Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijackers, Keyloggers, and Worms oh my!

Started by Sarous , Apr 30 2012 12:03 AM

Please log in to reply

#1
Sarous

Posted 30 April 2012 - 12:03 AM

Member

Member
84 posts

I'm posting this for a friend, so I apologize up front if some of this info is less than perfect, and slow to reply.

Computer wouldn't boot up, so took it to a guy who managed to get it working again. After booting up, it became obvious that she had a browser hijacker. A little testing showed several key-loggers and worms (according to systemlookup.com's database). I volunteered to help clean her machine, but, when the first 8 entries rang virus, I got intimidated.

Computer is a Toshiba Laptop, Windows Vista.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:18 PM, on 4/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\OurBabyMaker_27\bar\1.bin\27brmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Cougar\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\MusicFrost\Music Frost Toolbar\MinBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O3 - Toolbar: OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [OurBabymaker Search Scope Monitor] "C:\PROGRA~1\OURBAB~2\bar\1.bin\27srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [OurBabyMaker_27 Browser Plugin Loader] C:\PROGRA~1\OURBAB~2\bar\1.bin\27brmon.exe
O4 - HKLM\..\Run: [wetmr] rundll32.exe "C:\Windows\TEMP\wetmr.dll",mpegSplitClose
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\RunOnce: [529C50D8000435DB0020086B570F1C8B] C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [529C50D8000435DB0020086B570F1C8B] C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Cougar\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: OurBabymakerService (OurBabyMaker_27Service) - COMPANYVERS_NAME - C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12499 bytes

#2
RKinner

Posted 30 April 2012 - 12:35 AM

Malware Expert

Expert
24,483 posts

Run HJT again, scan only and check the box in front of each of these:

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: (no name) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
R3 - URLSearchHook: (no name) - {edd4f682-e67a-4175-bb45-c4066da2f7d9} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\MusicFrost\Music Frost Toolbar\MinBHO.dll
O2 - BHO: Toolbar BHO - {588b75f1-89a0-4956-bd69-3f6e90394909} - C:\PROGRA~1\OURBAB~2\bar\1.bin\27bar.dll
O2 - BHO: Search Assistant BHO - {825b4dd6-b751-4d90-802a-eae6754c1c7e} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: OurBabymaker - {e0b0df9f-34a3-4db1-becc-621697348607} - C:\Program Files\OurBabyMaker_27\bar\1.bin\27bar.dll
O4 - HKLM\..\Run: [OurBabymaker Search Scope Monitor] "C:\PROGRA~1\OURBAB~2\bar\1.bin\27srchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [OurBabyMaker_27 Browser Plugin Loader] C:\PROGRA~1\OURBAB~2\bar\1.bin\27brmon.exe
O4 - HKLM\..\Run: [wetmr] rundll32.exe "C:\Windows\TEMP\wetmr.dll",mpegSplitClose
O4 - HKUS\S-1-5-18\..\RunOnce: [529C50D8000435DB0020086B570F1C8B] C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [529C50D8000435DB0020086B570F1C8B] C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe (User 'Default user')
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: OurBabymakerService (OurBabyMaker_27Service) - COMPANYVERS_NAME - C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Now click on Fix Checked. Reboot.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3
Sarous

Posted 30 April 2012 - 07:19 PM

Member

Topic Starter
Member
84 posts

Lost the original aswMBR log, so she re-scanned with it (scan-only) after finishing ComboFix.

Index: (Chronological Order)
ComboFix Log
aswMBR Log
TDSSKiller, 2nd run Log
MalwareBytes Log
OTL Log
Extras (OTL Log #2)
Event Viewer Log

ComboFix 12-04-31.02 - Cougar 04/30/2012 17:30:35.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1875 [GMT -5:00]
Running from: c:\users\Cougar\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\MusicFrost\Music Frost Toolbar\MiNBho.dll
c:\windows\$NtUninstallKB9237$\3146293149\@
c:\windows\$NtUninstallKB9237$\3146293149\cfg.ini
c:\windows\$NtUninstallKB9237$\3146293149\Desktop.ini
c:\windows\$NtUninstallKB9237$\3146293149\L\ogejidap
c:\windows\$NtUninstallKB9237$\3900123647
c:\windows\system32\amusbprt.dll
c:\windows\system32\bantext.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b42b36a5ffba80d8.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\Drivers\sptd.sys
c:\windows\system32\efs.dll
c:\windows\system32\freesshdservice.dll
c:\windows\system32\pclepci.dll
c:\windows\system32\rdpnp.dll
c:\windows\system32\srescan.dll
c:\windows\system32\ssdiagn.dll
c:\windows\system32\StkAMini.dll
c:\windows\system32\tmp6F70.tmp
c:\windows\system32\tmp70C8.tmp
c:\windows\system32\tsmservice.dll
c:\windows\system32\V0080Dev.dll
c:\windows\system32\webrootenterpriseclientservice.dll
c:\windows\TEMP\wetmr.dll
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - The cat found it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_sptd
-------\Service_automate6
-------\Service_avpnnic
-------\Service_G400DH
-------\Service_NWFILTER
-------\Service_Slntamr
-------\Service_sptd
-------\Service_suservice
-------\Service_zfdwm
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-30 )))))))))))))))))))))))))))))))
.
.
2012-04-30 22:42 . 2012-04-30 22:45 -------- d-----w- c:\users\Cougar\AppData\Local\temp
2012-04-30 22:42 . 2012-04-30 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 03:21 . 2012-04-30 03:21 -------- d-----w- c:\programdata\529C50D8000435DB0020086B570F1C8B
2012-04-25 08:26 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-25 08:26 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-25 08:26 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-25 08:26 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-25 08:26 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-25 08:25 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-25 08:25 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-24 21:22 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-24 21:21 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-24 21:18 . 2012-03-01 11:01 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 23:04 . 2012-02-20 23:04 130048 ----a-w- c:\programdata\Microsoft\Windows\DRM\FBFC.tmp
2012-02-12 03:53 . 2012-02-12 03:53 776320 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edd4f682-e67a-4175-bb45-c4066da2f7d9}"= "c:\program files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll" [2012-01-15 62864]
.
[HKEY_CLASSES_ROOT\clsid\{edd4f682-e67a-4175-bb45-c4066da2f7d9}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-25 30192]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-09 296056]
"OurBabymaker Search Scope Monitor"="c:\progra~1\OURBAB~2\bar\1.bin\27srchmn.exe" [2012-01-15 38440]
"OurBabyMaker_27 Browser Plugin Loader"="c:\progra~1\OURBAB~2\bar\1.bin\27brmon.exe" [2012-01-15 30096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"529C50D8000435DB0020086B570F1C8B"="c:\programdata\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe" [2012-04-30 442368]
.
c:\users\Cougar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cougar\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sqlagent$sony_mediamgr
citrixwmiservice
SrvcEKIOMngr
prevxagent
wceusbsh
NWFILTER
nalntservice
hcf_msft
automate6
wintrust
Slntamr
btwdins
avpnnic
suservice
zfdwm
G400DH
sentinel
ntcharge
x10nets
besclient
ozoneinstallerservice
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\progra~1\OURBAB~2\bar\1.bin\27barsvc.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-04-30 17:49:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-30 22:49
.
Pre-Run: 140,578,242,560 bytes free
Post-Run: 140,458,258,432 bytes free
.
- - End Of File - - D089F0AC721904A20C48B9D4070B42F4

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 18:01:29
-----------------------------
18:01:29.740 OS Version: Windows 6.0.6002 Service Pack 2
18:01:29.740 Number of processors: 1 586 0x170A
18:01:29.741 ComputerName: COUGAR-PC UserName: Cougar
18:01:30.919 Initialize success
18:01:36.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:01:36.100 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:01:36.136 Disk 0 MBR read successfully
18:01:36.138 Disk 0 MBR scan
18:01:36.142 Disk 0 Windows VISTA default MBR code
18:01:36.149 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:01:36.167 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 229585 MB offset 3074048
18:01:36.200 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 473264128
18:01:36.247 Disk 0 scanning sectors +488396800
18:01:36.345 Disk 0 scanning C:\Windows\system32\drivers
18:01:45.220 Service scanning
18:02:24.524 Modules scanning
18:02:40.749 Scan finished successfully
18:02:59.006 Disk 0 MBR has been saved successfully to "C:\Users\Cougar\Desktop\MBR.dat"
18:02:59.012 The log file has been saved successfully to "C:\Users\Cougar\Desktop\aswMBR.txt"

