563 1076 [ 96A50E6713C8BAC88A817342B76E7E8B ] tosrfbd C:\windows\system32\DRIVERS\tosrfbd.sys
07:42:17.0579 1076 tosrfbd - ok
07:42:17.0594 1076 [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp C:\windows\system32\Drivers\tosrfbnp.sys
07:42:17.0594 1076 tosrfbnp - ok
07:42:17.0625 1076 [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom C:\windows\system32\Drivers\tosrfcom.sys
07:42:17.0641 1076 Tosrfcom - ok
07:42:17.0672 1076 [ 8A555DCF3DDAD3965DA11550491408F8 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
07:42:17.0672 1076 tosrfec - ok
07:42:17.0703 1076 [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid C:\windows\system32\DRIVERS\Tosrfhid.sys
07:42:17.0703 1076 Tosrfhid - ok
07:42:17.0735 1076 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\windows\system32\DRIVERS\tosrfnds.sys
07:42:17.0735 1076 tosrfnds - ok
07:42:17.0766 1076 [ 3DE5CBB4F8EB64563CE08E8EC7458D03 ] TosRfSnd C:\windows\system32\drivers\tosrfsnd.sys
07:42:17.0766 1076 TosRfSnd - ok
07:42:17.0797 1076 [ AF5126FB6E9ED41C99AB7A10E98729CD ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
07:42:17.0813 1076 Tosrfusb - ok
07:42:17.0859 1076 [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32 C:\windows\system32\DRIVERS\tos_sps32.sys
07:42:17.0859 1076 tos_sps32 - ok
07:42:17.0906 1076 [ 755E82D505ACC7041E9B6D505E740D14 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
07:42:17.0922 1076 TPCHSrv - ok
07:42:17.0953 1076 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
07:42:17.0984 1076 TrkWks - ok
07:42:18.0031 1076 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
07:42:18.0047 1076 TrustedInstaller - ok
07:42:18.0062 1076 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
07:42:18.0078 1076 tssecsrv - ok
07:42:18.0093 1076 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
07:42:18.0109 1076 TsUsbFlt - ok
07:42:18.0140 1076 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
07:42:18.0171 1076 tunnel - ok
07:42:18.0218 1076 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
07:42:18.0234 1076 TVALZ - ok
07:42:18.0265 1076 [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
07:42:18.0265 1076 TVALZFL - ok
07:42:18.0281 1076 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
07:42:18.0281 1076 uagp35 - ok
07:42:18.0296 1076 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
07:42:18.0327 1076 udfs - ok
07:42:18.0359 1076 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
07:42:18.0359 1076 UI0Detect - ok
07:42:18.0390 1076 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
07:42:18.0405 1076 uliagpkx - ok
07:42:18.0421 1076 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
07:42:18.0437 1076 umbus - ok
07:42:18.0483 1076 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
07:42:18.0483 1076 UmPass - ok
07:42:18.0577 1076 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:42:18.0624 1076 UNS - ok
07:42:18.0655 1076 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
07:42:18.0671 1076 upnphost - ok
07:42:18.0749 1076 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\windows\system32\Drivers\usbaapl.sys
07:42:18.0749 1076 USBAAPL - ok
07:42:18.0811 1076 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
07:42:18.0811 1076 usbaudio - ok
07:42:18.0842 1076 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
07:42:18.0858 1076 usbccgp - ok
07:42:18.0889 1076 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
07:42:18.0889 1076 usbcir - ok
07:42:18.0905 1076 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
07:42:18.0920 1076 usbehci - ok
07:42:18.0951 1076 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
07:42:18.0951 1076 usbhub - ok
07:42:18.0983 1076 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
07:42:18.0998 1076 usbohci - ok
07:42:19.0014 1076 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
07:42:19.0014 1076 usbprint - ok
07:42:19.0061 1076 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
07:42:19.0076 1076 usbscan - ok
07:42:19.0092 1076 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
07:42:19.0092 1076 USBSTOR - ok
07:42:19.0107 1076 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
07:42:19.0123 1076 usbuhci - ok
07:42:19.0170 1076 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
07:42:19.0185 1076 usbvideo - ok
07:42:19.0201 1076 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
07:42:19.0217 1076 UxSms - ok
07:42:19.0232 1076 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
07:42:19.0232 1076 VaultSvc - ok
07:42:19.0263 1076 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
07:42:19.0263 1076 vdrvroot - ok
07:42:19.0295 1076 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
07:42:19.0310 1076 vds - ok
07:42:19.0357 1076 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
07:42:19.0357 1076 vga - ok
07:42:19.0388 1076 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
07:42:19.0419 1076 VgaSave - ok
07:42:19.0435 1076 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
07:42:19.0435 1076 vhdmp - ok
07:42:19.0466 1076 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
07:42:19.0482 1076 viaagp - ok
07:42:19.0497 1076 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
07:42:19.0513 1076 ViaC7 - ok
07:42:19.0529 1076 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
07:42:19.0529 1076 viaide - ok
07:42:19.0560 1076 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
07:42:19.0560 1076 volmgr - ok
07:42:19.0607 1076 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
07:42:19.0607 1076 volmgrx - ok
07:42:19.0638 1076 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
07:42:19.0653 1076 volsnap - ok
07:42:19.0685 1076 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
07:42:19.0700 1076 vsmraid - ok
07:42:19.0731 1076 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
07:42:19.0763 1076 VSS - ok
07:42:19.0794 1076 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
07:42:19.0809 1076 vwifibus - ok
07:42:19.0825 1076 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