18:48:49.0068 1608 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
18:48:49.0555 1608 ============================================================
18:48:49.0555 1608 Current date / time: 2012/04/30 18:48:49.0555
18:48:49.0555 1608 SystemInfo:
18:48:49.0555 1608
18:48:49.0555 1608 OS Version: 6.0.6002 ServicePack: 2.0
18:48:49.0555 1608 Product type: Workstation
18:48:49.0555 1608 ComputerName: COUGAR-PC
18:48:49.0555 1608 UserName: Cougar
18:48:49.0555 1608 Windows directory: C:\Windows
18:48:49.0555 1608 System windows directory: C:\Windows
18:48:49.0555 1608 Processor architecture: Intel x86
18:48:49.0555 1608 Number of processors: 1
18:48:49.0555 1608 Page size: 0x1000
18:48:49.0555 1608 Boot type: Normal boot
18:48:49.0555 1608 ============================================================
18:48:50.0011 1608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:48:50.0013 1608 ============================================================
18:48:50.0013 1608 \Device\Harddisk0\DR0:
18:48:50.0013 1608 MBR partitions:
18:48:50.0013 1608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C068800
18:48:50.0013 1608 ============================================================
18:48:50.0036 1608 C: <-> \Device\Harddisk0\DR0\Partition0
18:48:50.0036 1608 ============================================================
18:48:50.0036 1608 Initialize success
18:48:50.0036 1608 ============================================================
18:48:58.0803 1284 ============================================================
18:48:58.0803 1284 Scan started
18:48:58.0803 1284 Mode: Manual; SigCheck; TDLFS;
18:48:58.0803 1284 ============================================================
18:48:59.0544 1284 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:48:59.0637 1284 ACPI - ok
18:48:59.0762 1284 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:59.0770 1284 AdobeARMservice - ok
18:48:59.0900 1284 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:48:59.0910 1284 AdobeFlashPlayerUpdateSvc - ok
18:49:00.0004 1284 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:49:00.0024 1284 adp94xx - ok
18:49:00.0073 1284 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:49:00.0086 1284 adpahci - ok
18:49:00.0127 1284 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:49:00.0139 1284 adpu160m - ok
18:49:00.0189 1284 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:49:00.0199 1284 adpu320 - ok
18:49:00.0304 1284 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:49:00.0341 1284 AeLookupSvc - ok
18:49:00.0450 1284 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:49:00.0494 1284 AFD - ok
18:49:00.0609 1284 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
18:49:00.0813 1284 AgereSoftModem - ok
18:49:00.0865 1284 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:49:00.0875 1284 agp440 - ok
18:49:00.0926 1284 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:49:00.0934 1284 aic78xx - ok
18:49:00.0971 1284 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:49:01.0006 1284 ALG - ok
18:49:01.0037 1284 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:49:01.0045 1284 aliide - ok
18:49:01.0083 1284 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:49:01.0094 1284 amdagp - ok
18:49:01.0111 1284 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:49:01.0121 1284 amdide - ok
18:49:01.0161 1284 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:49:01.0207 1284 AmdK7 - ok
18:49:01.0241 1284 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:49:01.0263 1284 AmdK8 - ok
18:49:01.0316 1284 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:49:01.0358 1284 Appinfo - ok
18:49:01.0399 1284 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:49:01.0410 1284 arc - ok
18:49:01.0453 1284 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:49:01.0465 1284 arcsas - ok
18:49:01.0590 1284 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:49:01.0598 1284 aspnet_state - ok
18:49:01.0632 1284 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:49:01.0677 1284 AsyncMac - ok
18:49:01.0728 1284 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
18:49:01.0736 1284 atapi - ok
18:49:01.0804 1284 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
18:49:01.0831 1284 atksgt - ok
18:49:01.0914 1284 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:49:01.0972 1284 AudioEndpointBuilder - ok
18:49:01.0981 1284 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:49:02.0003 1284 Audiosrv - ok
18:49:02.0087 1284 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:49:02.0111 1284 Beep - ok
18:49:02.0173 1284 besclient - ok
18:49:02.0228 1284 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:49:02.0250 1284 BFE - ok
18:49:02.0359 1284 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:49:02.0438 1284 BITS - ok
18:49:02.0522 1284 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:49:02.0557 1284 blbdrive - ok
18:49:02.0589 1284 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:49:02.0641 1284 bowser - ok
18:49:02.0683 1284 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:49:02.0719 1284 BrFiltLo - ok
18:49:02.0748 1284 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:49:02.0765 1284 BrFiltUp - ok
18:49:02.0798 1284 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:49:02.0831 1284 Browser - ok
18:49:02.0886 1284 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:49:02.0954 1284 Brserid - ok
18:49:02.0994 1284 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:49:03.0054 1284 BrSerWdm - ok
18:49:03.0080 1284 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:49:03.0124 1284 BrUsbMdm - ok
18:49:03.0136 1284 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:49:03.0190 1284 BrUsbSer - ok
18:49:03.0231 1284 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:49:03.0296 1284 BTHMODEM - ok
18:49:03.0328 1284 btwdins - ok
18:49:03.0494 1284 catchme - ok
18:49:03.0521 1284 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:49:03.0543 1284 cdfs - ok
18:49:03.0614 1284 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:49:03.0637 1284 cdrom - ok
18:49:03.0682 1284 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:49:03.0701 1284 CertPropSvc - ok
18:49:03.0739 1284 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:49:03.0791 1284 circlass - ok
18:49:03.0800 1284 citrixwmiservice - ok
18:49:03.0860 1284 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:49:03.0874 1284 CLFS - ok
18:49:04.0049 1284 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:49:04.0058 1284 clr_optimization_v2.0.50727_32 - ok
18:49:04.0174 1284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:49:04.0184 1284 clr_optimization_v4.0.30319_32 - ok
18:49:04.0234 1284 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:49:04.0275 1284 CmBatt - ok
18:49:04.0295 1284 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:49:04.0303 1284 cmdide - ok
18:49:04.0331 1284 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:49:04.0339 1284 Compbatt - ok
18:49:04.0348 1284 COMSysApp - ok
18:49:04.0449 1284 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:49:04.0472 1284 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
18:49:04.0473 1284 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
18:49:04.0517 1284 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:49:04.0527 1284 crcdisk - ok
18:49:04.0544 1284 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:49:04.0588 1284 Crusoe - ok
18:49:04.0644 1284 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:49:04.0683 1284 CryptSvc - ok
18:49:04.0729 1284 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:49:04.0762 1284 DcomLaunch - ok
18:49:04.0770 1284 DfsC - ok
18:49:04.0895 1284 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:49:04.0999 1284 DFSR - ok
18:49:05.0175 1284 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:49:05.0218 1284 Dhcp - ok
18:49:05.0300 1284 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:49:05.0310 1284 disk - ok
18:49:05.0347 1284 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:49:05.0385 1284 Dnscache - ok
18:49:05.0425 1284 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:49:05.0445 1284 dot3svc - ok
18:49:05.0501 1284 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:49:05.0524 1284 DPS - ok
18:49:05.0568 1284 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:49:05.0595 1284 drmkaud - ok
18:49:05.0650 1284 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:49:05.0673 1284 DXGKrnl - ok
18:49:05.0701 1284 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:49:05.0748 1284 E1G60 - ok
18:49:05.0797 1284 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:49:05.0825 1284 EapHost - ok
18:49:05.0860 1284 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:49:05.0872 1284 Ecache - ok
18:49:05.0926 1284 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:49:05.0943 1284 elxstor - ok
18:49:06.0036 1284 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:49:06.0138 1284 EMDMgmt - ok
18:49:06.0172 1284 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:49:06.0218 1284 ErrDev - ok
18:49:06.0284 1284 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:49:06.0326 1284 EventSystem - ok
18:49:06.0365 1284 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:49:06.0402 1284 exfat - ok
18:49:06.0440 1284 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:49:06.0461 1284 fastfat - ok
18:49:06.0509 1284 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:49:06.0536 1284 fdc - ok
18:49:06.0576 1284 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:49:06.0598 1284 fdPHost - ok
18:49:06.0611 1284 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:49:06.0668 1284 FDResPub - ok
18:49:06.0714 1284 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:49:06.0722 1284 FileInfo - ok
18:49:06.0745 1284 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:49:06.0781 1284 Filetrace - ok
18:49:06.0813 1284 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:49:06.0835 1284 flpydisk - ok
18:49:06.0872 1284 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:49:06.0885 1284 FltMgr - ok
18:49:06.0979 1284 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:49:07.0074 1284 FontCache - ok
18:49:07.0146 1284 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:49:07.0154 1284 FontCache3.0.0.0 - ok
18:49:07.0203 1284 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:49:07.0229 1284 Fs_Rec - ok
18:49:07.0299 1284 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
18:49:07.0360 1284 FwLnk - ok
18:49:07.0431 1284 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:49:07.0440 1284 gagp30kx - ok
18:49:07.0568 1284 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:49:07.0575 1284 GoogleDesktopManager-051210-111108 - ok
18:49:07.0676 1284 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:49:07.0772 1284 gpsvc - ok
18:49:07.0935 1284 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:49:07.0944 1284 gupdate - ok
18:49:07.0993 1284 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:49:08.0003 1284 gupdatem - ok
18:49:08.0145 1284 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:49:08.0155 1284 gusvc - ok
18:49:08.0169 1284 hcf_msft - ok
18:49:08.0232 1284 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:49:08.0298 1284 HdAudAddService - ok
18:49:08.0366 1284 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:49:08.0412 1284 HDAudBus - ok
18:49:08.0446 1284 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:49:08.0488 1284 HidBth - ok
18:49:08.0527 1284 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:49:08.0596 1284 HidIr - ok
18:49:08.0630 1284 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:49:08.0693 1284 hidserv - ok
18:49:08.0728 1284 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:49:08.0751 1284 HidUsb - ok
18:49:08.0795 1284 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:49:08.0821 1284 hkmsvc - ok
18:49:08.0873 1284 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:49:08.0882 1284 HpCISSs - ok
18:49:08.0932 1284 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
18:49:08.0960 1284 HTTP - ok
18:49:09.0001 1284 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:49:09.0011 1284 i2omp - ok
18:49:09.0102 1284 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:49:09.0120 1284 i8042prt - ok
18:49:09.0243 1284 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:49:09.0258 1284 IAANTMON - ok
18:49:09.0315 1284 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
18:49:09.0326 1284 iaStor - ok
18:49:09.0368 1284 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:49:09.0384 1284 iaStorV - ok
18:49:09.0476 1284 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:49:09.0498 1284 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:49:09.0498 1284 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:49:09.0595 1284 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:49:09.0642 1284 idsvc - ok
18:49:09.0880 1284 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:49:10.0035 1284 igfx - ok
18:49:10.0207 1284 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:49:10.0215 1284 iirsp - ok
18:49:10.0278 1284 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:49:10.0382 1284 IKEEXT - ok
18:49:10.0510 1284 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
18:49:10.0569 1284 IntcAzAudAddService - ok
18:49:10.0706 1284 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:49:10.0717 1284 intelide - ok
18:49:10.0736 1284 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:49:10.0786 1284 intelppm - ok
18:49:10.0882 1284 IO_Memory - ok
18:49:10.0934 1284 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:49:10.0982 1284 IPBusEnum - ok
18:49:11.0026 1284 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:49:11.0072 1284 IpFilterDriver - ok
18:49:11.0112 1284 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
18:49:11.0152 1284 iphlpsvc - ok
18:49:11.0161 1284 IpInIp - ok
18:49:11.0207 1284 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:49:11.0231 1284 IPMIDRV - ok
18:49:11.0248 1284 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:49:11.0293 1284 IPNAT - ok
18:49:11.0329 1284 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:49:11.0350 1284 IRENUM - ok
18:49:11.0386 1284 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:49:11.0395 1284 isapnp - ok
18:49:11.0433 1284 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:49:11.0447 1284 iScsiPrt - ok
18:49:11.0471 1284 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:49:11.0480 1284 iteatapi - ok
18:49:11.0497 1284 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:49:11.0508 1284 iteraid - ok
18:49:11.0586 1284 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files\iWin Games\iWinTrusted.exe
18:49:11.0596 1284 iWinTrusted - ok
18:49:11.0651 1284 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:11.0660 1284 kbdclass - ok
18:49:11.0701 1284 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:11.0752 1284 kbdhid - ok
18:49:11.0816 1284 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:49:11.0840 1284 KeyIso - ok
18:49:11.0875 1284 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
18:49:11.0926 1284 KR10I - ok
18:49:11.0991 1284 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
18:49:12.0036 1284 KR10N - ok
18:49:12.0117 1284 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:49:12.0175 1284 KSecDD - ok
18:49:12.0257 1284 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:49:12.0286 1284 KtmRm - ok
18:49:12.0343 1284 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:49:12.0377 1284 LanmanServer - ok
18:49:12.0412 1284 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:49:12.0507 1284 LanmanWorkstation - ok
18:49:12.0557 1284 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
18:49:12.0565 1284 lirsgt - ok
18:49:12.0599 1284 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:12.0633 1284 lltdio - ok
18:49:12.0666 1284 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:49:12.0714 1284 lltdsvc - ok
18:49:12.0742 1284 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:49:12.0785 1284 lmhosts - ok
18:49:12.0826 1284 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:49:12.0838 1284 LSI_FC - ok
18:49:12.0858 1284 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:49:12.0868 1284 LSI_SAS - ok
18:49:12.0893 1284 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:49:12.0903 1284 LSI_SCSI - ok
18:49:12.0934 1284 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:49:12.0958 1284 luafv - ok
18:49:13.0018 1284 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
18:49:13.0025 1284 LVPr2Mon - ok
18:49:13.0104 1284 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
18:49:13.0117 1284 LVRS - ok
18:49:13.0308 1284 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
18:49:13.0464 1284 LVUVC - ok
18:49:13.0615 1284 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:49:13.0624 1284 megasas - ok
18:49:13.0662 1284 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:49:13.0710 1284 MegaSR - ok
18:49:13.0753 1284 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:49:13.0789 1284 MMCSS - ok
18:49:13.0841 1284 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:49:13.0880 1284 Modem - ok
18:49:13.0929 1284 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:49:13.0951 1284 monitor - ok
18:49:13.0965 1284 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:13.0973 1284 mouclass - ok
18:49:13.0996 1284 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:14.0041 1284 mouhid - ok
18:49:14.0081 1284 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:49:14.0091 1284 MountMgr - ok
18:49:14.0120 1284 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:49:14.0132 1284 mpio - ok
18:49:14.0158 1284 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:49:14.0201 1284 mpsdrv - ok
18:49:14.0278 1284 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:49:14.0331 1284 MpsSvc - ok
18:49:14.0391 1284 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:49:14.0399 1284 Mraid35x - ok
18:49:14.0451 1284 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:49:14.0465 1284 MRxDAV - ok
18:49:14.0500 1284 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:14.0532 1284 mrxsmb - ok
18:49:14.0568 1284 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:14.0601 1284 mrxsmb10 - ok
18:49:14.0656 1284 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:14.0685 1284 mrxsmb20 - ok
18:49:14.0723 1284 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:49:14.0731 1284 msahci - ok
18:49:14.0759 1284 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:49:14.0769 1284 msdsm - ok
18:49:14.0815 1284 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:49:14.0840 1284 MSDTC - ok
18:49:14.0884 1284 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:49:14.0907 1284 Msfs - ok
18:49:14.0947 1284 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:49:14.0955 1284 msisadrv - ok
18:49:14.0993 1284 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:49:15.0018 1284 MSiSCSI - ok
18:49:15.0027 1284 msiserver - ok
18:49:15.0061 1284 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:15.0107 1284 MSKSSRV - ok
18:49:15.0161 1284 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:15.0212 1284 MSPCLOCK - ok
18:49:15.0239 1284 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:49:15.0279 1284 MSPQM - ok
18:49:15.0313 1284 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:49:15.0327 1284 MsRPC - ok
18:49:15.0353 1284 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:49:15.0364 1284 mssmbios - ok
18:49:15.0399 1284 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:49:15.0432 1284 MSTEE - ok
18:49:15.0472 1284 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:49:15.0484 1284 Mup - ok
18:49:15.0494 1284 nalntservice - ok
18:49:15.0527 1284 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:49:15.0571 1284 napagent - ok
18:49:15.0628 1284 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:15.0652 1284 NativeWifiP - ok
18:49:15.0711 1284 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:49:15.0763 1284 NDIS - ok
18:49:15.0796 1284 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:15.0835 1284 NdisTapi - ok
18:49:15.0868 1284 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:15.0891 1284 Ndisuio - ok
18:49:15.0947 1284 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:15.0965 1284 NdisWan - ok
18:49:16.0003 1284 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:49:16.0030 1284 NDProxy - ok
18:49:16.0106 1284 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:49:16.0130 1284 NetBIOS - ok
18:49:16.0152 1284 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:49:16.0171 1284 netbt - ok
18:49:16.0194 1284 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:49:16.0206 1284 Netlogon - ok
18:49:16.0240 1284 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:49:16.0284 1284 Netman - ok
18:49:16.0388 1284 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:49:16.0397 1284 NetMsmqActivator - ok
18:49:16.0406 1284 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:49:16.0416 1284 NetPipeActivator - ok
18:49:16.0452 1284 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:49:16.0481 1284 netprofm - ok
18:49:16.0490 1284 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:49:16.0500 1284 NetTcpActivator - ok
18:49:16.0508 1284 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:49:16.0517 1284 NetTcpPortSharing - ok
18:49:16.0546 1284 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:49:16.0555 1284 nfrd960 - ok
18:49:16.0596 1284 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:49:16.0650 1284 NlaSvc - ok
18:49:16.0716 1284 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:49:16.0756 1284 Npfs - ok
18:49:16.0799 1284 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:49:16.0822 1284 nsi - ok
18:49:16.0872 1284 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:49:16.0912 1284 nsiproxy - ok
18:49:16.0921 1284 ntcharge - ok
18:49:16.0987 1284 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:49:17.0060 1284 Ntfs - ok
18:49:17.0114 1284 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:49:17.0180 1284 ntrigdigi - ok
18:49:17.0210 1284 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:49:17.0233 1284 Null - ok
18:49:17.0261 1284 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:49:17.0272 1284 nvraid - ok
18:49:17.0317 1284 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:49:17.0329 1284 nvstor - ok
18:49:17.0370 1284 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:49:17.0381 1284 nv_agp - ok
18:49:17.0391 1284 NwlnkFlt - ok
18:49:17.0400 1284 NwlnkFwd - ok
18:49:17.0534 1284 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:49:17.0551 1284 odserv - ok
18:49:17.0575 1284 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:49:17.0638 1284 ohci1394 - ok
18:49:17.0705 1284 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:49:17.0715 1284 ose - ok
18:49:17.0810 1284 OurBabyMaker_27Service (622fcf264119f7df127be353f796b319) C:\PROGRA~1\OURBAB~2\bar\1.bin\27barsvc.exe
18:49:17.0817 1284 OurBabyMaker_27Service - ok
18:49:17.0828 1284 ozoneinstallerservice - ok
18:49:17.0954 1284 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:49:18.0009 1284 p2pimsvc - ok
18:49:18.0021 1284 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:49:18.0072 1284 p2psvc - ok
18:49:18.0163 1284 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:49:18.0209 1284 Parport - ok
18:49:18.0251 1284 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:49:18.0261 1284 partmgr - ok
18:49:18.0293 1284 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:49:18.0340 1284 Parvdm - ok
18:49:18.0474 1284 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:49:18.0510 1284 PcaSvc - ok
18:49:18.0549 1284 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:49:18.0561 1284 pci - ok
18:49:18.0601 1284 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:49:18.0609 1284 pciide - ok
18:49:18.0642 1284 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:49:18.0653 1284 pcmcia - ok
18:49:18.0728 1284 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:49:18.0800 1284 PEAUTH - ok
18:49:18.0958 1284 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:49:19.0099 1284 pla - ok
18:49:19.0511 1284 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:49:19.0532 1284 PlugPlay - ok
18:49:19.0629 1284 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:49:19.0686 1284 PNRPAutoReg - ok
18:49:19.0700 1284 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:49:19.0783 1284 PNRPsvc - ok
18:49:19.0925 1284 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:49:20.0020 1284 PolicyAgent - ok
18:49:20.0174 1284 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:20.0197 1284 PptpMiniport - ok
18:49:20.0206 1284 prevxagent - ok
18:49:20.0234 1284 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:49:20.0264 1284 Processor - ok
18:49:20.0312 1284 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:49:20.0375 1284 ProfSvc - ok
18:49:20.0439 1284 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:49:20.0452 1284 ProtectedStorage - ok
18:49:20.0502 1284 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:49:20.0520 1284 PSched - ok
18:49:20.0582 1284 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:49:20.0589 1284 PxHelp20 - ok
18:49:20.0665 1284 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:49:20.0707 1284 ql2300 - ok
18:49:20.0766 1284 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:49:20.0776 1284 ql40xx - ok
18:49:20.0848 1284 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:49:20.0906 1284 QWAVE - ok
18:49:20.0939 1284 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:49:20.0950 1284 QWAVEdrv - ok
18:49:20.0967 1284 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:20.0990 1284 RasAcd - ok
18:49:21.0064 1284 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:49:21.0118 1284 RasAuto - ok
18:49:21.0176 1284 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:21.0228 1284 Rasl2tp - ok
18:49:21.0290 1284 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:49:21.0348 1284 RasMan - ok
18:49:21.0416 1284 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:21.0434 1284 RasPppoe - ok
18:49:21.0469 1284 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:21.0481 1284 RasSstp - ok
18:49:21.0597 1284 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:21.0634 1284 rdbss - ok
18:49:21.0666 1284 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:21.0703 1284 RDPCDD - ok
18:49:21.0745 1284 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:49:21.0771 1284 rdpdr - ok
18:49:21.0781 1284 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:49:21.0803 1284 RDPENCDD - ok
18:49:21.0842 1284 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:49:21.0876 1284 RDPWD - ok
18:49:21.0936 1284 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:49:21.0962 1284 RemoteAccess - ok
18:49:21.0999 1284 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:49:22.0033 1284 RemoteRegistry - ok
18:49:22.0082 1284 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:49:22.0103 1284 RpcLocator - ok
18:49:22.0152 1284 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
18:49:22.0181 1284 RpcSs - ok
18:49:22.0226 1284 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:22.0266 1284 rspndr - ok
18:49:22.0336 1284 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:49:22.0348 1284 RTL8169 - ok
18:49:22.0403 1284 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:49:22.0466 1284 RTL8187B - ok
18:49:22.0514 1284 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
18:49:22.0521 1284 RtlProt - ok
18:49:22.0582 1284 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
18:49:22.0608 1284 RTSTOR - ok
18:49:22.0661 1284 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:49:22.0674 1284 SamSs - ok
18:49:22.0726 1284 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:49:22.0742 1284 sbp2port - ok
18:49:22.0796 1284 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:49:22.0818 1284 SCardSvr - ok
18:49:22.0917 1284 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:49:22.0996 1284 Schedule - ok
18:49:23.0040 1284 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:49:23.0059 1284 SCPolicySvc - ok
18:49:23.0113 1284 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:49:23.0186 1284 SDRSVC - ok
18:49:23.0226 1284 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:49:23.0282 1284 secdrv - ok
18:49:23.0363 1284 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:49:23.0393 1284 seclogon - ok
18:49:23.0444 1284 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:49:23.0487 1284 SENS - ok
18:49:23.0496 1284 sentinel - ok
18:49:23.0524 1284 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:49:23.0584 1284 Serenum - ok
18:49:23.0631 1284 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:49:23.0686 1284 Serial - ok
18:49:23.0716 1284 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:49:23.0739 1284 sermouse - ok
18:49:23.0808 1284 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:49:23.0854 1284 SessionEnv - ok
18:49:23.0889 1284 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:49:23.0929 1284 sffdisk - ok
18:49:23.0952 1284 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:49:24.0003 1284 sffp_mmc - ok
18:49:24.0048 1284 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:49:24.0087 1284 sffp_sd - ok
18:49:24.0118 1284 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:49:24.0165 1284 sfloppy - ok
18:49:24.0231 1284 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:49:24.0259 1284 SharedAccess - ok
18:49:24.0304 1284 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:49:24.0365 1284 ShellHWDetection - ok
18:49:24.0392 1284 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:49:24.0401 1284 sisagp - ok
18:49:24.0441 1284 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:49:24.0450 1284 SiSRaid2 - ok
18:49:24.0472 1284 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:49:24.0482 1284 SiSRaid4 - ok
18:49:24.0639 1284 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:49:24.0974 1284 slsvc - ok
18:49:25.0157 1284 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:49:25.0201 1284 SLUINotify - ok
18:49:25.0292 1284 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:49:25.0310 1284 Smb - ok
18:49:25.0352 1284 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:49:25.0390 1284 SNMPTRAP - ok
18:49:25.0441 1284 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:49:25.0449 1284 spldr - ok
18:49:25.0495 1284 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:49:25.0528 1284 Spooler - ok
18:49:25.0538 1284 sqlagent$sony_mediamgr - ok
18:49:25.0578 1284 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:49:25.0651 1284 srv - ok
18:49:25.0688 1284 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:49:25.0744 1284 srv2 - ok
18:49:25.0753 1284 SrvcEKIOMngr - ok
18:49:25.0783 1284 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:49:25.0795 1284 srvnet - ok
18:49:25.0834 1284 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:49:25.0860 1284 SSDPSRV - ok
18:49:25.0891 1284 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:49:25.0922 1284 SstpSvc - ok
18:49:25.0980 1284 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:49:26.0056 1284 stisvc - ok
18:49:26.0127 1284 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
18:49:26.0131 1284 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
18:49:26.0131 1284 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
18:49:26.0224 1284 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:49:26.0234 1284 swenum - ok
18:49:26.0272 1284 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:49:26.0325 1284 swprv - ok
18:49:26.0377 1284 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:49:26.0386 1284 Symc8xx - ok
18:49:26.0419 1284 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:49:26.0428 1284 Sym_hi - ok
18:49:26.0462 1284 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:49:26.0471 1284 Sym_u3 - ok
18:49:26.0530 1284 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
18:49:26.0540 1284 SynTP - ok
18:49:26.0594 1284 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:49:26.0624 1284 SysMain - ok
18:49:26.0699 1284 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:49:26.0739 1284 TabletInputService - ok
18:49:26.0799 1284 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:49:26.0821 1284 TapiSrv - ok
18:49:26.0859 1284 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:49:26.0885 1284 TBS - ok
18:49:26.0956 1284 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:49:27.0002 1284 Tcpip - ok
18:49:27.0018 1284 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:49:27.0083 1284 Tcpip6 - ok
18:49:27.0135 1284 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:49:27.0152 1284 tcpipreg - ok
18:49:27.0229 1284 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:49:27.0235 1284 tdcmdpst - ok
18:49:27.0285 1284 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:49:27.0316 1284 TDPIPE - ok
18:49:27.0341 1284 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:49:27.0368 1284 TDTCP - ok
18:49:27.0425 1284 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:49:27.0444 1284 tdx - ok
18:49:27.0480 1284 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:49:27.0491 1284 TermDD - ok
18:49:27.0568 1284 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:49:27.0631 1284 TermService - ok
18:49:27.0705 1284 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:49:27.0720 1284 Themes - ok
18:49:27.0754 1284 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:49:27.0779 1284 THREADORDER - ok
18:49:27.0883 1284 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:49:27.0890 1284 TMachInfo - ok
18:49:27.0966 1284 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:49:27.0976 1284 TNaviSrv - ok
18:49:28.0042 1284 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:49:28.0053 1284 TODDSrv - ok
18:49:28.0128 1284 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:49:28.0186 1284 TosCoSrv - ok
18:49:28.0261 1284 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:49:28.0284 1284 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
18:49:28.0284 1284 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
18:49:28.0403 1284 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:49:28.0415 1284 tos_sps32 - ok
18:49:28.0460 1284 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:49:28.0487 1284 TrkWks - ok
18:49:28.0578 1284 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:49:28.0616 1284 TrustedInstaller - ok
18:49:28.0672 1284 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:28.0695 1284 tssecsrv - ok
18:49:28.0739 1284 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:49:28.0780 1284 tunmp - ok
18:49:28.0850 1284 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:49:28.0878 1284 tunnel - ok
18:49:28.0922 1284 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:49:28.0928 1284 TVALZ - ok
18:49:28.0969 1284 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:49:28.0978 1284 uagp35 - ok
18:49:29.0039 1284 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:49:29.0070 1284 udfs - ok
18:49:29.0108 1284 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:49:29.0161 1284 UI0Detect - ok
18:49:29.0253 1284 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:49:29.0282 1284 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
18:49:29.0283 1284 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
18:49:29.0329 1284 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:49:29.0339 1284 uliagpkx - ok
18:49:29.0369 1284 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:49:29.0383 1284 uliahci - ok
18:49:29.0422 1284 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:49:29.0434 1284 UlSata - ok
18:49:29.0494 1284 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:49:29.0504 1284 ulsata2 - ok
18:49:29.0530 1284 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:49:29.0552 1284 umbus - ok
18:49:29.0583 1284 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:49:29.0611 1284 upnphost - ok
18:49:29.0674 1284 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:49:29.0708 1284 usbaudio - ok
18:49:29.0736 1284 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:29.0754 1284 usbccgp - ok
18:49:29.0782 1284 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:49:29.0844 1284 usbcir - ok
18:49:29.0895 1284 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:49:29.0913 1284 usbehci - ok
18:49:29.0938 1284 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:49:29.0981 1284 usbhub - ok
18:49:30.0023 1284 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:49:30.0069 1284 usbohci - ok
18:49:30.0104 1284 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:49:30.0136 1284 usbprint - ok
18:49:30.0211 1284 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:49:30.0233 1284 usbscan - ok
18:49:30.0287 1284 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:30.0307 1284 USBSTOR - ok
18:49:30.0343 1284 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:49:30.0360 1284 usbuhci - ok
18:49:30.0412 1284 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:49:30.0437 1284 usbvideo - ok
18:49:30.0478 1284 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:49:30.0497 1284 UxSms - ok
18:49:30.0555 1284 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:49:30.0603 1284 vds - ok
18:49:30.0671 1284 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:30.0713 1284 vga - ok
18:49:30.0735 1284 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:49:30.0758 1284 VgaSave - ok
18:49:30.0778 1284 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:49:30.0787 1284 viaagp - ok
18:49:30.0825 1284 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:49:30.0848 1284 ViaC7 - ok
18:49:30.0874 1284 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:49:30.0882 1284 viaide - ok
18:49:30.0927 1284 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:49:30.0936 1284 volmgr - ok
18:49:30.0983 1284 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:49:30.0998 1284 volmgrx - ok
18:49:31.0027 1284 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:49:31.0041 1284 volsnap - ok
18:49:31.0086 1284 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:49:31.0097 1284 vsmraid - ok
18:49:31.0190 1284 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:49:31.0286 1284 VSS - ok
18:49:31.0349 1284 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:49:31.0400 1284 W32Time - ok
18:49:31.0469 1284 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:49:31.0515 1284 WacomPen - ok
18:49:31.0544 1284 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:31.0562 1284 Wanarp - ok
18:49:31.0570 1284 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:31.0589 1284 Wanarpv6 - ok
18:49:31.0598 1284 wceusbsh - ok
18:49:31.0644 1284 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:49:31.0669 1284 wcncsvc - ok
18:49:31.0704 1284 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:49:31.0726 1284 WcsPlugInService - ok
18:49:31.0771 1284 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:49:31.0781 1284 Wd - ok
18:49:31.0824 1284 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:49:31.0846 1284 Wdf01000 - ok
18:49:31.0873 1284 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:49:31.0926 1284 WdiServiceHost - ok
18:49:31.0934 1284 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:49:31.0958 1284 WdiSystemHost - ok
18:49:32.0007 1284 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:49:32.0042 1284 WebClient - ok
18:49:32.0113 1284 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:49:32.0166 1284 Wecsvc - ok
18:49:32.0226 1284 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:49:32.0273 1284 wercplsupport - ok
18:49:32.0320 1284 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:49:32.0341 1284 WerSvc - ok
18:49:32.0429 1284 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:49:32.0443 1284 WinDefend - ok
18:49:32.0460 1284 WinHttpAutoProxySvc - ok
18:49:32.0537 1284 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:49:32.0557 1284 Winmgmt - ok
18:49:32.0627 1284 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:49:32.0700 1284 WinRM - ok
18:49:32.0718 1284 wintrust - ok
18:49:32.0805 1284 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:49:32.0861 1284 Wlansvc - ok
18:49:33.0105 1284 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:49:33.0196 1284 wlidsvc - ok
18:49:33.0334 1284 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:49:33.0356 1284 WmiAcpi - ok
18:49:33.0438 1284 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:49:33.0462 1284 wmiApSrv - ok
18:49:33.0579 1284 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:49:33.0690 1284 WMPNetworkSvc - ok
18:49:33.0750 1284 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:49:33.0780 1284 WPCSvc - ok
18:49:33.0830 1284 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:49:33.0887 1284 WPDBusEnum - ok
18:49:34.0059 1284 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:49:34.0084 1284 WPFFontCache_v0400 - ok
18:49:34.0161 1284 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:49:34.0183 1284 ws2ifsl - ok
18:49:34.0219 1284 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:49:34.0234 1284 wscsvc - ok
18:49:34.0244 1284 WSearch - ok
18:49:34.0402 1284 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:49:34.0467 1284 wuauserv - ok
18:49:34.0607 1284 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:34.0632 1284 WUDFRd - ok
18:49:34.0669 1284 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:49:34.0695 1284 wudfsvc - ok
18:49:34.0705 1284 x10nets - ok
18:49:34.0828 1284 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:49:34.0848 1284 YahooAUService - ok
18:49:34.0891 1284 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:49:35.0634 1284 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:49:35.0634 1284 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:49:35.0679 1284 Boot (0x1200) (c3c65c0fad08c0d22efc271ed8eff177) \Device\Harddisk0\DR0\Partition0
18:49:35.0680 1284 \Device\Harddisk0\DR0\Partition0 - ok
18:49:35.0685 1284 ============================================================
18:49:35.0685 1284 Scan finished
18:49:35.0685 1284 ============================================================
18:49:35.0698 4556 Detected object count: 6
18:49:35.0698 4556 Actual detected object count: 6
18:51:24.0010 4556 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:24.0010 4556 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:24.0010 4556 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:24.0010 4556 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:24.0011 4556 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:24.0011 4556 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:24.0011 4556 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:24.0011 4556 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:24.0011 4556 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
18:51:24.0011 4556 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:51:24.0073 4556 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:51:24.0396 4556 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:51:24.0450 4556 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:51:24.0453 4556 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:51:24.0457 4556 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:51:24.0467 4556 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:51:24.0473 4556 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:51:24.0501 4556 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:51:24.0502 4556 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:51:24.0504 4556 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:51:24.0506 4556 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:51:24.0508 4556 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:51:24.0508 4556 \Device\Harddisk0\DR0\TDLFS - deleted
18:51:24.0508 4556 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
18:52:41.0913 4224 Deinitialize success