07:42:19.0841 1076 vwififlt - ok
07:42:19.0856 1076 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
07:42:19.0872 1076 vwifimp - ok
07:42:19.0919 1076 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
07:42:19.0934 1076 W32Time - ok
07:42:19.0965 1076 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
07:42:19.0981 1076 WacomPen - ok
07:42:19.0997 1076 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
07:42:20.0012 1076 WANARP - ok
07:42:20.0012 1076 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
07:42:20.0043 1076 Wanarpv6 - ok
07:42:20.0121 1076 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
07:42:20.0137 1076 WatAdminSvc - ok
07:42:20.0184 1076 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
07:42:20.0199 1076 wbengine - ok
07:42:20.0231 1076 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
07:42:20.0246 1076 WbioSrvc - ok
07:42:20.0262 1076 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
07:42:20.0277 1076 wcncsvc - ok
07:42:20.0293 1076 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
07:42:20.0309 1076 WcsPlugInService - ok
07:42:20.0340 1076 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
07:42:20.0340 1076 Wd - ok
07:42:20.0387 1076 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
07:42:20.0402 1076 Wdf01000 - ok
07:42:20.0433 1076 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
07:42:20.0449 1076 WdiServiceHost - ok
07:42:20.0465 1076 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
07:42:20.0465 1076 WdiSystemHost - ok
07:42:20.0496 1076 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
07:42:20.0511 1076 WebClient - ok
07:42:20.0543 1076 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
07:42:20.0558 1076 Wecsvc - ok
07:42:20.0574 1076 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
07:42:20.0605 1076 wercplsupport - ok
07:42:20.0621 1076 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
07:42:20.0652 1076 WerSvc - ok
07:42:20.0667 1076 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
07:42:20.0699 1076 WfpLwf - ok
07:42:20.0714 1076 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
07:42:20.0730 1076 WIMMount - ok
07:42:20.0792 1076 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
07:42:20.0808 1076 WinDefend - ok
07:42:20.0808 1076 WinHttpAutoProxySvc - ok
07:42:20.0855 1076 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
07:42:20.0870 1076 Winmgmt - ok
07:42:20.0933 1076 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
07:42:20.0964 1076 WinRM - ok
07:42:20.0995 1076 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
07:42:21.0011 1076 WinUsb - ok
07:42:21.0042 1076 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
07:42:21.0057 1076 Wlansvc - ok
07:42:21.0104 1076 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:42:21.0104 1076 wlcrasvc - ok
07:42:21.0198 1076 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:42:21.0229 1076 wlidsvc - ok
07:42:21.0260 1076 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
07:42:21.0260 1076 WmiAcpi - ok
07:42:21.0307 1076 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
07:42:21.0307 1076 wmiApSrv - ok
07:42:21.0369 1076 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
07:42:21.0385 1076 WMPNetworkSvc - ok
07:42:21.0401 1076 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
07:42:21.0416 1076 WPCSvc - ok
07:42:21.0447 1076 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
07:42:21.0463 1076 WPDBusEnum - ok
07:42:21.0479 1076 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
07:42:21.0494 1076 ws2ifsl - ok
07:42:21.0510 1076 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
07:42:21.0525 1076 wscsvc - ok
07:42:21.0525 1076 WSearch - ok
07:42:21.0619 1076 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
07:42:21.0650 1076 wuauserv - ok
07:42:21.0697 1076 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
07:42:21.0697 1076 WudfPf - ok
07:42:21.0744 1076 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
07:42:21.0744 1076 WUDFRd - ok
07:42:21.0806 1076 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
07:42:21.0822 1076 wudfsvc - ok
07:42:21.0869 1076 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
07:42:21.0884 1076 WwanSvc - ok
07:42:21.0900 1076 ================ Scan global ===============================
07:42:21.0931 1076 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
07:42:21.0962 1076 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
07:42:21.0978 1076 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\windows\system32\winsrv.dll
07:42:21.0993 1076 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
07:42:22.0025 1076 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
07:42:22.0025 1076 [Global] - ok
07:42:22.0040 1076 ================ Scan MBR ==================================
07:42:22.0056 1076 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
07:42:22.0914 1076 \Device\Harddisk0\DR0 - ok
07:42:22.0914 1076 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
07:42:23.0039 1076 \Device\Harddisk1\DR1 - ok
07:42:23.0039 1076 ================ Scan VBR ==================================
07:42:23.0070 1076 [ C784C75AE4BA5F9E0794D924514E145A ] \Device\Harddisk0\DR0\Partition1
07:42:23.0070 1076 \Device\Harddisk0\DR0\Partition1 - ok
07:42:23.0085 1076 [ 8D28194EA685568951508A3F3C877FDC ] \Device\Harddisk1\DR1\Partition1
07:42:23.0085 1076 \Device\Harddisk1\DR1\Partition1 - ok
07:42:23.0085 1076 ============================================================
07:42:23.0085 1076 Scan finished
07:42:23.0085 1076 ============================================================
07:42:23.0085 0928 Detected object count: 2
07:42:23.0085 0928 Actual detected object count: 2
07:42:31.0900 0928 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:42:31.0900 0928 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:42:31.0915 0928 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
07:42:31.0915 0928 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip


No cure was available.

What next? It's great to feel I'm getting somewhere.
  • 0

#6
Essexboy
Posted 03 December 2012 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is one area cleared, we will need to check a few different areas



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
zeeth
Posted 04 December 2012 - 01:47 AM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK. Ran Combofix, but got weird low res, white text on black DOS-style errors, I thinking saying it could not access the drive, saying a lead may be unplugged, etc. I tried hard reboot & start in safe mode, but it goes to a different screen ((START?) with a banner at the bottom saying F2 for something, F10 for something, press any key to enter. I tried hard reboot & if I time F8 just right, it takes me to the usual Safe Mode choices. However, after picking Safe mode with networking as usual, it does the white on black loading .sys files scroll but then stalls & goes no further than "Loaded: \windows\system32\DRIVERS\CLASSPNP.SYS.

Eek.
  • 0

#8
Essexboy
Posted 04 December 2012 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to get to normal windows now ?

Also on the safe mode screen is there the option "repair my computer"..

If not do you have a USB drive that we can use ?
  • 0

#9
zeeth
Posted 04 December 2012 - 05:09 PM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello again.
After several reboot sequences, I can boot into normal mode, but once the desktop has loaded, nothing responds. Going into the F8 screen,I have the options to Repair, Safe Mode, Safe with networking, Safe with cmd. I have booted into Safe with networking, but can find no Combofix log.
  • 0

#10
Essexboy
Posted 05 December 2012 - 08:00 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL scan for me please ensuring all users is selected. I will then look at the starting drivers and services to see if there is a bad one there
  • 0

Advertisements

#11
zeeth
Posted 05 December 2012 - 08:39 AM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 06-Dec-12 1:14:28 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sophie\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.70 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 87.43% Memory free
5.40 Gb Paging File | 5.08 Gb Available in Paging File | 94.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 582.17 Gb Total Space | 422.12 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

Computer Name: TOSHIBA-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
PRC - [2011-02-25 16:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012-07-13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-10-29 19:03:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-12-25 14:16:30 | 000,513,536 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2010-12-21 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-12-21 12:25:52 | 000,685,488 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010-12-10 11:43:20 | 000,468,392 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2010-12-09 09:51:14 | 000,189,880 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010-12-09 09:36:08 | 000,112,032 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010-11-30 08:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010-10-21 08:40:00 | 000,128,416 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2010-04-13 04:46:00 | 000,152,944 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010-04-04 10:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010-01-29 10:44:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009-07-14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-03-11 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007-11-28 15:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdncoms.exe -- (lxdn_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sophie\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-12-02 13:02:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-09-24 22:01:24 | 000,095,224 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012-09-24 22:00:48 | 000,076,648 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012-09-24 22:00:12 | 000,257,952 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012-07-21 12:04:02 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012-07-21 12:04:02 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012-07-21 12:04:02 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2012-01-18 07:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-18 07:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-08-17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011-08-17 10:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011-05-13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-05-13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-05-13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011-05-13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011-01-28 09:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2011-01-28 06:35:04 | 001,281,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2011-01-21 04:26:26 | 000,235,824 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2010-12-18 13:44:24 | 002,129,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-12-11 07:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010-12-11 07:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010-12-02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010-12-02 10:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010-12-01 08:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010-11-30 05:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010-11-20 21:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 20:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-12 04:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010-11-09 06:43:48 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-10-20 10:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010-10-19 08:13:58 | 000,033,640 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010-10-15 18:27:18 | 000,269,824 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010-08-31 04:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2010-06-19 10:44:00 | 000,015,160 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2010-04-27 05:48:00 | 000,053,760 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009-07-31 11:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009-07-25 05:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009-07-15 09:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009-07-14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-06-30 10:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2009-06-30 04:25:28 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009-06-25 09:08:30 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009-06-23 11:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009-06-20 13:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009-06-20 03:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2009-06-18 05:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009-06-16 08:58:22 | 000,009,216 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\QIOMem.sys -- (QIOMem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\SearchScopes\{F4ED0519-C584-4DDA-BE93-FA0B93D040F6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sophie\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sophie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2012-12-05 10:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012-07-21 12:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012-11-25 15:53:56 | 000,000,000 | ---D | M]