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cougar :: COUGAR-PC [administrator]

4/30/2012 7:10:44 PM
mbam-log-2012-04-30 (19-20-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203616
Time elapsed: 7 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Program Files\OurBabyMaker_27\bar\1.bin\27brmon.exe (PUP.MyWebSearch) -> 3296 -> No action taken.

Memory Modules Detected: 1
C:\Program Files\OurBabyMaker_27\bar\1.bin\27brstub.dll (PUP.MyWebSearch) -> No action taken.

Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\OurBabyMaker_27Service (PUP.MyWebSearch) -> No action taken.
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> No action taken.
HKCU\Software\SkyMedia (Adware.SkyMedia) -> No action taken.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OurBabyMaker_27 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\OURBAB~2\bar\1.bin\27brmon.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OurBabymaker Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\OURBAB~2\bar\1.bin\27srchmn.exe" /m=2 /w /h -> No action taken.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|529C50D8000435DB0020086B570F1C8B (Trojan.LameShield) -> Data: C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Program Files\OurBabyMaker_27\bar\1.bin\27barsvc.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\OurBabyMaker_27\bar\1.bin\27brstub.dll (PUP.MyWebSearch) -> No action taken.
C:\Program Files\OurBabyMaker_27\bar\1.bin\27brmon.exe (PUP.MyWebSearch) -> No action taken.
C:\Program Files\OurBabyMaker_27\bar\1.bin\27SrchMn.exe (PUP.MyWebSearch) -> No action taken.
C:\ProgramData\529C50D8000435DB0020086B570F1C8B\529C50D8000435DB0020086B570F1C8B.exe (Trojan.LameShield) -> No action taken.

(end)

OTL logfile created on: 4/30/2012 7:30:09 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 130.49 Gb Free Space | 58.20% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 18:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Cougar\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 17:43:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/25 17:05:58 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008/06/02 15:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 13:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\System32\tpsrv.dll -- (x10nets)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\ssdiagn.dll -- (wintrust)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\ezplay.dll -- (wceusbsh)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\U3sHlpDr.dll -- (SrvcEKIOMngr)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\asc3350p.dll -- (sqlagent$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\V0080Dev.dll -- (sentinel)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\digitizer.dll -- (prevxagent)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\PID_PEPI.dll -- (ozoneinstallerservice)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\pcnet.dll -- (ntcharge)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\srescan.dll -- (nalntservice)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\tsmservice.dll -- (hcf_msft)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\issimon.dll -- (citrixwmiservice)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\freesshdservice.dll -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Windows\System32\ma763004.dll -- (besclient)
SRV - [2012/04/30 18:21:02 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/09/25 08:08:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [File_System | Unknown | Stopped] -- C:\Windows\System32\Drivers\dfsc.sys -- (DfsC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 21:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/18 23:29:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/18 23:29:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/10 23:42:54 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/06/12 20:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {edd4f682-e67a-4175-bb45-c4066da2f7d9} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/23 22:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 22:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]_27.com: C:\Program Files\OurBabyMaker_27\bar\1.bin [2012/04/30 19:24:33 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/04/30 17:44:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Neopets) - {CD292324-974F-4224-D074-CACA427AA030} - C:\Program Files\Neopets\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cougar\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: sqlagent$sony_mediamgr - C:\Windows\System32\asc3350p.dll File not found
NetSvcs: citrixwmiservice - C:\Windows\System32\issimon.dll File not found
NetSvcs: SrvcEKIOMngr - C:\Windows\System32\U3sHlpDr.dll File not found
NetSvcs: prevxagent - C:\Windows\System32\digitizer.dll File not found
NetSvcs: wceusbsh - C:\Windows\System32\ezplay.dll File not found
NetSvcs: NWFILTER - File not found
NetSvcs: nalntservice - C:\Windows\System32\srescan.dll File not found
NetSvcs: hcf_msft - C:\Windows\System32\tsmservice.dll File not found
NetSvcs: automate6 - File not found
NetSvcs: wintrust - C:\Windows\System32\ssdiagn.dll File not found
NetSvcs: Slntamr - File not found
NetSvcs: btwdins - C:\Windows\System32\freesshdservice.dll File not found
NetSvcs: avpnnic - File not found
NetSvcs: suservice - File not found
NetSvcs: zfdwm - File not found
NetSvcs: G400DH - File not found
NetSvcs: sentinel - C:\Windows\System32\V0080Dev.dll File not found
NetSvcs: ntcharge - C:\Windows\System32\pcnet.dll File not found
NetSvcs: x10nets - C:\Windows\System32\tpsrv.dll File not found
NetSvcs: besclient - C:\Windows\System32\ma763004.dll File not found
NetSvcs: ozoneinstallerservice - C:\Windows\System32\PID_PEPI.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: 38339169.sys - Driver
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 38339169.sys - Driver
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dfsc - C:\Windows\System32\Drivers\dfsc.sys File not found
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 19:07:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/30 18:21:02 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/30 18:12:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 17:57:06 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:49:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/30 17:49:51 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\temp
[2012/04/30 17:45:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/30 17:25:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.svs
[2012/04/30 17:02:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 17:02:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 17:02:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 17:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 17:02:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/30 16:48:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 16:37:52 | 004,479,582 | R--- | C] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:25:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:24:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50D8000435DB0020086B570F1C8B
[2012/04/25 03:26:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/25 03:26:02 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/04/25 03:26:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/04/25 03:26:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/25 03:25:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/04/25 03:25:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/25 03:25:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/24 16:21:12 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/04/23 20:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 19:30:47 | 000,654,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 19:30:47 | 000,123,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 19:25:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 19:24:55 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 19:24:55 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 19:24:50 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 19:24:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 19:07:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 18:56:21 | 000,027,427 | ---- | M] () -- C:\Users\Cougar\Desktop\405143_3798195473603_1238756402_33716772_1727863185_n.jpg
[2012/04/30 18:36:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 18:21:02 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/30 18:21:02 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/30 18:20:56 | 000,000,935 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 17:58:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:52:56 | 000,000,818 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/30 16:40:11 | 004,479,582 | R--- | M] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:30:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/29 22:26:40 | 363,719,560 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/24 18:34:09 | 000,334,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/24 16:12:40 | 000,000,933 | ---- | M] () -- C:\Users\Cougar\Desktop\Dropbox.lnk
[2012/04/24 16:12:40 | 000,000,913 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 19:07:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 18:45:17 | 000,027,427 | ---- | C] () -- C:\Users\Cougar\Desktop\405143_3798195473603_1238756402_33716772_1727863185_n.jpg
[2012/04/30 18:21:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 18:20:56 | 000,000,935 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 17:52:56 | 000,000,818 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:02:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 17:02:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 17:02:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 17:02:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 17:02:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/23 20:32:05 | 363,719,560 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/16 16:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Cougar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/05/01 03:01:38 | 000,000,680 | ---- | C] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2010/11/28 16:58:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/22 00:31:59 | 000,007,164 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\UserTile.png
[2010/07/04 13:40:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/20 02:57:06 | 000,010,882 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2009/08/18 23:29:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/18 23:29:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/18 19:58:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/18 19:58:29 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 04:47:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/10/15 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Adobe
[2011/05/23 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Alawar
[2011/11/02 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AlphaKimori2
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Aveyond 3
[2012/02/12 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG
[2011/11/26 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Big Fish Games
[2010/11/09 21:17:10 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DAEMON Tools Lite
[2012/04/23 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dekovir
[2009/09/21 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DeLorme
[2010/11/27 03:31:39 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DivX
[2012/04/30 19:27:17 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dropbox
[2011/11/19 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\ERS Game Studios
[2012/04/23 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Games
[2011/02/20 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Ghost Ship Studios
[2009/08/26 22:30:08 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Google
[2011/09/03 23:21:01 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\HpUpdate
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\HuruBeachParty
[2009/08/18 19:58:36 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Identities
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\IDoser
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Islands
[2010/11/14 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Leadertech
[2010/11/26 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\LEGO Company
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Lost in the City
[2009/08/26 22:20:41 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Macromedia
[2011/05/12 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Malwarebytes
[2011/10/15 17:38:32 | 000,000,000 | --SD | M] -- C:\Users\Cougar\AppData\Roaming\Microsoft
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mIRC
[2012/04/23 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Neopets Toolbar
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\PathToSuccess
[2010/11/30 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Pony-World-Deluxe
[2011/12/09 17:44:30 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Real
[2011/08/05 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Skip-Bo
[2009/11/06 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Symantec
[2009/12/31 02:40:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Template
[2009/08/27 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Toshiba
[2012/01/22 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\U3
[2011/09/04 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Visan
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\vlc
[2011/08/10 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Windows Live Writer
[2010/11/24 22:39:46 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/03/12 01:38:18 | 000,021,560 | -H-- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | -H-- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 01:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | -H-- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | -H-- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | -H-- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/12 01:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 12:52:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 12:52:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/21 12:52:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 12:52:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 12:52:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2011/04/21 12:52:46 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2011/04/21 12:52:46 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/20 21:34:35 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BF3D0EA3
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A5388B43

< End of report >

OTL Extras logfile created on: 4/30/2012 7:30:09 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 130.49 Gb Free Space | 58.20% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8E482A5C-63D2-487E-838D-082205EB01FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C079FEEC-52F4-4C6E-94F2-4B2C938E2F52}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CC028AC-0B58-4DCD-8EEF-6A23BB270B6E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{10433038-5196-4621-B1AD-D2734BA827E0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{10AFE80A-E8DB-473B-B1C7-D30E9A211BC9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1977215F-2573-41E4-ACB9-E14E02F25DB1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1B52C3F2-E133-4DE3-BD56-5F21FAD700FA}" = protocol=6 | dir=in | app=c:\users\cougar\appdata\roaming\dropbox\bin\dropbox.exe |
"{24A3E9C5-EC17-42AC-B880-961F5BE19921}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{25DF0817-9FE3-4810-95BE-2447A1820435}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{26FD51CE-0416-46F0-BB3C-A3F9391B3148}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{299AC577-C992-4D07-9FBD-A17A89C32A28}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2C26BD51-5B9E-4907-AD08-80CF4A5C9190}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{30F34643-7573-4760-BD6F-C5CC3612C7A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{31DAE6E4-CC0C-499D-80B5-D37EE027C0B1}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{4EFDDC38-5E33-4657-A572-64B4E58A2B29}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{505D0AB5-CD61-4933-8A34-4182DF6DE8B6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{549159AE-2624-437A-8162-CA4E3F8EDA87}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5786A079-286E-45FF-9316-7B420CBD88A2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5F454DE0-4F3F-4526-9B35-459ECF6B6F6F}" = protocol=17 | dir=in | app=c:\users\cougar\appdata\roaming\dropbox\bin\dropbox.exe |
"{6054539E-71B6-4C40-BC3C-9DCAB320EE8B}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{63CFAB56-E2BF-4B3E-9B37-07A6E302194C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{76C9FF82-1146-42BE-B52E-B4F90DA95F4B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{7E2E3141-7A56-4982-90ED-40976698E7B8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{85D19771-E1AA-4E3B-83ED-DBE42B09D4B2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{86F60163-0631-4F6E-A0E3-D52F5251AE35}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8C293F73-1599-4E3A-957D-0BEEC9590E24}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{93622F5A-A880-42EA-891E-9AB6031897AC}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{A341BB65-298D-4B2B-AE1A-233AE9841BB1}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{ADEC772F-AFE6-4436-93EC-5BF8BF42FD12}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B347DE1B-3009-4B1C-A13B-93C92742308D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B41051B2-D5BC-4970-82C0-20237577393A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{BD5358FE-3408-4DCD-B60A-2C20526DC82A}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{CB9C99DA-226F-4296-A58F-D70C4FAE3A21}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{DE1C0775-A593-4A34-8959-7F27B57D3B6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E835BD2D-B213-485B-A504-6D7C9C0B8DB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E917B7F7-069A-4FEC-9322-FE3D8435255B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{EE8AB93C-A6DB-4BCA-BFEE-DA51751FE77C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FB7D8A2D-B2BC-4C43-8E9B-3B36CCF8DA19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DA93E66-5FA8-44ED-9CCA-40773444C10D}" = HP Deskjet 3050 J610 series Basic Device Software
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74CD74F8-6A52-4EC6-8D1E-100D9D995582}" = e-Sword Bible Screen Saver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3561AD8-BDB2-467F-BB03-69B3890BEC36}" = DeLorme Street Atlas USA 2010 Plus
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol™
"BFG-Azada - In Libro Collector's Edition" = Azada: In Libro Collector's Edition
"BFG-Brain Training for Dummies" = Brain Training for Dummies
"BFGC" = Big Fish Games: Game Manager
"BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition" = Mystery Case Files®: Escape from Ravenhearst™ Collector's Edition
"BFG-Tradewinds Caravans" = Tradewinds Caravans
"BFG-Wild West Story - The Beginning" = Wild West Story: The Beginning
"Bilbo: The Four Corners of the World" = Bilbo: The Four Corners of the World (remove only)
"Brainiversity" = Brainiversity (remove only)
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cooking Academy 2" = Cooking Academy 2 (remove only)
"DivX Setup" = DivX Setup
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Huru Beach Party" = Huru Beach Party (remove only)
"I-Doser" = I-Doser Free
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"iWinArcade" = iWin Games (remove only)
"Jojo's Fashion Show: World Tour" = Jojo's Fashion Show: World Tour (remove only)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Morphyre" = Morphyre
"Music Frost Toolbar_is1" = Music Frost Toolbar
"My Tribe" = My Tribe (remove only)
"Neopets" = Neopets
"Neverwinter Nights™ Kingmaker" = BioWare Premium Module: Neverwinter Nights™ Kingmaker
"New LEGO Digital Designer" = LEGO Digital Designer
"Nightmare Adventures: The Witch's Prison" = Nightmare Adventures: The Witch's Prison (remove only)
"OpenAL" = OpenAL
"OurBabyMaker_27bar Uninstall" = OurBabymaker
"Picasa2" = Picasa 2
"Pony World Deluxe" = Pony World Deluxe (remove only)
"RealPlayer 15.0" = RealPlayer
"SKIP-BO Castaway Caper" = SKIP-BO Castaway Caper (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Take Command 2nd Manassas_is1" = Take Command 2nd Manassas
"Turtix" = Turtix (remove only)
"UnityWebPlayer" = Unity Web Player (All users)
"VLC media player" = VLC media player 1.0.1
"Westward" = Westward (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 6:03:41 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application YahooMessenger.exe, version 11.5.0.155, time
stamp 0x4f042dc8, faulting module ntdll.dll, version 6.0.6002.18541, time stamp
0x4ec3e3d5, exception code 0xc0000374, fault offset 0x000b06b7, process id 0xd20,
application start time 0x01cd271c80a81d5b.

Error - 4/30/2012 6:23:45 PM | Computer Name = Cougar-PC | Source = Application Error | ID = 1000
Description = Faulting application swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19,
faulting module swxcacls.3XE, version 1.0.1.1, time stamp 0x2a425e19, exception
code 0xc0000005, fault offset 0x00004b2a, process id 0xf90, application start time
0x01cd271d735f180b.

Error - 4/30/2012 6:24:05 PM | Computer Name = Cougar-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/30/2012 6:24:05 PM | Computer Name = Cougar-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 4/30/2012 6:24:05 PM | Computer Name = Cougar-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 4/30/2012 6:30:22 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2012 6:45:47 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2012 7:15:49 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2012 8:01:10 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 4/30/2012 8:26:26 PM | Computer Name = Cougar-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 30/04/2012 8:15:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: DfsC luafv

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Wmi service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Nabtsfec service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Tbhsd service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The NETw3v32 service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Lxcc_device service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Genregistrar service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The NMSCFG service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Omci service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Lvusbsta service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The AFGMp50 service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Cdr4_2k service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The K56 service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Hamachi service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The KR3NPXP service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/05/2012 12:53:06 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

#4
RKinner

Posted 30 April 2012 - 07:45 PM

Malware Expert

Expert
24,483 posts

I think she missed a step on the MalwareBytes:

When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

Also reboot and run TDSSKiller again and post its log. Want to make sure it was able to remove the TDSS that it found.

Run Combofix again too please and post its log.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \windows\logs\cbs

copy  cbs.log  cbs.old

del  cbs.log

sfc  /scannow

findstr  /c:"[SR]"  cbs.log  >  junk.txt

attach the file \windows\logs\cbs\junk.txt to your next reply.

#5
Sarous

Posted 30 April 2012 - 09:16 PM

Member

Topic Starter
Member
84 posts

Was a step ahead of you on MalwareBytes. CBS.log didn't want to delete because it was in use, so we used KillBox on it during reboot. Attempted deleting it a second time via command prompt and it both existed and was in use.

sfc refused to scan this time, system repair pending which requires reboot to complete and have to restart before running sfc. After shutting down and retrying, it gave the same excuse.

TDSSKiller Log
ComboFix Log
junk.txt (completely empty, thus omitted)

21:15:59.0543 5648 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:16:00.0202 5648 ============================================================
21:16:00.0202 5648 Current date / time: 2012/04/30 21:16:00.0202
21:16:00.0202 5648 SystemInfo:
21:16:00.0202 5648
21:16:00.0202 5648 OS Version: 6.0.6002 ServicePack: 2.0
21:16:00.0202 5648 Product type: Workstation
21:16:00.0202 5648 ComputerName: COUGAR-PC
21:16:00.0202 5648 UserName: Cougar
21:16:00.0202 5648 Windows directory: C:\Windows
21:16:00.0202 5648 System windows directory: C:\Windows
21:16:00.0202 5648 Processor architecture: Intel x86
21:16:00.0202 5648 Number of processors: 1
21:16:00.0202 5648 Page size: 0x1000
21:16:00.0202 5648 Boot type: Normal boot
21:16:00.0202 5648 ============================================================
21:16:00.0611 5648 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:16:00.0613 5648 ============================================================
21:16:00.0613 5648 \Device\Harddisk0\DR0:
21:16:00.0613 5648 MBR partitions:
21:16:00.0613 5648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C068800
21:16:00.0613 5648 ============================================================
21:16:00.0636 5648 C: <-> \Device\Harddisk0\DR0\Partition0
21:16:00.0636 5648 ============================================================
21:16:00.0636 5648 Initialize success
21:16:00.0636 5648 ============================================================
21:16:08.0775 4472 ============================================================
21:16:08.0775 4472 Scan started
21:16:08.0775 4472 Mode: Manual; SigCheck; TDLFS;
21:16:08.0775 4472 ============================================================
21:16:10.0434 4472 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:16:10.0522 4472 ACPI - ok
21:16:10.0616 4472 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:16:10.0624 4472 AdobeARMservice - ok
21:16:10.0714 4472 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:16:10.0726 4472 AdobeFlashPlayerUpdateSvc - ok
21:16:10.0833 4472 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:16:10.0853 4472 adp94xx - ok
21:16:10.0884 4472 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:16:10.0898 4472 adpahci - ok
21:16:10.0944 4472 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:16:10.0954 4472 adpu160m - ok
21:16:10.0972 4472 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:16:10.0983 4472 adpu320 - ok
21:16:11.0026 4472 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:16:11.0064 4472 AeLookupSvc - ok
21:16:11.0132 4472 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:16:11.0147 4472 AFD - ok
21:16:11.0229 4472 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
21:16:11.0339 4472 AgereSoftModem - ok
21:16:11.0396 4472 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:16:11.0406 4472 agp440 - ok
21:16:11.0426 4472 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:16:11.0437 4472 aic78xx - ok
21:16:11.0482 4472 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:16:11.0519 4472 ALG - ok
21:16:11.0548 4472 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:16:11.0558 4472 aliide - ok
21:16:11.0594 4472 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:16:11.0604 4472 amdagp - ok
21:16:11.0623 4472 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:16:11.0632 4472 amdide - ok
21:16:11.0661 4472 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:16:11.0709 4472 AmdK7 - ok
21:16:11.0742 4472 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:16:11.0766 4472 AmdK8 - ok
21:16:11.0816 4472 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:16:11.0858 4472 Appinfo - ok
21:16:11.0887 4472 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:16:11.0896 4472 arc - ok
21:16:11.0920 4472 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:16:11.0930 4472 arcsas - ok
21:16:12.0034 4472 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:16:12.0043 4472 aspnet_state - ok
21:16:12.0077 4472 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:16:12.0123 4472 AsyncMac - ok
21:16:12.0195 4472 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
21:16:12.0203 4472 atapi - ok
21:16:12.0260 4472 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
21:16:12.0286 4472 atksgt - ok
21:16:12.0340 4472 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:16:12.0373 4472 AudioEndpointBuilder - ok
21:16:12.0403 4472 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:16:12.0431 4472 Audiosrv - ok
21:16:12.0476 4472 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:16:12.0535 4472 Beep - ok
21:16:12.0631 4472 besclient - ok
21:16:12.0740 4472 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:16:12.0823 4472 BFE - ok
21:16:12.0971 4472 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:16:13.0051 4472 BITS - ok
21:16:13.0106 4472 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:16:13.0147 4472 blbdrive - ok
21:16:13.0191 4472 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:16:13.0307 4472 bowser - ok
21:16:13.0472 4472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:16:13.0514 4472 BrFiltLo - ok
21:16:13.0537 4472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:16:13.0590 4472 BrFiltUp - ok
21:16:13.0641 4472 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:16:13.0774 4472 Browser - ok
21:16:13.0864 4472 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:16:14.0165 4472 Brserid - ok
21:16:14.0256 4472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:16:14.0523 4472 BrSerWdm - ok
21:16:14.0596 4472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:16:14.0638 4472 BrUsbMdm - ok
21:16:14.0648 4472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:16:14.0735 4472 BrUsbSer - ok
21:16:14.0909 4472 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:16:14.0975 4472 BTHMODEM - ok
21:16:15.0117 4472 btwdins - ok
21:16:15.0272 4472 catchme - ok
21:16:15.0298 4472 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:16:15.0346 4472 cdfs - ok
21:16:15.0426 4472 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:16:15.0444 4472 cdrom - ok
21:16:15.0503 4472 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:16:15.0571 4472 CertPropSvc - ok
21:16:15.0606 4472 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:16:15.0663 4472 circlass - ok
21:16:15.0671 4472 citrixwmiservice - ok
21:16:15.0731 4472 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:16:15.0745 4472 CLFS - ok
21:16:15.0839 4472 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:16:15.0850 4472 clr_optimization_v2.0.50727_32 - ok
21:16:15.0910 4472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:16:15.0920 4472 clr_optimization_v4.0.30319_32 - ok
21:16:16.0201 4472 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:16:16.0278 4472 CmBatt - ok
21:16:16.0307 4472 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:16:16.0327 4472 cmdide - ok
21:16:16.0353 4472 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:16:16.0362 4472 Compbatt - ok
21:16:16.0383 4472 COMSysApp - ok
21:16:16.0494 4472 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:16:16.0746 4472 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
21:16:16.0747 4472 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
21:16:16.0817 4472 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:16:16.0827 4472 crcdisk - ok
21:16:16.0845 4472 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:16:16.0956 4472 Crusoe - ok
21:16:17.0010 4472 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
21:16:17.0057 4472 CryptSvc - ok
21:16:17.0126 4472 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:16:17.0182 4472 DcomLaunch - ok
21:16:17.0191 4472 DfsC - ok
21:16:17.0453 4472 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:16:17.0776 4472 DFSR - ok
21:16:17.0930 4472 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:16:18.0109 4472 Dhcp - ok
21:16:18.0234 4472 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:16:18.0244 4472 disk - ok
21:16:18.0434 4472 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:16:18.0473 4472 Dnscache - ok
21:16:18.0516 4472 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:16:18.0555 4472 dot3svc - ok
21:16:18.0912 4472 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:16:19.0090 4472 DPS - ok
21:16:19.0135 4472 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:16:19.0156 4472 drmkaud - ok
21:16:19.0224 4472 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:16:19.0247 4472 DXGKrnl - ok
21:16:19.0280 4472 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:16:19.0307 4472 E1G60 - ok
21:16:19.0366 4472 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:16:19.0393 4472 EapHost - ok
21:16:19.0429 4472 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:16:19.0440 4472 Ecache - ok
21:16:19.0495 4472 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:16:19.0512 4472 elxstor - ok
21:16:19.0600 4472 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:16:19.0678 4472 EMDMgmt - ok
21:16:19.0717 4472 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:16:19.0764 4472 ErrDev - ok
21:16:19.0882 4472 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:16:19.0939 4472 EventSystem - ok
21:16:19.0993 4472 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:16:20.0006 4472 exfat - ok
21:16:20.0129 4472 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:16:20.0149 4472 fastfat - ok
21:16:20.0331 4472 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:16:20.0374 4472 fdc - ok
21:16:20.0410 4472 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:16:20.0436 4472 fdPHost - ok
21:16:20.0448 4472 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:16:20.0939 4472 FDResPub - ok
21:16:21.0142 4472 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:16:21.0153 4472 FileInfo - ok
21:16:21.0190 4472 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:16:21.0239 4472 Filetrace - ok
21:16:21.0280 4472 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:16:21.0315 4472 flpydisk - ok
21:16:21.0350 4472 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:16:21.0362 4472 FltMgr - ok
21:16:21.0446 4472 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:16:21.0552 4472 FontCache - ok
21:16:21.0706 4472 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:16:21.0715 4472 FontCache3.0.0.0 - ok
21:16:21.0754 4472 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:16:21.0795 4472 Fs_Rec - ok
21:16:21.0839 4472 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
21:16:21.0962 4472 FwLnk - ok
21:16:22.0052 4472 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:16:22.0062 4472 gagp30kx - ok
21:16:22.0213 4472 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:16:22.0316 4472 GoogleDesktopManager-051210-111108 - ok
21:16:22.0397 4472 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:16:22.0462 4472 gpsvc - ok
21:16:22.0693 4472 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:22.0701 4472 gupdate - ok
21:16:22.0727 4472 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:16:22.0734 4472 gupdatem - ok
21:16:22.0900 4472 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:16:22.0926 4472 gusvc - ok
21:16:22.0938 4472 hcf_msft - ok
21:16:23.0071 4472 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:16:23.0164 4472 HdAudAddService - ok
21:16:23.0585 4472 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:16:23.0649 4472 HDAudBus - ok
21:16:23.0746 4472 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:16:23.0812 4472 HidBth - ok
21:16:23.0861 4472 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:16:23.0934 4472 HidIr - ok
21:16:23.0964 4472 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:16:24.0026 4472 hidserv - ok
21:16:24.0062 4472 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:16:24.0080 4472 HidUsb - ok
21:16:24.0117 4472 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:16:24.0161 4472 hkmsvc - ok
21:16:24.0223 4472 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:16:24.0233 4472 HpCISSs - ok
21:16:24.0637 4472 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:16:24.0737 4472 HTTP - ok
21:16:24.0801 4472 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:16:24.0810 4472 i2omp - ok
21:16:25.0060 4472 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:16:25.0079 4472 i8042prt - ok
21:16:25.0363 4472 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:16:25.0378 4472 IAANTMON - ok
21:16:25.0505 4472 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
21:16:25.0534 4472 iaStor - ok
21:16:25.0598 4472 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:16:25.0612 4472 iaStorV - ok
21:16:25.0822 4472 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:16:25.0845 4472 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:16:25.0845 4472 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:16:26.0011 4472 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:16:26.0052 4472 idsvc - ok
21:16:26.0243 4472 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:16:26.0672 4472 igfx - ok
21:16:26.0808 4472 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:16:26.0818 4472 iirsp - ok
21:16:26.0862 4472 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:16:26.0919 4472 IKEEXT - ok
21:16:27.0190 4472 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
21:16:27.0358 4472 IntcAzAudAddService - ok
21:16:27.0540 4472 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:16:27.0549 4472 intelide - ok
21:16:27.0604 4472 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:16:27.0650 4472 intelppm - ok
21:16:27.0705 4472 IO_Memory - ok
21:16:27.0743 4472 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:16:27.0788 4472 IPBusEnum - ok
21:16:27.0815 4472 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:16:27.0863 4472 IpFilterDriver - ok
21:16:27.0915 4472 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
21:16:27.0952 4472 iphlpsvc - ok
21:16:27.0961 4472 IpInIp - ok
21:16:28.0013 4472 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:16:28.0067 4472 IPMIDRV - ok
21:16:28.0105 4472 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:16:28.0152 4472 IPNAT - ok
21:16:28.0185 4472 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:16:28.0207 4472 IRENUM - ok
21:16:28.0242 4472 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:16:28.0251 4472 isapnp - ok
21:16:28.0380 4472 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:16:28.0394 4472 iScsiPrt - ok
21:16:28.0427 4472 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:16:28.0435 4472 iteatapi - ok
21:16:28.0453 4472 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:16:28.0462 4472 iteraid - ok
21:16:28.0563 4472 iWinTrusted (fe1a970e7ce330bb844e333c374c6599) C:\Program Files\iWin Games\iWinTrusted.exe
21:16:28.0573 4472 iWinTrusted - ok
21:16:28.0610 4472 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:16:28.0630 4472 kbdclass - ok
21:16:28.0668 4472 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:16:28.0709 4472 kbdhid - ok
21:16:28.0774 4472 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:28.0810 4472 KeyIso - ok
21:16:28.0850 4472 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
21:16:28.0906 4472 KR10I - ok
21:16:28.0944 4472 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
21:16:28.0984 4472 KR10N - ok
21:16:29.0054 4472 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:16:29.0077 4472 KSecDD - ok
21:16:29.0432 4472 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:16:29.0484 4472 KtmRm - ok
21:16:29.0553 4472 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:16:29.0602 4472 LanmanServer - ok
21:16:29.0655 4472 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:16:29.0696 4472 LanmanWorkstation - ok
21:16:29.0746 4472 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
21:16:29.0755 4472 lirsgt - ok
21:16:29.0788 4472 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:16:29.0823 4472 lltdio - ok
21:16:29.0856 4472 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:16:29.0902 4472 lltdsvc - ok
21:16:29.0932 4472 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:16:30.0003 4472 lmhosts - ok
21:16:30.0050 4472 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:16:30.0060 4472 LSI_FC - ok
21:16:30.0081 4472 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:16:30.0093 4472 LSI_SAS - ok
21:16:30.0116 4472 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:16:30.0126 4472 LSI_SCSI - ok
21:16:30.0174 4472 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:16:30.0216 4472 luafv - ok
21:16:30.0275 4472 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:16:30.0282 4472 LVPr2Mon - ok
21:16:30.0371 4472 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
21:16:30.0384 4472 LVRS - ok
21:16:30.0590 4472 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
21:16:30.0754 4472 LVUVC - ok
21:16:30.0906 4472 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:16:30.0915 4472 megasas - ok
21:16:30.0949 4472 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:16:30.0968 4472 MegaSR - ok
21:16:31.0008 4472 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:31.0044 4472 MMCSS - ok
21:16:31.0063 4472 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:16:31.0109 4472 Modem - ok
21:16:31.0152 4472 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:16:31.0181 4472 monitor - ok
21:16:31.0210 4472 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:16:31.0219 4472 mouclass - ok
21:16:31.0241 4472 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:16:31.0264 4472 mouhid - ok
21:16:31.0327 4472 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:16:31.0355 4472 MountMgr - ok
21:16:31.0540 4472 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:16:31.0551 4472 mpio - ok
21:16:31.0580 4472 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:16:31.0625 4472 mpsdrv - ok
21:16:31.0695 4472 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:16:31.0755 4472 MpsSvc - ok
21:16:31.0813 4472 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:16:31.0822 4472 Mraid35x - ok
21:16:31.0874 4472 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:16:31.0901 4472 MRxDAV - ok
21:16:31.0945 4472 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:16:31.0982 4472 mrxsmb - ok
21:16:32.0013 4472 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:16:32.0045 4472 mrxsmb10 - ok
21:16:32.0079 4472 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:16:32.0122 4472 mrxsmb20 - ok
21:16:32.0180 4472 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:16:32.0188 4472 msahci - ok
21:16:32.0219 4472 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:16:32.0229 4472 msdsm - ok
21:16:32.0284 4472 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:16:32.0310 4472 MSDTC - ok
21:16:32.0362 4472 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:16:32.0408 4472 Msfs - ok
21:16:32.0460 4472 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:16:32.0489 4472 msisadrv - ok
21:16:32.0560 4472 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:16:32.0611 4472 MSiSCSI - ok
21:16:32.0679 4472 msiserver - ok
21:16:32.0729 4472 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:16:32.0775 4472 MSKSSRV - ok
21:16:32.0828 4472 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:16:32.0878 4472 MSPCLOCK - ok
21:16:32.0906 4472 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:16:32.0955 4472 MSPQM - ok
21:16:32.0992 4472 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:16:33.0006 4472 MsRPC - ok
21:16:33.0335 4472 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:16:33.0346 4472 mssmbios - ok
21:16:33.0422 4472 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:16:33.0454 4472 MSTEE - ok
21:16:33.0533 4472 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:16:33.0548 4472 Mup - ok
21:16:33.0558 4472 nalntservice - ok
21:16:33.0623 4472 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:16:33.0671 4472 napagent - ok
21:16:33.0717 4472 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:16:33.0749 4472 NativeWifiP - ok
21:16:33.0821 4472 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:16:33.0849 4472 NDIS - ok
21:16:33.0885 4472 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:16:33.0924 4472 NdisTapi - ok
21:16:33.0959 4472 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:16:33.0982 4472 Ndisuio - ok
21:16:34.0028 4472 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:16:34.0046 4472 NdisWan - ok
21:16:34.0086 4472 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:16:34.0131 4472 NDProxy - ok
21:16:34.0197 4472 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:16:34.0235 4472 NetBIOS - ok
21:16:34.0303 4472 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:16:34.0324 4472 netbt - ok
21:16:34.0362 4472 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:34.0373 4472 Netlogon - ok
21:16:34.0441 4472 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:16:34.0513 4472 Netman - ok
21:16:34.0613 4472 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:34.0623 4472 NetMsmqActivator - ok
21:16:34.0634 4472 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:34.0644 4472 NetPipeActivator - ok
21:16:35.0093 4472 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:16:35.0273 4472 netprofm - ok
21:16:35.0284 4472 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:35.0293 4472 NetTcpActivator - ok
21:16:35.0304 4472 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:16:35.0448 4472 NetTcpPortSharing - ok
21:16:35.0613 4472 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:16:35.0622 4472 nfrd960 - ok
21:16:35.0664 4472 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:16:35.0722 4472 NlaSvc - ok
21:16:35.0771 4472 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:16:35.0812 4472 Npfs - ok
21:16:35.0858 4472 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:16:35.0885 4472 nsi - ok
21:16:35.0917 4472 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:16:35.0943 4472 nsiproxy - ok
21:16:35.0953 4472 ntcharge - ok
21:16:36.0020 4472 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:16:36.0108 4472 Ntfs - ok
21:16:36.0173 4472 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:16:36.0240 4472 ntrigdigi - ok
21:16:36.0304 4472 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:16:36.0347 4472 Null - ok
21:16:36.0397 4472 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:16:36.0408 4472 nvraid - ok
21:16:36.0429 4472 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:16:36.0438 4472 nvstor - ok
21:16:36.0471 4472 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:16:36.0482 4472 nv_agp - ok
21:16:36.0492 4472 NwlnkFlt - ok
21:16:36.0501 4472 NwlnkFwd - ok
21:16:36.0635 4472 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:16:36.0652 4472 odserv - ok
21:16:36.0675 4472 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:16:36.0739 4472 ohci1394 - ok
21:16:36.0793 4472 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:16:36.0806 4472 ose - ok
21:16:36.0817 4472 ozoneinstallerservice - ok
21:16:36.0899 4472 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:36.0965 4472 p2pimsvc - ok
21:16:36.0982 4472 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:37.0032 4472 p2psvc - ok
21:16:37.0105 4472 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:16:37.0161 4472 Parport - ok
21:16:37.0207 4472 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:16:37.0218 4472 partmgr - ok
21:16:37.0249 4472 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:16:37.0292 4472 Parvdm - ok
21:16:37.0342 4472 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:16:37.0415 4472 PcaSvc - ok
21:16:37.0452 4472 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:16:37.0464 4472 pci - ok
21:16:37.0513 4472 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
21:16:37.0521 4472 pciide - ok
21:16:37.0555 4472 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:16:37.0566 4472 pcmcia - ok
21:16:37.0649 4472 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:16:37.0756 4472 PEAUTH - ok
21:16:37.0874 4472 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:16:37.0976 4472 pla - ok
21:16:38.0103 4472 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:16:38.0154 4472 PlugPlay - ok
21:16:38.0214 4472 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:38.0236 4472 PNRPAutoReg - ok
21:16:38.0248 4472 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:16:38.0271 4472 PNRPsvc - ok
21:16:38.0359 4472 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:16:38.0398 4472 PolicyAgent - ok
21:16:38.0462 4472 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:16:38.0515 4472 PptpMiniport - ok
21:16:38.0525 4472 prevxagent - ok
21:16:38.0557 4472 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:16:38.0580 4472 Processor - ok
21:16:38.0610 4472 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:16:38.0641 4472 ProfSvc - ok
21:16:38.0706 4472 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:38.0718 4472 ProtectedStorage - ok
21:16:38.0759 4472 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:16:38.0776 4472 PSched - ok
21:16:38.0805 4472 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:16:38.0812 4472 PxHelp20 - ok
21:16:38.0931 4472 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:16:38.0975 4472 ql2300 - ok
21:16:39.0046 4472 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:16:39.0056 4472 ql40xx - ok
21:16:39.0116 4472 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:16:39.0151 4472 QWAVE - ok
21:16:39.0184 4472 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:16:39.0217 4472 QWAVEdrv - ok
21:16:39.0234 4472 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:16:39.0257 4472 RasAcd - ok
21:16:39.0298 4472 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:16:39.0352 4472 RasAuto - ok
21:16:39.0410 4472 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:16:39.0451 4472 Rasl2tp - ok
21:16:39.0500 4472 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:16:39.0558 4472 RasMan - ok
21:16:39.0594 4472 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:16:39.0612 4472 RasPppoe - ok
21:16:39.0637 4472 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:16:39.0648 4472 RasSstp - ok
21:16:39.0705 4472 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:16:39.0729 4472 rdbss - ok
21:16:39.0756 4472 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:16:39.0792 4472 RDPCDD - ok
21:16:39.0823 4472 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:16:39.0849 4472 rdpdr - ok
21:16:39.0860 4472 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:16:39.0883 4472 RDPENCDD - ok
21:16:39.0921 4472 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:16:39.0954 4472 RDPWD - ok
21:16:40.0014 4472 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:16:40.0038 4472 RemoteAccess - ok
21:16:40.0065 4472 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:16:40.0100 4472 RemoteRegistry - ok
21:16:40.0129 4472 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:16:40.0182 4472 RpcLocator - ok
21:16:40.0237 4472 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:16:40.0264 4472 RpcSs - ok
21:16:40.0293 4472 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:16:40.0345 4472 rspndr - ok
21:16:40.0436 4472 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:16:40.0448 4472 RTL8169 - ok
21:16:40.0541 4472 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
21:16:40.0612 4472 RTL8187B - ok
21:16:40.0659 4472 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
21:16:40.0666 4472 RtlProt - ok
21:16:40.0716 4472 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
21:16:40.0775 4472 RTSTOR - ok
21:16:40.0829 4472 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:16:40.0841 4472 SamSs - ok
21:16:40.0906 4472 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:16:40.0915 4472 sbp2port - ok
21:16:40.0962 4472 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:16:40.0982 4472 SCardSvr - ok
21:16:41.0049 4472 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:16:41.0085 4472 Schedule - ok
21:16:41.0115 4472 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:16:41.0133 4472 SCPolicySvc - ok
21:16:41.0164 4472 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:16:41.0230 4472 SDRSVC - ok
21:16:41.0259 4472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:16:41.0316 4472 secdrv - ok
21:16:41.0352 4472 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:16:41.0376 4472 seclogon - ok
21:16:41.0415 4472 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:16:41.0465 4472 SENS - ok
21:16:41.0474 4472 sentinel - ok
21:16:41.0502 4472 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:16:41.0561 4472 Serenum - ok
21:16:41.0610 4472 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:16:41.0664 4472 Serial - ok
21:16:41.0695 4472 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:16:41.0718 4472 sermouse - ok
21:16:41.0771 4472 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:16:41.0810 4472 SessionEnv - ok
21:16:41.0845 4472 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:16:41.0882 4472 sffdisk - ok
21:16:41.0908 4472 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:16:41.0958 4472 sffp_mmc - ok
21:16:42.0004 4472 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:16:42.0027 4472 sffp_sd - ok
21:16:42.0052 4472 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:16:42.0093 4472 sfloppy - ok
21:16:42.0151 4472 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:16:42.0203 4472 SharedAccess - ok
21:16:42.0266 4472 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:16:42.0319 4472 ShellHWDetection - ok
21:16:42.0349 4472 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:16:42.0358 4472 sisagp - ok
21:16:42.0398 4472 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:16:42.0406 4472 SiSRaid2 - ok
21:16:42.0428 4472 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:16:42.0438 4472 SiSRaid4 - ok
21:16:42.0602 4472 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:16:42.0677 4472 slsvc - ok
21:16:42.0813 4472 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:16:42.0856 4472 SLUINotify - ok
21:16:43.0003 4472 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:16:43.0021 4472 Smb - ok
21:16:43.0055 4472 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:16:43.0092 4472 SNMPTRAP - ok
21:16:43.0146 4472 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:16:43.0157 4472 spldr - ok
21:16:43.0195 4472 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:16:43.0229 4472 Spooler - ok
21:16:43.0240 4472 sqlagent$sony_mediamgr - ok
21:16:43.0278 4472 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:16:43.0345 4472 srv - ok
21:16:43.0388 4472 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:16:43.0424 4472 srv2 - ok
21:16:43.0434 4472 SrvcEKIOMngr - ok
21:16:43.0472 4472 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:16:43.0483 4472 srvnet - ok
21:16:43.0513 4472 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:16:43.0539 4472 SSDPSRV - ok
21:16:43.0569 4472 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:16:43.0601 4472 SstpSvc - ok
21:16:43.0656 4472 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:16:43.0723 4472 stisvc - ok
21:16:43.0794 4472 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
21:16:43.0798 4472 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
21:16:43.0798 4472 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
21:16:43.0858 4472 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:16:43.0866 4472 swenum - ok
21:16:43.0906 4472 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:16:43.0930 4472 swprv - ok
21:16:43.0966 4472 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:16:43.0976 4472 Symc8xx - ok
21:16:44.0009 4472 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:16:44.0017 4472 Sym_hi - ok
21:16:44.0040 4472 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:16:44.0048 4472 Sym_u3 - ok
21:16:44.0242 4472 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
21:16:44.0253 4472 SynTP - ok
21:16:44.0299 4472 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:16:44.0341 4472 SysMain - ok
21:16:44.0386 4472 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:16:44.0417 4472 TabletInputService - ok
21:16:44.0462 4472 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:16:44.0484 4472 TapiSrv - ok
21:16:44.0514 4472 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:16:44.0539 4472 TBS - ok
21:16:44.0600 4472 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:16:44.0628 4472 Tcpip - ok
21:16:44.0645 4472 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:16:44.0673 4472 Tcpip6 - ok
21:16:44.0713 4472 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:16:44.0761 4472 tcpipreg - ok
21:16:44.0807 4472 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:16:44.0814 4472 tdcmdpst - ok
21:16:44.0863 4472 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:16:44.0894 4472 TDPIPE - ok
21:16:44.0919 4472 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:16:44.0942 4472 TDTCP - ok
21:16:44.0991 4472 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:16:45.0011 4472 tdx - ok
21:16:45.0035 4472 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:16:45.0045 4472 TermDD - ok
21:16:45.0092 4472 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:16:45.0155 4472 TermService - ok
21:16:45.0228 4472 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:16:45.0244 4472 Themes - ok
21:16:45.0275 4472 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:16:45.0302 4472 THREADORDER - ok
21:16:45.0371 4472 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:16:45.0378 4472 TMachInfo - ok
21:16:45.0442 4472 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
21:16:45.0450 4472 TNaviSrv - ok
21:16:45.0495 4472 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
21:16:45.0505 4472 TODDSrv - ok
21:16:45.0565 4472 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
21:16:45.0581 4472 TosCoSrv - ok
21:16:45.0637 4472 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
21:16:45.0741 4472 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
21:16:45.0741 4472 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
21:16:45.0823 4472 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:16:45.0835 4472 tos_sps32 - ok
21:16:45.0871 4472 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:16:45.0896 4472 TrkWks - ok
21:16:45.0957 4472 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:16:45.0995 4472 TrustedInstaller - ok
21:16:46.0051 4472 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:16:46.0073 4472 tssecsrv - ok
21:16:46.0117 4472 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:16:46.0169 4472 tunmp - ok
21:16:46.0255 4472 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
21:16:46.0290 4472 tunnel - ok
21:16:46.0346 4472 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:16:46.0360 4472 TVALZ - ok
21:16:46.0403 4472 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:16:46.0412 4472 uagp35 - ok
21:16:46.0461 4472 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:16:46.0496 4472 udfs - ok
21:16:46.0542 4472 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:16:46.0593 4472 UI0Detect - ok
21:16:46.0765 4472 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
21:16:46.0795 4472 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
21:16:46.0795 4472 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
21:16:46.0839 4472 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:16:46.0848 4472 uliagpkx - ok
21:16:46.0879 4472 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:16:46.0892 4472 uliahci - ok
21:16:46.0919 4472 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:16:46.0930 4472 UlSata - ok
21:16:46.0972 4472 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:16:46.0982 4472 ulsata2 - ok
21:16:47.0007 4472 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:16:47.0031 4472 umbus - ok
21:16:47.0073 4472 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:16:47.0233 4472 upnphost - ok
21:16:47.0372 4472 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:16:47.0391 4472 usbaudio - ok
21:16:47.0426 4472 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:16:47.0444 4472 usbccgp - ok
21:16:47.0471 4472 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:16:47.0585 4472 usbcir - ok
21:16:47.0651 4472 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:16:47.0668 4472 usbehci - ok
21:16:47.0695 4472 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:16:47.0738 4472 usbhub - ok
21:16:47.0779 4472 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:16:47.0821 4472 usbohci - ok
21:16:47.0856 4472 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:16:47.0882 4472 usbprint - ok
21:16:47.0923 4472 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:16:47.0947 4472 usbscan - ok
21:16:47.0979 4472 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:16:47.0998 4472 USBSTOR - ok
21:16:48.0028 4472 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:16:48.0049 4472 usbuhci - ok
21:16:48.0088 4472 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:16:48.0113 4472 usbvideo - ok
21:16:48.0145 4472 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:16:48.0190 4472 UxSms - ok
21:16:48.0246 4472 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:16:48.0304 4472 vds - ok
21:16:48.0361 4472 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:16:48.0511 4472 vga - ok
21:16:48.0624 4472 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:16:48.0663 4472 VgaSave - ok
21:16:48.0689 4472 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:16:48.0698 4472 viaagp - ok
21:16:48.0927 4472 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:16:48.0958 4472 ViaC7 - ok
21:16:48.0974 4472 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:16:48.0983 4472 viaide - ok
21:16:49.0027 4472 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:16:49.0037 4472 volmgr - ok
21:16:49.0218 4472 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:16:49.0231 4472 volmgrx - ok
21:16:49.0260 4472 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:16:49.0275 4472 volsnap - ok
21:16:49.0319 4472 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:16:49.0331 4472 vsmraid - ok
21:16:49.0584 4472 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:16:49.0674 4472 VSS - ok
21:16:49.0713 4472 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:16:49.0755 4472 W32Time - ok
21:16:49.0827 4472 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:16:49.0867 4472 WacomPen - ok
21:16:49.0889 4472 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:49.0907 4472 Wanarp - ok
21:16:49.0915 4472 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:49.0933 4472 Wanarpv6 - ok
21:16:49.0942 4472 wceusbsh - ok
21:16:49.0989 4472 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:16:50.0027 4472 wcncsvc - ok
21:16:50.0073 4472 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:16:50.0099 4472 WcsPlugInService - ok
21:16:50.0138 4472 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:16:50.0148 4472 Wd - ok
21:16:50.0191 4472 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:16:50.0210 4472 Wdf01000 - ok
21:16:50.0229 4472 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:16:50.0284 4472 WdiServiceHost - ok
21:16:50.0297 4472 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:16:50.0482 4472 WdiSystemHost - ok
21:16:50.0597 4472 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:16:50.0620 4472 WebClient - ok
21:16:50.0656 4472 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:16:50.0711 4472 Wecsvc - ok
21:16:50.0749 4472 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:16:50.0801 4472 wercplsupport - ok
21:16:50.0854 4472 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:16:50.0874 4472 WerSvc - ok
21:16:50.0952 4472 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:16:50.0967 4472 WinDefend - ok
21:16:50.0984 4472 WinHttpAutoProxySvc - ok
21:16:51.0046 4472 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:16:51.0069 4472 Winmgmt - ok
21:16:51.0138 4472 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:16:51.0211 4472 WinRM - ok
21:16:51.0236 4472 wintrust - ok
21:16:51.0293 4472 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:16:51.0340 4472 Wlansvc - ok
21:16:51.0493 4472 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:16:51.0777 4472 wlidsvc - ok
21:16:52.0102 4472 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
21:16:52.0119 4472 WmiAcpi - ok
21:16:52.0194 4472 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:16:52.0237 4472 wmiApSrv - ok
21:16:52.0414 4472 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:16:52.0490 4472 WMPNetworkSvc - ok
21:16:52.0537 4472 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:16:52.0559 4472 WPCSvc - ok
21:16:52.0586 4472 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:16:52.0643 4472 WPDBusEnum - ok
21:16:52.0755 4472 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:16:52.0781 4472 WPFFontCache_v0400 - ok
21:16:52.0850 4472 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:16:52.0878 4472 ws2ifsl - ok
21:16:52.0933 4472 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:16:52.0947 4472 wscsvc - ok
21:16:52.0956 4472 WSearch - ok
21:16:53.0074 4472 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:16:53.0136 4472 wuauserv - ok
21:16:53.0285 4472 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:16:53.0311 4472 WUDFRd - ok
21:16:53.0347 4472 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:16:53.0400 4472 wudfsvc - ok
21:16:53.0410 4472 x10nets - ok
21:16:53.0624 4472 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:16:53.0724 4472 YahooAUService - ok
21:16:53.0781 4472 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:16:54.0607 4472 \Device\Harddisk0\DR0 - ok
21:16:54.0646 4472 Boot (0x1200) (c3c65c0fad08c0d22efc271ed8eff177) \Device\Harddisk0\DR0\Partition0
21:16:54.0647 4472 \Device\Harddisk0\DR0\Partition0 - ok
21:16:54.0650 4472 ============================================================
21:16:54.0650 4472 Scan finished
21:16:54.0650 4472 ============================================================
21:16:54.0664 4124 Detected object count: 5
21:16:54.0664 4124 Actual detected object count: 5
21:17:04.0556 4124 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:04.0556 4124 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:04.0556 4124 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:04.0556 4124 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:04.0556 4124 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:04.0556 4124 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:04.0557 4124 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:04.0557 4124 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:04.0557 4124 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
21:17:04.0557 4124 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:17:32.0526 5644 Deinitialize success

ComboFix 12-04-31.03 - Cougar 30/04/2012 21:23:03.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1835 [GMT -5:00]
Running from: c:\users\Cougar\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 02:31 . 2012-05-01 02:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-01 02:31 . 2012-05-01 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 01:53 . 2012-05-01 02:09 -------- d-----w- c:\users\Cougar\AppData\Roaming\Yahoo!
2012-05-01 01:53 . 2012-05-01 01:53 -------- d-----w- c:\programdata\Yahoo! Companion
2012-05-01 00:07 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 23:21 . 2012-04-30 23:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 23:12 . 2012-04-30 23:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-30 22:49 . 2012-05-01 02:31 -------- d-----w- c:\users\Cougar\AppData\Local\temp
2012-04-30 03:21 . 2012-05-01 00:23 -------- d-----w- c:\programdata\529C50D8000435DB0020086B570F1C8B
2012-04-25 08:26 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-25 08:26 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-25 08:26 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-25 08:26 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-25 08:26 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-25 08:25 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-25 08:25 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-24 21:22 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-24 21:21 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-24 21:18 . 2012-03-01 11:01 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 23:21 . 2011-05-21 01:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 23:13 . 2010-11-28 21:57 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-20 23:04 . 2012-02-20 23:04 130048 ----a-w- c:\programdata\Microsoft\Windows\DRM\FBFC.tmp
2012-02-12 03:53 . 2012-02-12 03:53 776320 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edd4f682-e67a-4175-bb45-c4066da2f7d9}"= "c:\program files\OurBabyMaker_27\bar\1.bin\27SrcAs.dll" [2012-01-15 62864]
.
[HKEY_CLASSES_ROOT\clsid\{edd4f682-e67a-4175-bb45-c4066da2f7d9}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-25 30192]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-09 296056]
.
c:\users\Cougar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cougar\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33149071
*Deregistered* - 33149071
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sqlagent$sony_mediamgr
citrixwmiservice
SrvcEKIOMngr
prevxagent
wceusbsh
NWFILTER
nalntservice
hcf_msft
automate6
wintrust
Slntamr
btwdins
avpnnic
suservice
zfdwm
G400DH
sentinel
ntcharge
x10nets
besclient
ozoneinstallerservice
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 23:21]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-38339169.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-30 21:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5340)
c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-04-30 21:33:05
ComboFix-quarantined-files.txt 2012-05-01 02:33
.
Pre-Run: 139,046,879,232 bytes free
Post-Run: 139,064,365,056 bytes free
.
- - End Of File - - 144B97AB86706ED4595A79E8EDE86D0F

#6
RKinner

Posted 01 May 2012 - 12:13 AM

Malware Expert

Expert
24,483 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, restart.

The disk check will run and will probably take an hour or more to finish.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
sqlagent$sony_mediamgr
citrixwmiservice
SrvcEKIOMngr
prevxagent
wceusbsh
nalntservice
hcf_msft
wintrust
sentinel
ntcharge
x10nets
besclient
ozoneinstallerservice
automate6
Slntamr
btwdins
avpnnic
suservice
zfdwm
G400DH
33149071

NetSvc::
sqlagent$sony_mediamgr
citrixwmiservice
SrvcEKIOMngr
prevxagent
wceusbsh
nalntservice
hcf_msft
wintrust
sentinel
ntcharge
x10nets
besclient
ozoneinstallerservice
automate6
Slntamr

MIA::
C:\Windows\System32\Drivers\dfsc.sys
C:\Windows\System32\drivers\luafv.sys

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{edd4f682-e67a-4175-bb45-c4066da2f7d9}"=-
[-HKEY_CLASSES_ROOT\clsid\{edd4f682-e67a-4175-bb45-c4066da2f7d9}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Are you still getting redirected?

Ron

#7
Sarous

Posted 03 May 2012 - 10:56 PM

Member

Topic Starter
Member
84 posts

Does not appear to be redirecting the browser anymore, but havn't tested a whole lot yet.

ComboFix 12-04-31.03 - Cougar 03/05/2012 23:20:08.3.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1910 [GMT -5:00]
Running from: c:\users\Cougar\Desktop\ComboFix.exe
Command switches used :: c:\users\Cougar\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\Drivers\dfsc.sys was missing
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_33149071
-------\Service_besclient
-------\Service_btwdins
-------\Service_citrixwmiservice
-------\Service_hcf_msft
-------\Service_nalntservice
-------\Service_ntcharge
-------\Service_ozoneinstallerservice
-------\Service_prevxagent
-------\Service_sentinel
-------\Service_sqlagent$sony_mediamgr
-------\Service_SrvcEKIOMngr
-------\Service_wceusbsh
-------\Service_wintrust
-------\Service_x10nets
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 04:29 . 2012-05-04 04:33 -------- d-----w- c:\users\Cougar\AppData\Local\temp
2012-05-04 04:29 . 2012-05-04 04:29 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-04 04:29 . 2012-05-04 04:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 04:29 . 2011-04-14 14:36 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-05-04 03:21 . 2012-05-04 03:21 -------- d-----w- c:\users\Cougar\AppData\Roaming\AVG2012
2012-05-04 03:20 . 2012-05-04 03:20 -------- d-----w- c:\users\Cougar\AppData\Local\AVG Secure Search
2012-05-04 03:19 . 2012-05-04 03:20 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-04 03:19 . 2012-05-04 03:19 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-04 03:19 . 2012-05-04 03:19 -------- d-----w- c:\program files\AVG Secure Search
2012-05-04 03:16 . 2012-05-04 03:16 -------- d-----w- C:\$AVG
2012-05-01 06:06 . 2012-05-01 06:06 -------- d-----w- c:\program files\uTorrent
2012-05-01 06:04 . 2012-05-04 02:27 -------- d-----w- c:\users\Cougar\AppData\Roaming\uTorrent
2012-05-01 02:48 . 2012-05-01 02:53 -------- d-----w- C:\!KillBox
2012-05-01 01:53 . 2012-05-01 02:09 -------- d-----w- c:\users\Cougar\AppData\Roaming\Yahoo!
2012-05-01 01:53 . 2012-05-01 01:53 -------- d-----w- c:\programdata\Yahoo! Companion
2012-05-01 00:07 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 23:21 . 2012-04-30 23:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-30 23:12 . 2012-04-30 23:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-30 03:21 . 2012-05-01 00:23 -------- d-----w- c:\programdata\529C50D8000435DB0020086B570F1C8B
2012-04-25 08:26 . 2012-02-28 01:58 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-25 08:26 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-25 08:26 . 2012-02-28 01:18 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-25 08:26 . 2012-02-28 01:08 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-04-25 08:26 . 2012-02-28 01:11 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-25 08:25 . 2012-02-28 01:13 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-25 08:25 . 2012-02-28 01:11 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-24 21:22 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-24 21:21 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-04-24 21:18 . 2012-03-01 11:01 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-30 23:21 . 2011-05-21 01:10 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-30 23:13 . 2010-11-28 21:57 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-03-19 10:17 . 2012-03-19 10:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 10:25 . 2012-02-22 10:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-20 23:04 . 2012-02-20 23:04 130048 ----a-w- c:\programdata\Microsoft\Windows\DRM\FBFC.tmp
2012-02-12 03:53 . 2012-02-12 03:53 776320 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-04 03:19 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-04 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-09 296056]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-04 1116544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWFILTER
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 23:21]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1640)
c:\users\Cougar\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\iWin Games\iWinTrusted.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\AVG\AVG2012\avgidsagent.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-05-03 23:39:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 04:39
ComboFix2.txt 2012-05-01 02:33
.
Pre-Run: 138,403,086,336 bytes free
Post-Run: 138,140,786,688 bytes free
.
- - End Of File - - 255F116129C78705D72EC15457CF07A2

#8
RKinner

Posted 04 May 2012 - 12:03 AM

Malware Expert

Expert
24,483 posts

I'm a little worried by all of the things that didn't want to run:

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: DfsC luafv

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Wmi service terminated with the following error: The specified module could not be found. "Windows Management Instrumentation"

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Nabtsfec service terminated with the following error: The specified module could not be found. WDM NABTS/FEC VBI Codec

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Tbhsd service terminated with the following error: The specified module could not be found. Tunebite High-Speed Dubbing

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The NETw3v32 service terminated with the following error: The specified module could not be found. Intel® Wireless LAN Driver

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Lxcc_device service terminated with the following error: The specified module could not be found. Lexmark printer driver service

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Genregistrar service terminated with the following error: The specified module could not be found. GENESIS32 or GenBroker

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The NMSCFG service terminated with the following error: The specified module could not be found. Intel® NIC Management Service Configuration Driver

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Omci service terminated with the following error: The specified module could not be found. Dell OpenManage Client Instrumentation

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Lvusbsta service terminated with the following error: The specified module could not be found. Logitech QuickCam

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The AFGMp50 service terminated with the following error: The specified module could not be found. AFGMp50 NDIS Protocol Driver

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Cdr4_2k service terminated with the following error: The specified module could not be found. CDR Helper - Adaptec's CD-R Helper Drivers

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The K56 service terminated with the following error: The specified module could not be found. Probably a modem

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Hamachi service terminated with the following error: The specified module could not be found. Hamachi VPN client

Log: 'System' Date/Time: 01/05/2012 12:55:47 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The KR3NPXP service terminated with the following error: The specified module could not be found. TOSHIBA RAID Driver

They seem to be legitimate drivers/services but there is no sign of them in your logs. I was able to get Combofix to find one of the missing boot files (dfsc.sys) but it couldn't find the other one (luafv.sys) which has something to do with User Account Control (UAC). I marked the others in bold to the right of the event. The WMI one is probably something we should fix as there are a lot of things that depend on it. luafv.sys is probably another one that need to work. Perhaps that is why sfc is not happy. I've got a Vista in the bedroom that I can get the WMI and luafv.sys files from but not tonight. Wife's already gone to bed. I'll check to see if I have any of the others but they aren't MS so it's unlikely.

#9
Sarous

Posted 04 May 2012 - 03:03 PM

Member

Topic Starter
Member
84 posts

An additional problem just arose today: now the screen blinks off a half dozen times, staying off for 2-5 seconds then working for 2-5 seconds, then the entire machine will power down & boot. It functions correctly in safe mode.

Edit:
Updated graphics driver. Blinking issue has been corrected.

Edit:
I have a copy of both .sys files in system32/drivers, however, one of the combofix logs lists dfsc as having been disinfected.

Edited by Sarous, 05 May 2012 - 10:00 AM.

#10
RKinner

Posted 05 May 2012 - 12:41 PM

Malware Expert

Expert
24,483 posts

Start. Programs, Accessories, then right click on Command Prompt and Run As Admin. Type with an Enter after each line:

sc  query  state=  all  >  \junk.txt
net  start  >>  \junk.txt

Attach the file C:\junk.txt to your next reply.

#11
Sarous

Posted 05 May 2012 - 03:53 PM

Member

Topic Starter
Member
84 posts

#12
RKinner

Posted 05 May 2012 - 06:22 PM

Malware Expert

Expert
24,483 posts

None of the services seem to be in the sc list. Don't how they are starting. Run OTL again. This time check the ALL box for Services and Drivers then Run Scan.

#13
Sarous

Posted 05 May 2012 - 06:38 PM

Member

Topic Starter
Member
84 posts

OTL logfile created on: 05/05/2012 7:33:33 PM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Cougar\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.20 Gb Total Space | 129.90 Gb Free Space | 57.94% Space Free | Partition Type: NTFS

Computer Name: COUGAR-PC | User Name: Cougar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/03 22:19:37 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/22 20:49:58 | 006,591,800 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/09 17:43:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/10/13 12:15:20 | 000,179,480 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/22 14:31:34 | 001,353,232 | ---- | M] (Logitech, Inc.) -- C:\Users\Cougar\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
PRC - [2011/06/22 14:31:30 | 000,351,248 | ---- | M] (Logitech, Inc.) -- C:\Users\Cougar\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/04 16:46:38 | 001,242,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
PRC - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/06/02 15:26:48 | 000,505,720 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2008/05/09 13:49:30 | 000,716,800 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/08 17:14:50 | 006,037,504 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/06 15:52:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/03 22:19:40 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/30 18:21:02 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/08 10:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2011/02/22 08:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/03/18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 22:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/02/06 15:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 19:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - [2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/10/13 12:01:26 | 009,037,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/11/09 21:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam C160(UVC)
DRV - [2010/11/09 21:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/06/23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/18 23:29:50 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/08/18 23:29:49 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/10 06:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/04/10 23:42:54 | 000,073,216 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/11 18:17:20 | 000,063,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/08/14 11:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/18 20:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/09 20:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 11:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/14 13:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 16:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/23 12:50:50 | 000,025,896 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/11/20 16:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/23 22:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/23 22:29:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/03 22:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/03 22:17:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/03 22:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 23:52:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/03 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Extensions
[2012/05/05 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\mozilla\Firefox\Profiles\nt02ihvk.default\extensions
[2012/05/03 23:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/03 23:33:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD292324-974F-4224-D074-CACA427AA030} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cougar\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 17:07:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/05/04 17:05:55 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/04 16:39:06 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2012/05/04 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Cougar\{7e015dc6-6631-47f4-b276-bc8c65c2f401}
[2012/05/04 01:54:49 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/04 01:28:54 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Desktop\backups
[2012/05/04 01:13:41 | 000,000,000 | ---D | C] -- C:\COMBOFIX
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Mozilla
[2012/05/03 23:52:50 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\Mozilla
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 23:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 23:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/03 23:40:02 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\temp
[2012/05/03 23:39:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 22:21:44 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2012/05/03 22:20:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Local\AVG Secure Search
[2012/05/03 22:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/03 22:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/05/03 22:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/03 22:16:41 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/03 19:12:31 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Desktop\C
[2012/05/02 19:35:28 | 000,000,000 | ---D | C] -- C:\Users\Cougar\Documents\C
[2012/05/01 01:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/05/01 01:04:38 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\uTorrent
[2012/05/01 01:02:59 | 000,879,984 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Cougar\Documents\uTorrent.exe
[2012/04/30 21:48:27 | 000,000,000 | ---D | C] -- C:\!KillBox
[2012/04/30 21:47:48 | 000,093,696 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/04/30 20:53:14 | 000,000,000 | ---D | C] -- C:\Users\Cougar\AppData\Roaming\Yahoo!
[2012/04/30 19:43:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/30 18:12:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/30 17:57:06 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:02:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/30 17:02:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/30 17:02:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/30 17:02:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/30 16:48:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/30 16:37:52 | 004,479,797 | R--- | C] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 16:25:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:24:56 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:00 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 22:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\529C50D8000435DB0020086B570F1C8B
[2012/04/23 20:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 19:36:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 19:30:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 19:30:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 16:52:50 | 097,248,416 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/05 16:48:38 | 000,654,054 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/05 16:48:38 | 000,123,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/05 16:42:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/05 16:42:11 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 16:42:10 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 17:16:28 | 000,014,640 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/04 17:01:38 | 000,001,356 | ---- | M] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2012/05/04 16:28:30 | 198,181,377 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/04 16:14:34 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2012/05/04 01:45:26 | 000,000,000 | ---- | M] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 23:33:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/01 10:39:42 | 3083,796,480 | ---- | M] () -- C:\Users\Cougar\Desktop\Vista Home Premium 32bit(x86) Activated Edition.iso
[2012/05/01 01:15:30 | 000,015,264 | ---- | M] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/05/01 01:03:26 | 000,879,984 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Cougar\Documents\uTorrent.exe
[2012/05/01 00:10:37 | 000,010,882 | ---- | M] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2012/04/30 21:47:52 | 000,093,696 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Users\Cougar\Desktop\KillBox.exe
[2012/04/30 21:20:35 | 004,479,797 | R--- | M] (Swearware) -- C:\Users\Cougar\Desktop\ComboFix.exe
[2012/04/30 20:53:09 | 000,000,937 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:43:03 | 000,061,440 | ---- | M] ( ) -- C:\Users\Cougar\Desktop\VEW.exe
[2012/04/30 19:07:50 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 17:58:41 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cougar\Desktop\tdsskiller.exe
[2012/04/30 17:52:56 | 000,000,818 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:44:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120503-214633.backup
[2012/04/30 16:30:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cougar\Desktop\aswMBR.exe
[2012/04/30 16:25:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cougar\Desktop\OTL.exe
[2012/04/29 23:48:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Cougar\Desktop\HijackThis.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | M] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2012/04/24 18:34:09 | 000,334,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/04 15:29:10 | 198,181,377 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/04 01:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2012/05/03 23:52:45 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/01 01:18:07 | 3083,796,480 | ---- | C] () -- C:\Users\Cougar\Desktop\Vista Home Premium 32bit(x86) Activated Edition.iso
[2012/05/01 01:15:28 | 000,015,264 | ---- | C] () -- C:\Users\Cougar\Documents\Windows Vista Home Premium 32bit (x86).torrent
[2012/04/30 20:53:09 | 000,000,937 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/30 19:07:50 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 18:21:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 17:52:56 | 000,000,818 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\iWinGames - Shortcut.lnk
[2012/04/30 17:02:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/30 17:02:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/30 17:02:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/30 17:02:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/30 17:02:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/29 23:00:17 | 000,000,920 | ---- | C] () -- C:\Users\Cougar\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/10/16 16:23:20 | 000,003,584 | ---- | C] () -- C:\Users\Cougar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/05/01 03:01:38 | 000,001,356 | ---- | C] () -- C:\Users\Cougar\AppData\Local\d3d9caps.dat
[2010/11/28 16:58:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/09 21:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/09 21:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/09 21:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/08/22 00:31:59 | 000,007,164 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\UserTile.png
[2010/07/04 13:40:26 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/12/03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/20 02:57:06 | 000,010,882 | ---- | C] () -- C:\Users\Cougar\AppData\Roaming\wklnhst.dat
[2009/08/18 23:29:49 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/18 23:29:49 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/08/18 19:58:32 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2009/08/18 19:58:29 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 04:47:32 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008/09/30 14:36:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/09/30 14:25:14 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/09/30 14:25:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/09/30 14:25:14 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/09/30 14:25:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/09/30 14:25:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/12 20:59:22 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/01/15 05:31:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/05/23 10:53:33 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Alawar
[2011/11/02 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AlphaKimori2
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Aveyond 3
[2012/02/12 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG
[2012/05/03 22:21:44 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\AVG2012
[2011/11/26 15:20:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Big Fish Games
[2012/05/04 15:17:41 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DAEMON Tools Lite
[2012/04/23 22:26:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dekovir
[2009/09/21 15:55:56 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\DeLorme
[2012/05/04 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Dropbox
[2011/11/19 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\ERS Game Studios
[2012/04/23 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Games
[2011/02/20 14:45:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Ghost Ship Studios
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\HuruBeachParty
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Islands
[2010/11/14 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Leadertech
[2010/11/26 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\LEGO Company
[2012/04/23 22:30:03 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Lost in the City
[2012/04/23 22:26:38 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Neopets Toolbar
[2012/04/23 22:30:04 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\PathToSuccess
[2010/11/30 19:33:34 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Pony-World-Deluxe
[2011/08/05 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Skip-Bo
[2012/05/04 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\SystemRequirementsLab
[2009/12/31 02:40:14 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Template
[2009/08/27 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Toshiba
[2012/05/03 21:27:02 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\uTorrent
[2011/09/04 01:04:27 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Visan
[2011/08/10 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\Cougar\AppData\Roaming\Windows Live Writer
[2012/05/05 01:13:43 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:BF3D0EA3
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:A5388B43

< End of report >

#14
RKinner

Posted 05 May 2012 - 06:46 PM

Malware Expert

Expert
24,483 posts

Are you sure that was with the ALL boxes checked for Services and Drivers?

We are leaving the house right now for a dinner party so it will be a while before i can get back to this.

#15
Sarous

Posted 05 May 2012 - 07:08 PM

Member

Topic Starter
Member
84 posts

Confirmed, with "all" services and "all" drivers

edit:
Just noticed that Defrag seems to be missing. The shortcut from start>accessories/system tools: are gone, and the shortcut from right-click drive, tools, gets no responce (nothing starts, no "files is missing"). And Internet Explorer now crashes every time I try to bring it up (using Firefox atm).

Edited by Sarous, 06 May 2012 - 11:01 AM.