========== Chrome ==========


O1 HOSTS File: ([2009-06-11 08:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001..\Run: [Facebook Update] C:\Users\Sophie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1255468992-2730549863-3460128933-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43444E27-F7D3-4DD3-878C-46934E06979F}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBBF2F08-DBBC-4551-8BBF-EA38FBBF83D9}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6589c-288d-11e1-9af6-e89a8f8ea897}\Shell\AutoRun\command - "" = E:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-12-05 06:24:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-12-04 17:10:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012-12-04 17:10:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012-12-04 17:10:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012-12-04 17:10:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012-12-04 17:10:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-12-04 17:10:24 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012-12-04 17:10:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-12-04 16:57:12 | 005,009,299 | R--- | C] (Swearware) -- C:\Users\Sophie\Desktop\ComboFix.exe
[2012-12-04 07:18:17 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sophie\Desktop\tdsskiller.exe
[2012-12-03 09:09:10 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\Soph Desktop
[2012-12-03 07:54:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-12-02 13:02:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012-12-02 09:42:23 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{BFE2B5A1-2AED-43E3-8B9D-0BD0C8146324}
[2012-12-02 08:12:30 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{66A69A5C-A9DC-4C52-890F-CDD31D6D43D3}
[2012-11-30 20:55:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{41CAFB37-B7C6-4A63-AF9A-B96067593799}
[2012-11-29 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Desktop\RK_Quarantine
[2012-11-29 19:12:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 18:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Malwarebytes
[2012-11-28 18:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-11-28 18:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-27 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{9176A69A-FBC2-436C-A429-9245B77C5784}
[2012-11-26 20:51:11 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{45B5D639-B46C-408F-B573-E4E7480B5CA9}
[2012-11-26 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{F87384D7-1AD0-4EAD-BB6D-9932D29BD3B8}
[2012-11-26 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{4A71EE24-D032-4093-841B-5B94A1690E1E}
[2012-11-26 19:36:57 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{33A19709-331B-4768-9B5E-BE927CCD8AB5}
[2012-11-26 19:28:00 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{A976E955-7B3E-4C1E-8219-981250912511}
[2012-11-26 19:20:03 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{082AB8B5-E785-4F71-A5AD-14E0DCDF2349}
[2012-11-25 23:01:25 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012-11-25 22:05:04 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{813AFC5B-48CE-4461-81DA-A4C454DAD470}
[2012-11-25 21:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{57C22011-D7B3-4230-BDCF-2D4C80843D25}
[2012-11-25 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{72892731-51BB-4985-9FAF-DB21D3DEA315}
[2012-11-25 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\One Direction -Take Me Home (Limited Yearbook Edition) - 2012 - pLAN9
[2012-11-25 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{839F5917-CCDA-4023-82F7-188E0E19A2AC}
[2012-11-23 18:44:42 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{B8E8690D-501F-40F5-A655-DBA911503D62}
[2012-11-19 22:11:40 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{73AF5DF6-4011-49C7-8005-7830089241DF}
[2012-11-17 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{587BBFB4-75F1-42DE-8961-AB388C831F2E}
[2012-11-17 10:49:37 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012-11-17 10:49:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012-11-17 10:48:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012-11-17 10:48:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012-11-17 10:48:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012-11-17 10:47:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012-11-17 10:47:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012-11-17 10:47:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012-11-17 10:47:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012-11-17 10:47:14 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012-11-17 10:47:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012-11-17 10:47:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012-11-17 10:47:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012-11-16 07:45:56 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncsi.dll
[2012-11-16 07:45:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netcorehc.dll
[2012-11-16 07:45:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\netevent.dll
[2012-11-16 07:45:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012-11-16 07:45:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012-11-16 07:45:30 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcore6.dll
[2012-11-16 07:45:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpcsvc6.dll
[2012-11-14 07:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{D1F6A610-7FFF-4919-9BDE-F41685B4F113}
[2012-11-12 22:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sophie\Documents\Pretty In Pink 1986 DvDrip[Eng]-greenbud1969
[2012-11-09 18:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sophie\AppData\Local\{56199138-FE7F-48B7-9D76-946CDDA99C63}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-12-06 01:12:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012-12-06 01:12:26 | 2175,160,320 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-05 09:59:05 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-12-05 06:50:16 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001UA.job
[2012-12-04 16:55:40 | 005,009,299 | R--- | M] (Swearware) -- C:\Users\Sophie\Desktop\ComboFix.exe
[2012-12-04 07:17:04 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sophie\Desktop\tdsskiller.exe
[2012-12-04 07:16:32 | 000,540,743 | ---- | M] () -- C:\Users\Sophie\Desktop\adwcleaner.exe
[2012-12-02 13:02:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012-12-02 11:48:10 | 000,385,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012-12-02 09:37:47 | 000,006,824 | ---- | M] () -- C:\bootsqm.dat
[2012-11-30 20:58:21 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-30 20:58:21 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-29 20:37:46 | 000,752,128 | ---- | M] () -- C:\Users\Sophie\Desktop\RogueKiller.exe
[2012-11-29 19:12:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.scr
[2012-11-29 19:02:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sophie\Desktop\OTL.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-26 16:05:34 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-26 14:43:10 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1255468992-2730549863-3460128933-1001Core.job
[2012-11-25 23:01:25 | 000,002,969 | ---- | M] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-24 08:58:45 | 009,036,526 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012-11-24 08:58:45 | 003,056,046 | ---- | M] () -- C:\windows\System32\perfc009.dat
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-12-04 17:10:50 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012-12-04 17:10:50 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012-12-04 17:10:50 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012-12-04 17:10:50 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012-12-04 17:10:50 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012-12-04 07:18:20 | 000,540,743 | ---- | C] () -- C:\Users\Sophie\Desktop\adwcleaner.exe
[2012-12-02 09:37:47 | 000,006,824 | ---- | C] () -- C:\bootsqm.dat
[2012-11-29 20:37:22 | 000,752,128 | ---- | C] () -- C:\Users\Sophie\Desktop\RogueKiller.exe
[2012-11-28 19:22:41 | 000,031,560 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012-11-28 18:13:06 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-25 23:01:25 | 000,002,969 | ---- | C] () -- C:\Users\Sophie\Desktop\HiJackThis.lnk
[2012-11-17 10:49:50 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012-11-17 10:48:26 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012-05-30 03:37:16 | 000,005,120 | ---- | C] () -- C:\Users\Sophie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-15 07:50:59 | 000,086,016 | ---- | C] () -- C:\windows\System32\custmon32i.dll
[2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\System32\LogiDPP.dll
[2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\System32\DevManagerCore.dll
[2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\System32\LogiDPPApp.exe
[2012-01-18 07:22:54 | 000,028,418 | ---- | C] () -- C:\windows\System32\lvcoinst.ini
[2011-10-29 23:11:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-29 20:00:48 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2011-10-29 18:26:52 | 000,000,056 | ---- | C] () -- C:\windows\System32\SupportTool.exe.bat
[2011-07-30 06:27:54 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011-07-30 05:57:33 | 000,008,192 | ---- | C] () -- C:\windows\System32\drivers\IntelMEFWVer.dll
[2011-04-05 20:58:28 | 000,963,116 | ---- | C] () -- C:\windows\System32\igkrng600.bin
[2011-04-05 20:58:28 | 000,216,876 | ---- | C] () -- C:\windows\System32\igfcg600m.bin
[2011-04-05 20:23:48 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
[2011-02-18 11:28:03 | 001,335,354 | ---- | C] () -- C:\windows\System32\WinIMGiT.exe
[2011-02-18 11:28:03 | 000,831,545 | ---- | C] () -- C:\windows\System32\SvrChooser.exe
[2011-02-18 11:28:03 | 000,524,288 | ---- | C] () -- C:\windows\System32\SvrChooser--bakup.exe
[2011-02-18 11:28:03 | 000,286,720 | ---- | C] () -- C:\windows\System32\QueryClient.exe
[2011-02-18 11:28:03 | 000,249,856 | ---- | C] () -- C:\windows\System32\WDiskClr.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\SmtRpt.exe
[2011-02-18 11:28:03 | 000,057,344 | ---- | C] () -- C:\windows\System32\ReplaceS.exe
[2011-02-18 11:28:03 | 000,040,960 | ---- | C] () -- C:\windows\System32\WAITJOIN.EXE
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\TCLHK.INI
[2011-02-18 11:28:03 | 000,000,574 | ---- | C] () -- C:\windows\System32\SinglePart.ini
[2011-02-18 11:28:02 | 000,221,184 | ---- | C] () -- C:\windows\System32\pf.exe
[2011-02-18 11:28:02 | 000,049,152 | ---- | C] () -- C:\windows\System32\ipart32.exe
[2011-02-18 11:28:02 | 000,045,056 | ---- | C] () -- C:\windows\System32\IniMdfy.exe
[2011-02-18 11:28:02 | 000,001,478 | ---- | C] () -- C:\windows\System32\linux_part.ini
[2011-02-18 11:28:02 | 000,000,716 | ---- | C] () -- C:\windows\System32\JAPAN.INI
[2011-02-18 11:28:02 | 000,000,711 | ---- | C] () -- C:\windows\System32\part.ini
[2011-02-18 11:28:02 | 000,000,578 | ---- | C] () -- C:\windows\System32\PART-N.INI
[2011-02-18 11:28:02 | 000,000,290 | ---- | C] () -- C:\windows\System32\PART-S.INI
[2011-02-18 11:28:02 | 000,000,286 | ---- | C] () -- C:\windows\System32\JPNXP.INI
[2011-02-18 11:28:02 | 000,000,063 | ---- | C] () -- C:\windows\System32\PORTMAP.INI
[2011-02-18 11:28:01 | 002,770,568 | ---- | C] () -- C:\windows\System32\gdisk32.exe
[2011-02-18 11:28:01 | 000,925,757 | ---- | C] () -- C:\windows\System32\IMGiTSetting.exe
[2011-02-18 11:28:01 | 000,495,616 | ---- | C] () -- C:\windows\System32\IMGFileChk.exe
[2011-02-18 11:28:01 | 000,069,632 | ---- | C] () -- C:\windows\System32\GetNicSpeed.exe
[2011-02-18 11:28:01 | 000,001,743 | ---- | C] () -- C:\windows\System32\imgit-rs.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit-b.ini
[2011-02-18 11:28:01 | 000,001,620 | ---- | C] () -- C:\windows\System32\imgit.ini
[2011-02-18 11:28:01 | 000,001,314 | ---- | C] () -- C:\windows\System32\imgit-cp.ini
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\DisMount.exe
[2011-02-18 11:27:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\bwSleep.exe
[2011-02-18 11:27:58 | 000,000,718 | ---- | C] () -- C:\windows\System32\FAAAA.INI
[2011-02-18 11:27:58 | 000,000,716 | ---- | C] () -- C:\windows\System32\FAFFF.INI
[2011-02-18 11:27:58 | 000,000,712 | ---- | C] () -- C:\windows\System32\AFFFF.INI
[2011-02-18 11:27:58 | 000,000,434 | ---- | C] () -- C:\windows\System32\ENG.INI
[2011-02-18 11:27:57 | 000,000,720 | ---- | C] () -- C:\windows\System32\AAAAA.INI
[2011-01-28 02:49:50 | 000,145,804 | ---- | C] () -- C:\windows\System32\igcompkrng600.bin
[2011-01-28 02:15:16 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2011-01-28 02:11:46 | 000,094,208 | ---- | C] () -- C:\windows\System32\IccLibDll.dll
[2010-12-15 10:20:28 | 000,009,728 | ---- | C] () -- C:\windows\System32\shortcut.dll

========== ZeroAccess Check ==========

[2009-07-14 15:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 15:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 12:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#12
Essexboy
Posted 05 December 2012 - 08:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm.. Lets try a little experiment

Uninstall Trend Micro there are full details here once that has been done could you then retry normal mode and let me know if there is a difference

Make a note of your licence number first.
The download for you is Windows Vista or Windows 7 (32-bit)
  • 0

#13
zeeth
Posted 05 December 2012 - 05:06 PM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OK. I have run the TM uninstall program:

-from normal mode, failed, unresponsive desktop.
-from safe mode, allowing rebooting into normal mode, failed, unresponsive desktop.
-from safe mode, rebooting into safe mode, failed.
& then
-from safe mode, uninstalling via control panel, uninstall program, reboot into normal mode after prompting at end of process, glacial reboot, then "windows failed to start "screen with option to do startup repair or normal windows start, it just commenced startup repair after 20 seconds by itself. After 15 minutes of a black screen with a (moveable) cursor. After 1 hour I powered off.
  • 0

#14
Essexboy
Posted 06 December 2012 - 07:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is one possible problem area checked, you can reinstall trend micro

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#15
zeeth
Posted 07 December 2012 - 05:45 AM

zeeth

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The laptop seems to be totally screwed now. Both startup repair & safe mode take me to a black screen with a moveable cursor & nothing happening. I guess I have to resign myself to a recovery partition OS reinstall & losing all data. I assume startup repair shouldn't take hours? Would holding down the power button in order to force shutdown so often damage the HDD?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP