Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Not so Happili Redirected-- audiodev32.dll TrojanDownloader Win32/Tracur

Started by effa, Apr 27 2012 11:25 AM

Happili Redirect

This topic is locked

59 replies to this topic

#1 effa

Regular Member

Honorary Members
53 posts

Posted 27 April 2012 - 11:25 AM

Hi,

Like many others, I have problems with Happili redirect and other crappy commercial looking redirects in IE. I scanned my computer with Avira and Malwarebytes (free versions), but it did not solve the problem.

I then ran DDS, which resulted in the logs I inserted below.

Anyone out there willing and able to help me?

Thanks!

dds.text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Carl at 12:11:25 on 2012-04-27
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1115 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\program files\toshiba wwan manager\bin\gbx4log.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
BHO: {17dd4ccf-48ac-481f-a8a9-8b65774437f7} - c:\windows\system32\audiodev32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: 96f8244b: {32d19711-e290-8fdc-42b4-effd46023ab9} - c:\programdata\audiodev32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Octoshape Streaming Services] "c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Adobe] rundll32.exe "c:\users\carl\appdata\local\google\adobe\ihkpbqo.dll",DllRegisterServer
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [coreworks] "c:\program files\toshiba wwan manager\bin\gbxapp.exe" runatstartup
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://webmail.worldbank.org/dwa85W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://webmail.worldbank.org/dwa8W.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.worldbank.org/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2CE2B1B3-C808-42AE-BE4D-50F976A14FCF} : NameServer = 172.24.24.10
TCP: Interfaces\{96FB2830-CE1A-44CA-AC71-EBDAABF3DC2D} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll, c:\programdata\audiodev32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-1 36000]
R1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-6-1 14856]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-1 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-1 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-1 74640]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-7-22 20544]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-3-19 345336]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-7-22 45056]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-7-22 38400]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-24 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-7-22 22272]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R3 qcfilterTSH;Toshiba USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterTSH.sys [2009-3-19 5248]
R3 qcusbnetTSH;Toshiba USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetTSH.sys [2009-3-19 115200]
R3 qcusbserTSH;Toshiba USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserTSH.sys [2009-3-19 104448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\pnpxassoc32.exe --> c:\windows\system32\PNPXAssoc32.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-27 13:23:53 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72338c3f-a70f-4386-80a7-7f34b8c2e17a}\mpengine.dll
2012-04-24 19:27:25 -------- d-----w- c:\program files\Microsoft LifeCam
2012-04-24 19:27:14 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-04-24 19:27:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-04-15 13:14:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 20:01:14 -------- d-----w- c:\program files\Research In Motion Limited
2012-04-01 16:53:09 -------- d-----w- c:\users\carl\appdata\roaming\Avira
2012-04-01 15:27:58 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-01 15:27:58 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-01 15:27:55 -------- d-----w- c:\programdata\Avira
2012-04-01 15:27:55 -------- d-----w- c:\program files\Avira
.
==================== Find3M ====================
.
2012-04-15 13:14:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 12:12:40.41 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2009 6:37:14 PM
System Uptime: 4/27/2012 5:13:15 AM (7 hours ago)
.
Motherboard: TOSHIBA | | To be filled by O.E.M.
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | CPU 1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 57.812 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP739: 4/13/2012 6:00:53 AM - Scheduled Checkpoint
RP740: 4/13/2012 2:49:55 PM - Windows Update
RP741: 4/14/2012 3:20:35 AM - Scheduled Checkpoint
RP742: 4/14/2012 4:00:07 PM - Installed BlackBerry App World Browser Plugin
RP743: 4/16/2012 3:01:26 AM - Windows Update
RP744: 4/17/2012 3:27:43 AM - Scheduled Checkpoint
RP745: 4/17/2012 6:53:43 PM - Windows Update
RP747: 4/20/2012 8:40:02 AM - Windows Update
RP748: 4/21/2012 8:24:22 AM - Scheduled Checkpoint
RP749: 4/23/2012 7:00:28 AM - Scheduled Checkpoint
RP750: 4/24/2012 3:56:14 AM - Scheduled Checkpoint
RP751: 4/24/2012 4:02:55 AM - Windows Update
RP753: 4/24/2012 3:26:56 PM - Installed DirectX
RP754: 4/24/2012 3:28:02 PM - Device Driver Package Install: Microsoft Imaging devices
RP755: 4/24/2012 3:28:43 PM - Device Driver Package Install: Microsoft Sound, video and game controllers
RP756: 4/24/2012 3:29:44 PM - Device Driver Package Install: Microsoft Imaging devices
RP757: 4/24/2012 3:30:23 PM - Device Driver Package Install: Microsoft Sound, video and game controllers
RP758: 4/24/2012 3:31:23 PM - Device Driver Package Install: Microsoft Imaging devices
RP759: 4/24/2012 3:32:34 PM - Device Driver Package Install: Microsoft Sound, video and game controllers
RP760: 4/24/2012 3:33:47 PM - Device Driver Package Install: Microsoft Imaging devices
RP761: 4/24/2012 3:34:36 PM - Device Driver Package Install: Microsoft Sound, video and game controllers
RP762: 4/25/2012 6:21:55 AM - Scheduled Checkpoint
RP763: 4/27/2012 6:06:50 AM - Scheduled Checkpoint
RP764: 4/27/2012 9:22:57 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
ALPS Touch Pad Driver
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artweaver 1.0
Avira Free Antivirus
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone
Bonjour
Compatibility Pack for the 2007 Office system
CyberLink PowerCinema for TOSHIBA
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
DJ_AIO_05_F4400_Software_Min
Dolby Control Center
DVD MovieFactory for TOSHIBA
Exstora Pro 2.5
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4400 Printer Driver 14.0 Rel. 5
Ilwis
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 29
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.61.0.1400
Mathe Klasse 11-13
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netzero Internet Access Installer
Norton Internet Security
Octoshape Streaming Services
PDF24 Creator 4.1.2
Picasa 3
PlayReady PC runtime
Qualcomm Gobi Single Installer Package for Toshiba
QuickBooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Recuva
RICOH R5U230 Media Driver ver.2.02.02.01
Scan
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype web features
Skype™ 5.8
Spelling Dictionaries Support For Adobe Reader 9
Toolbox
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA WWAN Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VoiceOver Kit
WildTangent Games
.
==== Event Viewer Messages From Past Week ========
.
4/26/2012 5:41:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/24/2012 3:47:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
4/24/2012 3:46:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ehSched service.
4/24/2012 2:56:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
4/23/2012 2:28:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Carl-notebook\Carl SID (S-1-5-21-2291974740-4036391792-2128109495-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/23/2012 10:33:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
4/22/2012 5:40:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
.
==== End Of File ===========================

#2 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 28 April 2012 - 08:31 AM

Hello effa,

Kindly advise me if the redirects are only in Internet Explorer, or, if it too occurs in Firefox or Chrome, or other browser !

Let's start with some preliminaries and have you post log-reports for my review.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Show all files:

Click the Start button, and then click Computer.
On the Organize menu, click Folder and Search Options.
Click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders.
Click Apply > OK.

Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4
b]Please read carefully and follow these steps.[/b]

Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
Download TDSSKiller and save it to your Desktop.
If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
If on Windows XP, double-click to start.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
Then press Start Scan

When the scan is done, it will display a summary screen.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5
Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)
Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

Run Security Check
Follow the onscreen instructions inside of the command window.
A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

the contents of aswMBR report;
the contents of TDSSKILLER log;
the contents of GMER log;
the contents of OTL.txt;
the contents of Extras.txt ; and
the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Maurice Naggar
Consumer Support Specialist

#3 effa

Regular Member

Honorary Members
53 posts

Posted 29 April 2012 - 09:18 AM

Hi Maurice Naggar,

Thank you very much for your reply.

I am going to start with your instructions and will post the logs a.s.a.p. Just to answer your first question, only IE is used on this computer, so obviously only redirect problems in IE.

Effa

#4 effa

Regular Member

Honorary Members
53 posts

Posted 29 April 2012 - 11:09 AM

Hi Maurice Naggar,

I followed your instructions and everything went fine when performing step 1 till 4 (see logs below). I was unfortunately not able to perform the scan in step 5 (and hence I did not try to do step 6).

Here is a little desciption of what went wrong in step 5:

I downloaded a file called 0n3bgh0k.exe
Running this program did not work out and gave the following message: "Invalid access to memory."
I decided to delete the exe file and try again, following your instructions in step 5 from the beginning
I downloaded a file called hy5hg09p.exe and ran it
I was able to start the scan this time, however after a little time a MS window popped up saying "program has stopped working", I closed this window
I decided to run the same exe again, but I ended up with a blue screen after doing so
Being a little in panic I pressed restart in safe mode (which I hardly understand :-( ), but realized I had no idea what to do after and had no internet connection, so I restarted the computer, expecting to choose safe mode + internet, but ending up with a normal reboot.

I did not do anything else afterwards, besides posting this and saving some unsaved docs.

Looking forward to your reply. Sorry for being such a dummy.

Effa

aswMBR.exe log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 10:50:05
-----------------------------
10:50:05.222 OS Version: Windows 6.0.6001 Service Pack 1
10:50:05.222 Number of processors: 2 586 0x170A
10:50:05.223 ComputerName: CARL-NOTEBOOK UserName: Carl
10:50:37.713 Initialize success
10:54:24.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:54:24.178 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3
10:54:24.189 Disk 0 MBR read successfully
10:54:24.193 Disk 0 MBR scan
10:54:24.196 Disk 0 Windows VISTA default MBR code
10:54:24.204 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:54:24.220 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 141597 MB offset 3074048
10:54:24.257 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9529 MB offset 293064704
10:54:24.289 Disk 0 scanning sectors +312580096
10:54:24.376 Disk 0 scanning C:\Windows\system32\drivers
10:54:31.892 Service scanning
10:54:58.557 Modules scanning
10:55:11.637 Scan finished successfully
10:55:30.529 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"
10:55:30.543 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"

TDSSKiller log;

11:01:16.0970 4380 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
11:01:17.0224 4380 ============================================================
11:01:17.0225 4380 Current date / time: 2012/04/29 11:01:17.0224
11:01:17.0225 4380 SystemInfo:
11:01:17.0225 4380
11:01:17.0225 4380 OS Version: 6.0.6001 ServicePack: 1.0
11:01:17.0225 4380 Product type: Workstation
11:01:17.0225 4380 ComputerName: CARL-NOTEBOOK
11:01:17.0225 4380 UserName: Carl
11:01:17.0225 4380 Windows directory: C:\Windows
11:01:17.0225 4380 System windows directory: C:\Windows
11:01:17.0225 4380 Processor architecture: Intel x86
11:01:17.0225 4380 Number of processors: 2
11:01:17.0225 4380 Page size: 0x1000
11:01:17.0225 4380 Boot type: Normal boot
11:01:17.0225 4380 ============================================================
11:01:17.0631 4380 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:01:17.0633 4380 ============================================================
11:01:17.0633 4380 \Device\Harddisk0\DR0:
11:01:17.0633 4380 MBR partitions:
11:01:17.0633 4380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1148E800
11:01:17.0633 4380 ============================================================
11:01:17.0667 4380 C: <-> \Device\Harddisk0\DR0\Partition0
11:01:17.0667 4380 ============================================================
11:01:17.0667 4380 Initialize success
11:01:17.0667 4380 ============================================================
11:02:03.0039 4560 ============================================================
11:02:03.0039 4560 Scan started
11:02:03.0039 4560 Mode: Manual; SigCheck; TDLFS;
11:02:03.0039 4560 ============================================================
11:02:04.0072 4560 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
11:02:04.0214 4560 ACPI - ok
11:02:04.0375 4560 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:04.0390 4560 AdobeFlashPlayerUpdateSvc - ok
11:02:04.0449 4560 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:02:04.0470 4560 adp94xx - ok
11:02:04.0520 4560 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:02:04.0537 4560 adpahci - ok
11:02:04.0568 4560 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:02:04.0581 4560 adpu160m - ok
11:02:04.0600 4560 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:02:04.0617 4560 adpu320 - ok
11:02:04.0659 4560 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:02:04.0767 4560 AeLookupSvc - ok
11:02:04.0863 4560 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
11:02:04.0951 4560 AFD - ok
11:02:04.0990 4560 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
11:02:05.0067 4560 AgereModemAudio - ok
11:02:05.0156 4560 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
11:02:05.0262 4560 AgereSoftModem - ok
11:02:05.0316 4560 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:02:05.0331 4560 agp440 - ok
11:02:05.0389 4560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:02:05.0405 4560 aic78xx - ok
11:02:05.0479 4560 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:02:05.0543 4560 ALG - ok
11:02:05.0585 4560 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:02:05.0599 4560 aliide - ok
11:02:05.0647 4560 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:02:05.0662 4560 amdagp - ok
11:02:05.0684 4560 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:02:05.0698 4560 amdide - ok
11:02:05.0719 4560 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:02:05.0757 4560 AmdK7 - ok
11:02:05.0800 4560 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:02:05.0851 4560 AmdK8 - ok
11:02:06.0073 4560 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:02:06.0088 4560 AntiVirSchedulerService - ok
11:02:06.0139 4560 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:02:06.0152 4560 AntiVirService - ok
11:02:06.0219 4560 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:02:06.0262 4560 ApfiltrService - ok
11:02:06.0312 4560 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:02:06.0354 4560 Appinfo - ok
11:02:06.0508 4560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:06.0520 4560 Apple Mobile Device - ok
11:02:06.0572 4560 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:02:06.0589 4560 arc - ok
11:02:06.0622 4560 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:02:06.0638 4560 arcsas - ok
11:02:06.0672 4560 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:02:06.0736 4560 AsyncMac - ok
11:02:06.0780 4560 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
11:02:06.0791 4560 atapi - ok
11:02:06.0854 4560 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:02:06.0925 4560 AudioEndpointBuilder - ok
11:02:06.0932 4560 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
11:02:06.0965 4560 Audiosrv - ok
11:02:07.0026 4560 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
11:02:07.0035 4560 avgntflt - ok
11:02:07.0069 4560 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
11:02:07.0079 4560 avipbb - ok
11:02:07.0093 4560 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:02:07.0102 4560 avkmgr - ok
11:02:07.0171 4560 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:02:07.0233 4560 Beep - ok
11:02:07.0303 4560 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
11:02:07.0369 4560 BFE - ok
11:02:07.0451 4560 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
11:02:07.0532 4560 BITS - ok
11:02:07.0581 4560 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:02:07.0617 4560 blbdrive - ok
11:02:07.0821 4560 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:02:07.0867 4560 Bonjour Service - ok
11:02:07.0922 4560 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
11:02:08.0015 4560 bowser - ok
11:02:08.0078 4560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:02:08.0129 4560 BrFiltLo - ok
11:02:08.0160 4560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:02:08.0178 4560 BrFiltUp - ok
11:02:08.0286 4560 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:02:08.0334 4560 Browser - ok
11:02:08.0396 4560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:02:08.0662 4560 Brserid - ok
11:02:08.0727 4560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:02:08.0800 4560 BrSerWdm - ok
11:02:08.0860 4560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:02:08.0959 4560 BrUsbMdm - ok
11:02:08.0986 4560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:02:09.0026 4560 BrUsbSer - ok
11:02:09.0086 4560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
11:02:09.0147 4560 BTHMODEM - ok
11:02:09.0216 4560 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
11:02:09.0262 4560 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
11:02:09.0262 4560 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
11:02:09.0381 4560 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
11:02:09.0389 4560 camsvc - ok
11:02:09.0437 4560 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:02:09.0486 4560 cdfs - ok
11:02:09.0537 4560 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
11:02:09.0593 4560 cdrom - ok
11:02:09.0641 4560 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:02:09.0670 4560 CertPropSvc - ok
11:02:09.0729 4560 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:02:09.0782 4560 circlass - ok
11:02:09.0899 4560 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
11:02:09.0914 4560 CLFS - ok
11:02:10.0079 4560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:10.0090 4560 clr_optimization_v2.0.50727_32 - ok
11:02:10.0191 4560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:02:10.0204 4560 clr_optimization_v4.0.30319_32 - ok
11:02:10.0262 4560 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:02:10.0311 4560 CmBatt - ok
11:02:10.0334 4560 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:02:10.0344 4560 cmdide - ok
11:02:10.0360 4560 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:02:10.0371 4560 Compbatt - ok
11:02:10.0375 4560 COMSysApp - ok
11:02:10.0436 4560 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
11:02:10.0442 4560 ConfigFree Service - ok
11:02:10.0473 4560 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:02:10.0481 4560 crcdisk - ok
11:02:10.0500 4560 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:02:10.0538 4560 Crusoe - ok
11:02:10.0592 4560 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
11:02:10.0634 4560 CryptSvc - ok
11:02:10.0785 4560 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:02:10.0834 4560 DcomLaunch - ok
11:02:10.0882 4560 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
11:02:10.0967 4560 DfsC - ok
11:02:11.0214 4560 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
11:02:11.0314 4560 DFSR - ok
11:02:11.0426 4560 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
11:02:11.0499 4560 Dhcp - ok
11:02:11.0585 4560 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
11:02:11.0600 4560 disk - ok
11:02:11.0697 4560 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
11:02:11.0783 4560 Dnscache - ok
11:02:11.0861 4560 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
11:02:11.0912 4560 dot3svc - ok
11:02:11.0976 4560 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:02:12.0033 4560 Dot4 - ok
11:02:12.0171 4560 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:02:12.0230 4560 Dot4Print - ok
11:02:12.0289 4560 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:02:12.0312 4560 dot4usb - ok
11:02:12.0351 4560 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:02:12.0398 4560 DPS - ok
11:02:12.0434 4560 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:02:12.0475 4560 drmkaud - ok
11:02:12.0518 4560 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
11:02:12.0560 4560 DXGKrnl - ok
11:02:12.0622 4560 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:02:12.0668 4560 E1G60 - ok
11:02:12.0719 4560 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:02:12.0763 4560 EapHost - ok
11:02:12.0824 4560 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
11:02:12.0837 4560 Ecache - ok
11:02:12.0906 4560 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe
11:02:12.0953 4560 ehRecvr - ok
11:02:12.0981 4560 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe
11:02:13.0025 4560 ehSched - ok
11:02:13.0066 4560 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll
11:02:13.0108 4560 ehstart - ok
11:02:13.0164 4560 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:02:13.0183 4560 elxstor - ok
11:02:13.0259 4560 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
11:02:13.0340 4560 EMDMgmt - ok
11:02:13.0399 4560 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:02:13.0452 4560 ErrDev - ok
11:02:13.0520 4560 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
11:02:13.0553 4560 EventSystem - ok
11:02:13.0697 4560 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:02:13.0772 4560 EvtEng ( UnsignedFile.Multi.Generic ) - warning
11:02:13.0772 4560 EvtEng - detected UnsignedFile.Multi.Generic (1)
11:02:13.0827 4560 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
11:02:13.0871 4560 exfat - ok
11:02:13.0917 4560 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
11:02:13.0971 4560 fastfat - ok
11:02:14.0019 4560 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:02:14.0062 4560 fdc - ok
11:02:14.0101 4560 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:02:14.0154 4560 fdPHost - ok
11:02:14.0179 4560 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:02:14.0267 4560 FDResPub - ok
11:02:14.0312 4560 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:02:14.0324 4560 FileInfo - ok
11:02:14.0351 4560 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:02:14.0380 4560 Filetrace - ok
11:02:14.0423 4560 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:02:14.0472 4560 flpydisk - ok
11:02:14.0503 4560 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
11:02:14.0517 4560 FltMgr - ok
11:02:14.0596 4560 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:02:14.0605 4560 FontCache3.0.0.0 - ok
11:02:14.0642 4560 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:02:14.0684 4560 Fs_Rec - ok
11:02:14.0711 4560 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:02:14.0723 4560 gagp30kx - ok
11:02:14.0824 4560 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:02:14.0836 4560 GameConsoleService - ok
11:02:14.0892 4560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:02:14.0900 4560 GEARAspiWDM - ok
11:02:15.0003 4560 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
11:02:15.0074 4560 gpsvc - ok
11:02:15.0177 4560 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:02:15.0188 4560 gupdate - ok
11:02:15.0216 4560 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:02:15.0227 4560 gupdatem - ok
11:02:15.0330 4560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:02:15.0341 4560 gusvc - ok
11:02:15.0396 4560 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:02:15.0450 4560 HdAudAddService - ok
11:02:15.0467 4560 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:02:15.0520 4560 HDAudBus - ok
11:02:15.0565 4560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:02:15.0618 4560 HidBth - ok
11:02:15.0639 4560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:02:15.0715 4560 HidIr - ok
11:02:15.0760 4560 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
11:02:15.0843 4560 hidserv - ok
11:02:15.0883 4560 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
11:02:15.0940 4560 HidUsb - ok
11:02:15.0975 4560 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:02:16.0006 4560 hkmsvc - ok
11:02:16.0029 4560 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:02:16.0040 4560 HpCISSs - ok
11:02:16.0083 4560 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
11:02:16.0148 4560 HTTP - ok
11:02:16.0181 4560 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:02:16.0191 4560 i2omp - ok
11:02:16.0235 4560 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:02:16.0276 4560 i8042prt - ok
11:02:16.0328 4560 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
11:02:16.0342 4560 iaStor - ok
11:02:16.0403 4560 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:02:16.0415 4560 iaStorV - ok
11:02:16.0541 4560 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:02:16.0563 4560 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:02:16.0563 4560 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:02:16.0658 4560 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:02:16.0689 4560 idsvc - ok
11:02:16.0848 4560 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:02:16.0999 4560 igfx - ok
11:02:17.0099 4560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:02:17.0109 4560 iirsp - ok
11:02:17.0163 4560 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
11:02:17.0230 4560 IKEEXT - ok
11:02:17.0409 4560 IntcAzAudAddService (1dd40eb58f202880d24fc06a01cc729d) C:\Windows\system32\drivers\RTKVHDA.sys
11:02:17.0484 4560 IntcAzAudAddService - ok
11:02:17.0627 4560 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
11:02:17.0663 4560 IntcHdmiAddService - ok
11:02:17.0711 4560 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:02:17.0722 4560 intelide - ok
11:02:17.0759 4560 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:02:17.0810 4560 intelppm - ok
11:02:17.0852 4560 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:02:17.0910 4560 IPBusEnum - ok
11:02:17.0934 4560 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:02:17.0996 4560 IpFilterDriver - ok
11:02:18.0051 4560 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
11:02:18.0124 4560 iphlpsvc - ok
11:02:18.0129 4560 IpInIp - ok
11:02:18.0167 4560 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:02:18.0229 4560 IPMIDRV - ok
11:02:18.0277 4560 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:02:18.0316 4560 IPNAT - ok
11:02:18.0476 4560 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
11:02:18.0509 4560 iPod Service - ok
11:02:18.0543 4560 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:02:18.0601 4560 IRENUM - ok
11:02:18.0629 4560 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:02:18.0644 4560 isapnp - ok
11:02:18.0710 4560 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
11:02:18.0727 4560 iScsiPrt - ok
11:02:18.0756 4560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:02:18.0769 4560 iteatapi - ok
11:02:18.0840 4560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:02:18.0854 4560 iteraid - ok
11:02:18.0878 4560 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:02:18.0892 4560 kbdclass - ok
11:02:18.0930 4560 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
11:02:18.0995 4560 kbdhid - ok
11:02:19.0036 4560 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:02:19.0078 4560 KeyIso - ok
11:02:19.0117 4560 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
11:02:19.0146 4560 KSecDD - ok
11:02:19.0220 4560 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:02:19.0290 4560 KtmRm - ok
11:02:19.0334 4560 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
11:02:19.0359 4560 LanmanServer - ok
11:02:19.0427 4560 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
11:02:19.0474 4560 LanmanWorkstation - ok
11:02:19.0588 4560 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:02:19.0613 4560 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:02:19.0613 4560 LightScribeService - detected UnsignedFile.Multi.Generic (1)
11:02:19.0648 4560 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:02:19.0697 4560 lltdio - ok
11:02:19.0753 4560 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:02:19.0806 4560 lltdsvc - ok
11:02:19.0838 4560 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:02:19.0926 4560 lmhosts - ok
11:02:19.0983 4560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:02:19.0992 4560 LSI_FC - ok
11:02:20.0006 4560 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:02:20.0015 4560 LSI_SAS - ok
11:02:20.0063 4560 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:02:20.0072 4560 LSI_SCSI - ok
11:02:20.0095 4560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:02:20.0119 4560 luafv - ok
11:02:20.0148 4560 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll
11:02:20.0180 4560 Mcx2Svc - ok
11:02:20.0244 4560 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:02:20.0253 4560 megasas - ok
11:02:20.0301 4560 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:02:20.0318 4560 MegaSR - ok
11:02:20.0370 4560 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:02:20.0420 4560 MMCSS - ok
11:02:20.0446 4560 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:02:20.0499 4560 Modem - ok
11:02:20.0537 4560 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:02:20.0590 4560 monitor - ok
11:02:20.0622 4560 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:02:20.0633 4560 mouclass - ok
11:02:20.0643 4560 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:02:20.0692 4560 mouhid - ok
11:02:20.0718 4560 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:02:20.0729 4560 MountMgr - ok
11:02:20.0762 4560 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:02:20.0774 4560 mpio - ok
11:02:20.0795 4560 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:02:20.0819 4560 mpsdrv - ok
11:02:20.0851 4560 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
11:02:20.0913 4560 MpsSvc - ok
11:02:20.0955 4560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:02:20.0965 4560 Mraid35x - ok
11:02:20.0987 4560 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
11:02:21.0056 4560 MRxDAV - ok
11:02:21.0114 4560 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:02:21.0143 4560 mrxsmb - ok
11:02:21.0200 4560 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:02:21.0243 4560 mrxsmb10 - ok
11:02:21.0304 4560 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:02:21.0336 4560 mrxsmb20 - ok
11:02:21.0385 4560 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
11:02:21.0396 4560 msahci - ok
11:02:21.0600 4560 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
11:02:21.0611 4560 MSCamSvc - ok
11:02:21.0646 4560 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:02:21.0658 4560 msdsm - ok
11:02:21.0699 4560 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:02:21.0760 4560 MSDTC - ok
11:02:21.0797 4560 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:02:21.0853 4560 Msfs - ok
11:02:21.0907 4560 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
11:02:21.0916 4560 MSHUSBVideo - ok
11:02:21.0959 4560 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
11:02:21.0969 4560 msisadrv - ok
11:02:22.0089 4560 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:02:22.0142 4560 MSiSCSI - ok
11:02:22.0146 4560 msiserver - ok
11:02:22.0207 4560 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:02:22.0255 4560 MSKSSRV - ok
11:02:22.0288 4560 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:02:22.0311 4560 MSPCLOCK - ok
11:02:22.0341 4560 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:02:22.0365 4560 MSPQM - ok
11:02:22.0404 4560 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
11:02:22.0414 4560 MsRPC - ok
11:02:22.0430 4560 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
11:02:22.0438 4560 mssmbios - ok
11:02:22.0473 4560 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:02:22.0495 4560 MSTEE - ok
11:02:22.0528 4560 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
11:02:22.0537 4560 Mup - ok
11:02:22.0573 4560 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
11:02:22.0629 4560 napagent - ok
11:02:22.0692 4560 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
11:02:22.0707 4560 NativeWifiP - ok
11:02:22.0761 4560 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
11:02:22.0783 4560 NDIS - ok
11:02:22.0795 4560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:02:22.0837 4560 NdisTapi - ok
11:02:22.0868 4560 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:02:22.0897 4560 Ndisuio - ok
11:02:22.0935 4560 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
11:02:22.0964 4560 NdisWan - ok
11:02:22.0982 4560 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:02:23.0028 4560 NDProxy - ok
11:02:23.0107 4560 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
11:02:23.0133 4560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:02:23.0133 4560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:02:23.0162 4560 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:02:23.0214 4560 NetBIOS - ok
11:02:23.0256 4560 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
11:02:23.0315 4560 netbt - ok
11:02:23.0359 4560 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:02:23.0375 4560 Netlogon - ok
11:02:23.0406 4560 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:02:23.0462 4560 Netman - ok
11:02:23.0496 4560 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:02:23.0549 4560 netprofm - ok
11:02:23.0624 4560 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:23.0635 4560 NetTcpPortSharing - ok
11:02:23.0806 4560 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:02:24.0041 4560 NETw5v32 - ok
11:02:24.0162 4560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:02:24.0176 4560 nfrd960 - ok
11:02:24.0219 4560 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:02:24.0282 4560 NlaSvc - ok
11:02:24.0303 4560 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
11:02:24.0368 4560 Npfs - ok
11:02:24.0409 4560 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:02:24.0480 4560 nsi - ok
11:02:24.0522 4560 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:02:24.0560 4560 nsiproxy - ok
11:02:24.0620 4560 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
11:02:24.0698 4560 Ntfs - ok
11:02:24.0779 4560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:02:24.0875 4560 ntrigdigi - ok
11:02:24.0904 4560 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:02:24.0965 4560 Null - ok
11:02:25.0016 4560 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:02:25.0032 4560 nvraid - ok
11:02:25.0050 4560 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:02:25.0065 4560 nvstor - ok
11:02:25.0085 4560 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:02:25.0102 4560 nv_agp - ok
11:02:25.0107 4560 NwlnkFlt - ok
11:02:25.0115 4560 NwlnkFwd - ok
11:02:25.0189 4560 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:02:25.0258 4560 ohci1394 - ok
11:02:25.0387 4560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:02:25.0402 4560 ose - ok
11:02:25.0648 4560 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:02:25.0866 4560 osppsvc - ok
11:02:26.0146 4560 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:02:26.0201 4560 p2pimsvc - ok
11:02:26.0215 4560 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:02:26.0314 4560 p2psvc - ok
11:02:26.0391 4560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:02:26.0477 4560 Parport - ok
11:02:26.0505 4560 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
11:02:26.0520 4560 partmgr - ok
11:02:26.0537 4560 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:02:26.0633 4560 Parvdm - ok
11:02:26.0675 4560 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:02:26.0717 4560 PcaSvc - ok
11:02:26.0744 4560 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
11:02:26.0762 4560 pci - ok
11:02:26.0791 4560 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
11:02:26.0806 4560 pciide - ok
11:02:26.0842 4560 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:02:26.0859 4560 pcmcia - ok
11:02:26.0966 4560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:02:27.0057 4560 PEAUTH - ok
11:02:27.0122 4560 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys
11:02:27.0151 4560 PGEffect - ok
11:02:27.0236 4560 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:02:27.0333 4560 pla - ok
11:02:27.0446 4560 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
11:02:27.0510 4560 PlugPlay - ok
11:02:27.0600 4560 PMCF (dffa8a407ad703853fb3253db953c20c) C:\Windows\system32\drivers\PMCF.sys
11:02:27.0609 4560 PMCF - ok
11:02:27.0654 4560 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
11:02:27.0685 4560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:02:27.0685 4560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:02:27.0752 4560 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:02:27.0785 4560 PNRPAutoReg - ok
11:02:27.0797 4560 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
11:02:27.0832 4560 PNRPsvc - ok
11:02:27.0881 4560 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
11:02:27.0932 4560 PolicyAgent - ok
11:02:27.0976 4560 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:02:28.0019 4560 PptpMiniport - ok
11:02:28.0051 4560 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:02:28.0088 4560 Processor - ok
11:02:28.0122 4560 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
11:02:28.0180 4560 ProfSvc - ok
11:02:28.0226 4560 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:02:28.0241 4560 ProtectedStorage - ok
11:02:28.0281 4560 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
11:02:28.0345 4560 PSched - ok
11:02:28.0386 4560 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
11:02:28.0393 4560 PSI - ok
11:02:28.0439 4560 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
11:02:28.0446 4560 PxHelp20 - ok
11:02:28.0501 4560 qcfilterTSH (10a7821507b0eec4aa1453682a24cbc1) C:\Windows\system32\DRIVERS\qcfilterTSH.sys
11:02:28.0554 4560 qcfilterTSH - ok
11:02:28.0584 4560 qcusbnetTSH (848600b136b84442592c1c2bc895f956) C:\Windows\system32\DRIVERS\qcusbnetTSH.sys
11:02:28.0644 4560 qcusbnetTSH - ok
11:02:28.0680 4560 qcusbserTSH (b24f6e60ec594a6c3796b764bcb2ef13) C:\Windows\system32\DRIVERS\qcusbserTSH.sys
11:02:28.0690 4560 qcusbserTSH - ok
11:02:28.0711 4560 QDLService (a8bdbb2e1fa2e5e8eb7d4c4457b79cdd) C:\QUALCOMM\QDLService\QDLService.exe
11:02:28.0723 4560 QDLService - ok
11:02:28.0822 4560 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:02:28.0923 4560 ql2300 - ok
11:02:28.0979 4560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:02:28.0991 4560 ql40xx - ok
11:02:29.0042 4560 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:02:29.0088 4560 QWAVE - ok
11:02:29.0122 4560 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:02:29.0168 4560 QWAVEdrv - ok
11:02:29.0191 4560 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:02:29.0295 4560 RasAcd - ok
11:02:29.0338 4560 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:02:29.0380 4560 RasAuto - ok
11:02:29.0410 4560 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:02:29.0467 4560 Rasl2tp - ok
11:02:29.0519 4560 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
11:02:29.0564 4560 RasMan - ok
11:02:29.0583 4560 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
11:02:29.0621 4560 RasPppoe - ok
11:02:29.0657 4560 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
11:02:29.0698 4560 RasSstp - ok
11:02:29.0718 4560 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
11:02:29.0785 4560 rdbss - ok
11:02:29.0809 4560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:02:29.0871 4560 RDPCDD - ok
11:02:29.0920 4560 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:02:29.0962 4560 rdpdr - ok
11:02:29.0968 4560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:02:30.0029 4560 RDPENCDD - ok
11:02:30.0066 4560 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
11:02:30.0126 4560 RDPWD - ok
11:02:30.0274 4560 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:02:30.0329 4560 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
11:02:30.0330 4560 RegSrvc - detected UnsignedFile.Multi.Generic (1)
11:02:30.0388 4560 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:02:30.0429 4560 RemoteAccess - ok
11:02:30.0465 4560 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
11:02:30.0502 4560 RemoteRegistry - ok
11:02:30.0561 4560 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\Windows\system32\DRIVERS\rimspe86.sys
11:02:30.0621 4560 rimspci - ok
11:02:30.0645 4560 RimUsb - ok
11:02:30.0688 4560 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
11:02:30.0710 4560 RimVSerPort - ok
11:02:30.0746 4560 rixdpcie (0eb91c79a5247941341bbfb50ca3bb6c) C:\Windows\system32\DRIVERS\rixdpe86.sys
11:02:30.0773 4560 rixdpcie - ok
11:02:30.0806 4560 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
11:02:30.0857 4560 ROOTMODEM - ok
11:02:30.0894 4560 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:02:30.0931 4560 RpcLocator - ok
11:02:31.0024 4560 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
11:02:31.0049 4560 RpcSs - ok
11:02:31.0166 4560 RSELSVC - ok
11:02:31.0190 4560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:02:31.0219 4560 rspndr - ok
11:02:31.0265 4560 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:02:31.0344 4560 RTL8169 - ok
11:02:31.0382 4560 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
11:02:31.0397 4560 SamSs - ok
11:02:31.0439 4560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:02:31.0450 4560 sbp2port - ok
11:02:31.0495 4560 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
11:02:31.0557 4560 SCardSvr - ok
11:02:31.0628 4560 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
11:02:31.0656 4560 Schedule - ok
11:02:31.0698 4560 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
11:02:31.0736 4560 SCPolicySvc - ok
11:02:31.0765 4560 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:02:31.0805 4560 sdbus - ok
11:02:31.0834 4560 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:02:31.0857 4560 SDRSVC - ok
11:02:31.0905 4560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:02:31.0977 4560 secdrv - ok
11:02:32.0006 4560 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:02:32.0037 4560 seclogon - ok
11:02:32.0242 4560 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
11:02:32.0313 4560 Secunia PSI Agent - ok
11:02:32.0415 4560 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
11:02:32.0428 4560 Secunia Update Agent - ok
11:02:32.0614 4560 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:02:32.0639 4560 SENS - ok
11:02:32.0681 4560 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:02:32.0752 4560 Serenum - ok
11:02:32.0779 4560 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:02:32.0850 4560 Serial - ok
11:02:32.0892 4560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:02:32.0921 4560 sermouse - ok
11:02:32.0973 4560 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:02:33.0033 4560 SessionEnv - ok
11:02:33.0061 4560 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
11:02:33.0083 4560 sffdisk - ok
11:02:33.0106 4560 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:02:33.0156 4560 sffp_mmc - ok
11:02:33.0181 4560 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:02:33.0204 4560 sffp_sd - ok
11:02:33.0224 4560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:02:33.0287 4560 sfloppy - ok
11:02:33.0333 4560 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:02:33.0383 4560 SharedAccess - ok
11:02:33.0438 4560 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
11:02:33.0454 4560 ShellHWDetection - ok
11:02:33.0500 4560 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:02:33.0509 4560 sisagp - ok
11:02:33.0527 4560 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:02:33.0536 4560 SiSRaid2 - ok
11:02:33.0563 4560 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:02:33.0572 4560 SiSRaid4 - ok
11:02:33.0663 4560 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
11:02:33.0673 4560 SkypeUpdate - ok
11:02:33.0806 4560 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
11:02:34.0015 4560 slsvc - ok
11:02:34.0153 4560 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
11:02:34.0231 4560 SLUINotify - ok
11:02:34.0302 4560 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
11:02:34.0366 4560 Smb - ok
11:02:34.0411 4560 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:02:34.0431 4560 SNMPTRAP - ok
11:02:34.0460 4560 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:02:34.0474 4560 spldr - ok
11:02:34.0520 4560 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
11:02:34.0538 4560 Spooler - ok
11:02:34.0593 4560 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
11:02:34.0650 4560 srv - ok
11:02:34.0708 4560 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
11:02:34.0767 4560 srv2 - ok
11:02:34.0788 4560 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
11:02:34.0825 4560 srvnet - ok
11:02:34.0874 4560 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:02:34.0936 4560 SSDPSRV - ok
11:02:34.0971 4560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:02:34.0982 4560 ssmdrv - ok
11:02:35.0021 4560 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:02:35.0044 4560 SstpSvc - ok
11:02:35.0108 4560 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
11:02:35.0141 4560 stisvc - ok
11:02:35.0172 4560 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
11:02:35.0186 4560 swenum - ok
11:02:35.0213 4560 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
11:02:35.0260 4560 swprv - ok
11:02:35.0285 4560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:02:35.0299 4560 Symc8xx - ok
11:02:35.0323 4560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:02:35.0337 4560 Sym_hi - ok
11:02:35.0373 4560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:02:35.0387 4560 Sym_u3 - ok
11:02:35.0451 4560 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
11:02:35.0504 4560 SysMain - ok
11:02:35.0524 4560 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:02:35.0574 4560 TabletInputService - ok
11:02:35.0622 4560 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
11:02:35.0689 4560 TapiSrv - ok
11:02:35.0717 4560 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:02:35.0784 4560 TBS - ok
11:02:35.0942 4560 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
11:02:35.0987 4560 Tcpip - ok
11:02:36.0003 4560 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
11:02:36.0044 4560 Tcpip6 - ok
11:02:36.0110 4560 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
11:02:36.0172 4560 tcpipreg - ok
11:02:36.0221 4560 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:02:36.0233 4560 tdcmdpst - ok
11:02:36.0265 4560 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:02:36.0322 4560 TDPIPE - ok
11:02:36.0349 4560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:02:36.0388 4560 TDTCP - ok
11:02:36.0412 4560 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
11:02:36.0474 4560 tdx - ok
11:02:36.0513 4560 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
11:02:36.0525 4560 TermDD - ok
11:02:36.0571 4560 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
11:02:36.0611 4560 TermService - ok
11:02:36.0650 4560 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
11:02:36.0670 4560 Themes - ok
11:02:36.0730 4560 Thpdrv (ea15a18dcf3b34d590bc8843d3611ea5) C:\Windows\system32\DRIVERS\thpdrv.sys
11:02:36.0736 4560 Thpdrv - ok
11:02:36.0752 4560 Thpevm (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS
11:02:36.0758 4560 Thpevm - ok
11:02:36.0787 4560 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\Windows\system32\ThpSrv.exe
11:02:36.0804 4560 Thpsrv - ok
11:02:36.0827 4560 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:02:36.0851 4560 THREADORDER - ok
11:02:36.0877 4560 THREADORDER32 - ok
11:02:36.0979 4560 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
11:02:36.0987 4560 TNaviSrv - ok
11:02:37.0036 4560 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
11:02:37.0045 4560 TODDSrv - ok
11:02:37.0109 4560 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:02:37.0161 4560 TosCoSrv - ok
11:02:37.0193 4560 TOSHIBA eco Utility Service (9d1c30ce9f1a8488d5d9102c0820743d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:02:37.0198 4560 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning
11:02:37.0198 4560 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)
11:02:37.0275 4560 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:02:37.0279 4560 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning
11:02:37.0280 4560 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)
11:02:37.0382 4560 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
11:02:37.0394 4560 tos_sps32 - ok
11:02:37.0466 4560 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:02:37.0492 4560 TrkWks - ok
11:02:37.0568 4560 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
11:02:37.0597 4560 TrustedInstaller - ok
11:02:37.0633 4560 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:02:37.0690 4560 tssecsrv - ok
11:02:37.0729 4560 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:02:37.0744 4560 tunmp - ok
11:02:37.0759 4560 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
11:02:37.0774 4560 tunnel - ok
11:02:37.0805 4560 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:02:37.0813 4560 TVALZ - ok
11:02:37.0852 4560 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:02:37.0863 4560 uagp35 - ok
11:02:37.0903 4560 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
11:02:37.0948 4560 udfs - ok
11:02:37.0994 4560 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:02:38.0056 4560 UI0Detect - ok
11:02:38.0100 4560 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:02:38.0116 4560 uliagpkx - ok
11:02:38.0150 4560 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:02:38.0170 4560 uliahci - ok
11:02:38.0184 4560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:02:38.0196 4560 UlSata - ok
11:02:38.0251 4560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:02:38.0263 4560 ulsata2 - ok
11:02:38.0296 4560 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:02:38.0345 4560 umbus - ok
11:02:38.0386 4560 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:02:38.0424 4560 upnphost - ok
11:02:38.0506 4560 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:02:38.0528 4560 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
11:02:38.0528 4560 USBAAPL - detected UnsignedFile.Multi.Generic (1)
11:02:38.0571 4560 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
11:02:38.0601 4560 usbaudio - ok
11:02:38.0647 4560 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
11:02:38.0712 4560 usbccgp - ok
11:02:38.0741 4560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:02:38.0808 4560 usbcir - ok
11:02:38.0840 4560 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
11:02:38.0884 4560 usbehci - ok
11:02:38.0933 4560 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
11:02:38.0945 4560 usbhub - ok
11:02:38.0962 4560 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:02:39.0003 4560 usbohci - ok
11:02:39.0032 4560 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:02:39.0054 4560 usbprint - ok
11:02:39.0078 4560 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:02:39.0123 4560 usbscan - ok
11:02:39.0175 4560 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:02:39.0198 4560 USBSTOR - ok
11:02:39.0207 4560 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys
11:02:39.0241 4560 usbuhci - ok
11:02:39.0309 4560 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:02:39.0358 4560 usbvideo - ok
11:02:39.0398 4560 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
11:02:39.0430 4560 UxSms - ok
11:02:39.0459 4560 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
11:02:39.0495 4560 vds - ok
11:02:39.0537 4560 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:02:39.0573 4560 vga - ok
11:02:39.0602 4560 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:02:39.0652 4560 VgaSave - ok
11:02:39.0673 4560 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:02:39.0681 4560 viaagp - ok
11:02:39.0698 4560 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:02:39.0721 4560 ViaC7 - ok
11:02:39.0755 4560 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:02:39.0763 4560 viaide - ok
11:02:39.0780 4560 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
11:02:39.0789 4560 volmgr - ok
11:02:39.0812 4560 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
11:02:39.0825 4560 volmgrx - ok
11:02:39.0860 4560 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
11:02:39.0872 4560 volsnap - ok
11:02:39.0918 4560 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:02:39.0928 4560 vsmraid - ok
11:02:39.0998 4560 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
11:02:40.0136 4560 VSS - ok
11:02:40.0180 4560 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
11:02:40.0238 4560 W32Time - ok
11:02:40.0313 4560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:02:40.0408 4560 WacomPen - ok
11:02:40.0441 4560 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:02:40.0471 4560 Wanarp - ok
11:02:40.0476 4560 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:02:40.0508 4560 Wanarpv6 - ok
11:02:40.0557 4560 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
11:02:40.0617 4560 wcncsvc - ok
11:02:40.0647 4560 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:02:40.0694 4560 WcsPlugInService - ok
11:02:40.0741 4560 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:02:40.0752 4560 Wd - ok
11:02:40.0827 4560 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:02:40.0883 4560 Wdf01000 - ok
11:02:40.0917 4560 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:02:40.0975 4560 WdiServiceHost - ok
11:02:40.0979 4560 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:02:41.0012 4560 WdiSystemHost - ok
11:02:41.0046 4560 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
11:02:41.0065 4560 WebClient - ok
11:02:41.0127 4560 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:02:41.0167 4560 Wecsvc - ok
11:02:41.0209 4560 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:02:41.0256 4560 wercplsupport - ok
11:02:41.0299 4560 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
11:02:41.0312 4560 WerSvc - ok
11:02:41.0392 4560 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:02:41.0405 4560 WinDefend - ok
11:02:41.0412 4560 WinHttpAutoProxySvc - ok
11:02:41.0464 4560 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
11:02:41.0513 4560 Winmgmt - ok
11:02:41.0595 4560 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:02:41.0681 4560 WinRM - ok
11:02:41.0750 4560 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
11:02:41.0802 4560 Wlansvc - ok
11:02:41.0882 4560 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
11:02:41.0900 4560 WmiAcpi - ok
11:02:41.0958 4560 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
11:02:42.0011 4560 wmiApSrv - ok
11:02:42.0150 4560 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:02:42.0215 4560 WMPNetworkSvc - ok
11:02:42.0257 4560 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
11:02:42.0270 4560 WPCSvc - ok
11:02:42.0289 4560 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
11:02:42.0316 4560 WPDBusEnum - ok
11:02:42.0400 4560 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:02:42.0434 4560 WpdUsb - ok
11:02:42.0666 4560 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:02:42.0694 4560 WPFFontCache_v0400 - ok
11:02:42.0733 4560 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:02:42.0756 4560 ws2ifsl - ok
11:02:42.0791 4560 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
11:02:42.0804 4560 wscsvc - ok
11:02:42.0808 4560 WSearch - ok
11:02:42.0929 4560 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
11:02:43.0023 4560 wuauserv - ok
11:02:43.0173 4560 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:02:43.0203 4560 WUDFRd - ok
11:02:43.0232 4560 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:02:43.0265 4560 wudfsvc - ok
11:02:43.0291 4560 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:02:44.0240 4560 \Device\Harddisk0\DR0 - ok
11:02:44.0278 4560 Boot (0x1200) (73080fe18bae5e781528fa50fd654e61) \Device\Harddisk0\DR0\Partition0
11:02:44.0280 4560 \Device\Harddisk0\DR0\Partition0 - ok
11:02:44.0280 4560 ============================================================
11:02:44.0280 4560 Scan finished
11:02:44.0280 4560 ============================================================
11:02:44.0299 0580 Detected object count: 10
11:02:44.0299 0580 Actual detected object count: 10
11:04:26.0101 0580 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0101 0580 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0104 0580 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0104 0580 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0107 0580 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0107 0580 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0110 0580 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0110 0580 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0113 0580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0113 0580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0115 0580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0115 0580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0118 0580 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0118 0580 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0123 0580 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0123 0580 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0124 0580 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0124 0580 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:26.0127 0580 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:26.0127 0580 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

#5 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 29 April 2012 - 02:00 PM

Hold on. Your system may well have a hidden bootkit. Do NOT use this system for anything at all, other than to access thif forum or the sites I guide you to.
There's a hidden 3rd partition on your disk that is suspicious. And needs some checking.

Make sure you have no external drives attached, nor any USB drives inserted, or any CD or DVD.

The fixes in this Topic are for this system only :excl:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

NEXT: Step 2
Please download Listparts
Right click on the exe to Run the tool, click Scan and post the log (Result.txt) it makes.

Copy & Paste Result.txt for my review.

Step 3
Delete the copy of TDSSKILLER.exe & get the latest version.
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4
Re-enable your antivirus program.

Reply with copy of Result.txt and the latest TDSSKILLER log

Maurice Naggar
Consumer Support Specialist

#6 effa

Regular Member

Honorary Members
53 posts

Posted 30 April 2012 - 08:51 AM

Hi Maurice Naggar,

Just some small questions to make sure I am doing everything right, before I get started for real. This is my husband's computer I am dealing with and we are not using the same antivirus and firewall, so I quickly want to make sure I switch everything on/off in an appropriate way.

The Avira Free Antivirus gives the impression that "Internet protection" is on and working well, but since I cannot click on firewall or any of the other options, I assume that it does NOT include a firewall. That being said, I see that Windows Security Center seems to offer a firewall on this computer, but that it is switched off. Do I switch this firewall on?
Besides that, he quickly made some backups on DVD and cleaned up/reorganized some data folders (being well aware that those DVDs might be infected) before I could start with the new steps you sent. I hope that this doesn't cause harm to the strategy you propose. I guess not, but I just wanted to double check.

Thanks,
Effa

#7 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 30 April 2012 - 10:32 AM

Hello effa,

Avira Free does not include a software firewall. While I did not ask you to touch the firewall (jsut only turn off temporarily the antivirus), the Windows firewall should be on. So turn it on if it is off.
But please do all you can to do as much as possible of what I had listed before.

Tell your husband and all users of pc, to consider that this pc is in quarantine until such time as we are all done.
That means no websurfing, no online banking or purchasing or shopping; and most especially, no changes to system whilst we are in the hunt to find & clean out pests, infection, etc.
I should probably know what "he" cleaned/reorganized.

Maurice Naggar
Consumer Support Specialist

#8 effa

Regular Member

Honorary Members
53 posts

Posted 30 April 2012 - 11:15 AM

Hi Maurice Naggar,

When I download Rkill, using the first link, and choose to save it to my desktop (instead of choosing to run it immediately), then Rkill.com is saved to the desktop. When,however, I right-click on the Rkill desktop icon, I cannot choose "run as admin", but I can only choose to "open" (besides deleting, scanning, etc.).

In the "download complete" window, I can choose to run, but then I am not sure if it runs as admin.

What to do best?

#9 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 30 April 2012 - 11:42 AM

When you download, you make sure to SAVE it first. To the Desktop.
AFTER the download completes (totally), you can choose 2 ways:
a) Close the browser. Exit Internet Explorer.
Go to your desktop and then start the tool. If on Windows XP, double click to start.
If on Vista or 7, do a Right click and select Run as Administrator.

OR
b) when download completes (totally), click on Open Folder button. It will open a window, with the tool selected.
Start the tool from there.

Maurice Naggar
Consumer Support Specialist

#10 effa

Regular Member

Honorary Members
53 posts

Posted 30 April 2012 - 01:33 PM

You can find the Listparts and TDSKiller logs below.

Result.txt

ListParts by Farbar Version: 12-03-2012 03
Ran by Carl (administrator) on 30-04-2012 at 14:14:27
Windows Vista (X86)
Running From: C:\Users\Carl\Desktop
Language: 0409
************************************************************

========================= Memory info ======================
Percentage of memory in use: 44%
Total physical RAM: 3034.42 MB
Available physical RAM: 1692.44 MB
Total Pagefile: 6273.13 MB
Available Pagefile: 4846.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.81 MB
======================= Partitions =========================
1 Drive c: (TI100576V0G) (Fixed) (Total:138.28 GB) (Free:60.56 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 1500 MB 1024 KB
Partition 2 Primary 138 GB 1501 MB
Partition 3 Primary 9 GB 140 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI100576V0G NTFS Partition 138 GB Healthy System (partition with boot components)
======================================================================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
======================================================================================================
****** End Of Log ******

TDSSKiller:

14:19:11.0264 5292 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
14:19:11.0482 5292 ============================================================
14:19:11.0482 5292 Current date / time: 2012/04/30 14:19:11.0482
14:19:11.0482 5292 SystemInfo:
14:19:11.0482 5292
14:19:11.0482 5292 OS Version: 6.0.6001 ServicePack: 1.0
14:19:11.0482 5292 Product type: Workstation
14:19:11.0482 5292 ComputerName: CARL-NOTEBOOK
14:19:11.0482 5292 UserName: Carl
14:19:11.0482 5292 Windows directory: C:\Windows
14:19:11.0482 5292 System windows directory: C:\Windows
14:19:11.0482 5292 Processor architecture: Intel x86
14:19:11.0482 5292 Number of processors: 2
14:19:11.0482 5292 Page size: 0x1000
14:19:11.0482 5292 Boot type: Normal boot
14:19:11.0482 5292 ============================================================
14:19:11.0919 5292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:19:11.0919 5292 ============================================================
14:19:11.0919 5292 \Device\Harddisk0\DR0:
14:19:11.0919 5292 MBR partitions:
14:19:11.0919 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1148E800
14:19:11.0919 5292 ============================================================
14:19:11.0950 5292 C: <-> \Device\Harddisk0\DR0\Partition0
14:19:11.0950 5292 ============================================================
14:19:11.0950 5292 Initialize success
14:19:11.0950 5292 ============================================================
14:19:52.0931 2484 ============================================================
14:19:52.0931 2484 Scan started
14:19:52.0931 2484 Mode: Manual;
14:19:52.0931 2484 ============================================================
14:19:53.0571 2484 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
14:19:53.0587 2484 ACPI - ok
14:19:53.0727 2484 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:19:53.0743 2484 AdobeFlashPlayerUpdateSvc - ok
14:19:53.0836 2484 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:19:53.0836 2484 adp94xx - ok
14:19:53.0883 2484 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:19:53.0883 2484 adpahci - ok
14:19:53.0899 2484 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:19:53.0899 2484 adpu160m - ok
14:19:53.0930 2484 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:19:53.0930 2484 adpu320 - ok
14:19:53.0961 2484 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:19:53.0961 2484 AeLookupSvc - ok
14:19:54.0055 2484 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
14:19:54.0055 2484 AFD - ok
14:19:54.0101 2484 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
14:19:54.0101 2484 AgereModemAudio - ok
14:19:54.0195 2484 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:19:54.0211 2484 AgereSoftModem - ok
14:19:54.0242 2484 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:19:54.0242 2484 agp440 - ok
14:19:54.0289 2484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:19:54.0289 2484 aic78xx - ok
14:19:54.0335 2484 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:19:54.0335 2484 ALG - ok
14:19:54.0382 2484 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:19:54.0382 2484 aliide - ok
14:19:54.0413 2484 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:19:54.0413 2484 amdagp - ok
14:19:54.0445 2484 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:19:54.0445 2484 amdide - ok
14:19:54.0460 2484 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:19:54.0460 2484 AmdK7 - ok
14:19:54.0507 2484 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:19:54.0523 2484 AmdK8 - ok
14:19:54.0725 2484 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:19:54.0725 2484 AntiVirSchedulerService - ok
14:19:54.0819 2484 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:19:54.0819 2484 AntiVirService - ok
14:19:54.0913 2484 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:19:54.0913 2484 ApfiltrService - ok
14:19:54.0975 2484 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:19:54.0975 2484 Appinfo - ok
14:19:55.0115 2484 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:19:55.0115 2484 Apple Mobile Device - ok
14:19:55.0162 2484 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:19:55.0162 2484 arc - ok
14:19:55.0193 2484 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:19:55.0193 2484 arcsas - ok
14:19:55.0225 2484 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:55.0225 2484 AsyncMac - ok
14:19:55.0256 2484 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
14:19:55.0256 2484 atapi - ok
14:19:55.0318 2484 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:19:55.0334 2484 AudioEndpointBuilder - ok
14:19:55.0334 2484 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
14:19:55.0334 2484 Audiosrv - ok
14:19:55.0412 2484 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
14:19:55.0427 2484 avgntflt - ok
14:19:55.0490 2484 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
14:19:55.0490 2484 avipbb - ok
14:19:55.0505 2484 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
14:19:55.0505 2484 avkmgr - ok
14:19:55.0568 2484 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:19:55.0568 2484 Beep - ok
14:19:55.0708 2484 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
14:19:55.0708 2484 BFE - ok
14:19:55.0833 2484 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
14:19:55.0849 2484 BITS - ok
14:19:55.0911 2484 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:19:55.0911 2484 blbdrive - ok
14:19:56.0067 2484 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:19:56.0067 2484 Bonjour Service - ok
14:19:56.0129 2484 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
14:19:56.0129 2484 bowser - ok
14:19:56.0192 2484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:19:56.0192 2484 BrFiltLo - ok
14:19:56.0207 2484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:19:56.0207 2484 BrFiltUp - ok
14:19:56.0239 2484 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:19:56.0239 2484 Browser - ok
14:19:56.0301 2484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:19:56.0317 2484 Brserid - ok
14:19:56.0348 2484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:19:56.0348 2484 BrSerWdm - ok
14:19:56.0379 2484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:19:56.0379 2484 BrUsbMdm - ok
14:19:56.0395 2484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:19:56.0395 2484 BrUsbSer - ok
14:19:56.0426 2484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:19:56.0441 2484 BTHMODEM - ok
14:19:56.0488 2484 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
14:19:56.0488 2484 BVRPMPR5 - ok
14:19:56.0566 2484 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
14:19:56.0566 2484 camsvc - ok
14:19:56.0613 2484 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:19:56.0613 2484 cdfs - ok
14:19:56.0675 2484 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
14:19:56.0675 2484 cdrom - ok
14:19:56.0707 2484 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:19:56.0707 2484 CertPropSvc - ok
14:19:56.0738 2484 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:19:56.0738 2484 circlass - ok
14:19:56.0769 2484 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
14:19:56.0769 2484 CLFS - ok
14:19:56.0831 2484 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:19:56.0831 2484 clr_optimization_v2.0.50727_32 - ok
14:19:56.0956 2484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:19:56.0956 2484 clr_optimization_v4.0.30319_32 - ok
14:19:57.0019 2484 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:19:57.0019 2484 CmBatt - ok
14:19:57.0034 2484 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:19:57.0034 2484 cmdide - ok
14:19:57.0050 2484 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:19:57.0050 2484 Compbatt - ok
14:19:57.0050 2484 COMSysApp - ok
14:19:57.0112 2484 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:19:57.0112 2484 ConfigFree Service - ok
14:19:57.0159 2484 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:19:57.0159 2484 crcdisk - ok
14:19:57.0175 2484 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:19:57.0175 2484 Crusoe - ok
14:19:57.0237 2484 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
14:19:57.0237 2484 CryptSvc - ok
14:19:57.0299 2484 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
14:19:57.0315 2484 DcomLaunch - ok
14:19:57.0377 2484 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
14:19:57.0377 2484 DfsC - ok
14:19:57.0502 2484 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
14:19:57.0533 2484 DFSR - ok
14:19:57.0643 2484 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
14:19:57.0658 2484 Dhcp - ok
14:19:57.0736 2484 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
14:19:57.0736 2484 disk - ok
14:19:57.0767 2484 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
14:19:57.0783 2484 Dnscache - ok
14:19:57.0814 2484 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
14:19:57.0814 2484 dot3svc - ok
14:19:57.0877 2484 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:19:57.0877 2484 Dot4 - ok
14:19:57.0908 2484 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:19:57.0908 2484 Dot4Print - ok
14:19:57.0939 2484 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:19:57.0939 2484 dot4usb - ok
14:19:57.0986 2484 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:19:57.0986 2484 DPS - ok
14:19:58.0017 2484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:19:58.0017 2484 drmkaud - ok
14:19:58.0048 2484 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
14:19:58.0064 2484 DXGKrnl - ok
14:19:58.0126 2484 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:19:58.0126 2484 E1G60 - ok
14:19:58.0173 2484 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:19:58.0173 2484 EapHost - ok
14:19:58.0220 2484 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
14:19:58.0220 2484 Ecache - ok
14:19:58.0298 2484 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe
14:19:58.0298 2484 ehRecvr - ok
14:19:58.0313 2484 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe
14:19:58.0313 2484 ehSched - ok
14:19:58.0329 2484 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll
14:19:58.0329 2484 ehstart - ok
14:19:58.0391 2484 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:19:58.0391 2484 elxstor - ok
14:19:58.0454 2484 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
14:19:58.0454 2484 EMDMgmt - ok
14:19:58.0516 2484 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:19:58.0516 2484 ErrDev - ok
14:19:58.0594 2484 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
14:19:58.0594 2484 EventSystem - ok
14:19:58.0735 2484 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:19:58.0735 2484 EvtEng - ok
14:19:58.0781 2484 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
14:19:58.0781 2484 exfat - ok
14:19:58.0813 2484 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
14:19:58.0828 2484 fastfat - ok
14:19:58.0859 2484 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:19:58.0859 2484 fdc - ok
14:19:58.0906 2484 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:19:58.0906 2484 fdPHost - ok
14:19:58.0922 2484 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:19:58.0922 2484 FDResPub - ok
14:19:58.0953 2484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:19:58.0953 2484 FileInfo - ok
14:19:58.0984 2484 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:19:58.0984 2484 Filetrace - ok
14:19:59.0031 2484 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:19:59.0031 2484 flpydisk - ok
14:19:59.0047 2484 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
14:19:59.0047 2484 FltMgr - ok
14:19:59.0125 2484 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:19:59.0125 2484 FontCache3.0.0.0 - ok
14:19:59.0171 2484 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:19:59.0171 2484 Fs_Rec - ok
14:19:59.0187 2484 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:19:59.0187 2484 gagp30kx - ok
14:19:59.0296 2484 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
14:19:59.0296 2484 GameConsoleService - ok
14:19:59.0343 2484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:19:59.0343 2484 GEARAspiWDM - ok
14:19:59.0452 2484 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
14:19:59.0499 2484 gpsvc - ok
14:19:59.0608 2484 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:19:59.0608 2484 gupdate - ok
14:19:59.0655 2484 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:19:59.0655 2484 gupdatem - ok
14:19:59.0717 2484 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:19:59.0717 2484 gusvc - ok
14:19:59.0764 2484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:19:59.0780 2484 HdAudAddService - ok
14:19:59.0795 2484 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:19:59.0795 2484 HDAudBus - ok
14:19:59.0827 2484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:19:59.0827 2484 HidBth - ok
14:19:59.0858 2484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:19:59.0858 2484 HidIr - ok
14:19:59.0889 2484 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
14:19:59.0889 2484 hidserv - ok
14:19:59.0889 2484 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
14:19:59.0889 2484 HidUsb - ok
14:19:59.0936 2484 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:19:59.0936 2484 hkmsvc - ok
14:19:59.0983 2484 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:19:59.0983 2484 HpCISSs - ok
14:20:00.0092 2484 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
14:20:00.0107 2484 HTTP - ok
14:20:00.0123 2484 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:20:00.0123 2484 i2omp - ok
14:20:00.0185 2484 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:20:00.0185 2484 i8042prt - ok
14:20:00.0232 2484 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
14:20:00.0232 2484 iaStor - ok
14:20:00.0279 2484 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:20:00.0279 2484 iaStorV - ok
14:20:00.0404 2484 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:20:00.0404 2484 IDriverT - ok
14:20:00.0544 2484 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:20:00.0560 2484 idsvc - ok
14:20:00.0685 2484 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:20:00.0716 2484 igfx - ok
14:20:00.0825 2484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:20:00.0825 2484 iirsp - ok
14:20:00.0872 2484 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
14:20:00.0887 2484 IKEEXT - ok
14:20:01.0012 2484 IntcAzAudAddService (1dd40eb58f202880d24fc06a01cc729d) C:\Windows\system32\drivers\RTKVHDA.sys
14:20:01.0043 2484 IntcAzAudAddService - ok
14:20:01.0168 2484 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
14:20:01.0168 2484 IntcHdmiAddService - ok
14:20:01.0231 2484 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:20:01.0231 2484 intelide - ok
14:20:01.0262 2484 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:20:01.0262 2484 intelppm - ok
14:20:01.0293 2484 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:20:01.0309 2484 IPBusEnum - ok
14:20:01.0324 2484 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:20:01.0324 2484 IpFilterDriver - ok
14:20:01.0371 2484 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
14:20:01.0371 2484 iphlpsvc - ok
14:20:01.0371 2484 IpInIp - ok
14:20:01.0402 2484 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:20:01.0402 2484 IPMIDRV - ok
14:20:01.0418 2484 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:20:01.0418 2484 IPNAT - ok
14:20:01.0605 2484 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
14:20:01.0621 2484 iPod Service - ok
14:20:01.0683 2484 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:20:01.0683 2484 IRENUM - ok
14:20:01.0714 2484 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:20:01.0714 2484 isapnp - ok
14:20:01.0745 2484 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
14:20:01.0745 2484 iScsiPrt - ok
14:20:01.0761 2484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:20:01.0777 2484 iteatapi - ok
14:20:01.0823 2484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:20:01.0839 2484 iteraid - ok
14:20:01.0855 2484 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:20:01.0855 2484 kbdclass - ok
14:20:01.0870 2484 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:20:01.0870 2484 kbdhid - ok
14:20:01.0901 2484 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
14:20:01.0901 2484 KeyIso - ok
14:20:01.0933 2484 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
14:20:01.0933 2484 KSecDD - ok
14:20:02.0011 2484 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:20:02.0011 2484 KtmRm - ok
14:20:02.0057 2484 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
14:20:02.0057 2484 LanmanServer - ok
14:20:02.0104 2484 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
14:20:02.0104 2484 LanmanWorkstation - ok
14:20:02.0229 2484 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:20:02.0229 2484 LightScribeService - ok
14:20:02.0245 2484 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:20:02.0245 2484 lltdio - ok
14:20:02.0291 2484 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:20:02.0291 2484 lltdsvc - ok
14:20:02.0323 2484 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:20:02.0323 2484 lmhosts - ok
14:20:02.0354 2484 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:20:02.0354 2484 LSI_FC - ok
14:20:02.0401 2484 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:20:02.0401 2484 LSI_SAS - ok
14:20:02.0447 2484 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:20:02.0447 2484 LSI_SCSI - ok
14:20:02.0525 2484 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:20:02.0525 2484 luafv - ok
14:20:02.0557 2484 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll
14:20:02.0557 2484 Mcx2Svc - ok
14:20:02.0619 2484 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:20:02.0619 2484 megasas - ok
14:20:02.0666 2484 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:20:02.0666 2484 MegaSR - ok
14:20:02.0697 2484 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:20:02.0697 2484 MMCSS - ok
14:20:02.0728 2484 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:20:02.0728 2484 Modem - ok
14:20:02.0744 2484 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:20:02.0744 2484 monitor - ok
14:20:02.0775 2484 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:20:02.0775 2484 mouclass - ok
14:20:02.0775 2484 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:20:02.0775 2484 mouhid - ok
14:20:02.0791 2484 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:20:02.0806 2484 MountMgr - ok
14:20:02.0837 2484 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:20:02.0837 2484 mpio - ok
14:20:02.0853 2484 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:20:02.0853 2484 mpsdrv - ok
14:20:02.0884 2484 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
14:20:02.0900 2484 MpsSvc - ok
14:20:02.0915 2484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:20:02.0915 2484 Mraid35x - ok
14:20:02.0947 2484 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
14:20:02.0947 2484 MRxDAV - ok
14:20:03.0009 2484 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:20:03.0009 2484 mrxsmb - ok
14:20:03.0071 2484 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:20:03.0071 2484 mrxsmb10 - ok
14:20:03.0087 2484 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:20:03.0087 2484 mrxsmb20 - ok
14:20:03.0134 2484 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
14:20:03.0134 2484 msahci - ok
14:20:03.0321 2484 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
14:20:03.0321 2484 MSCamSvc - ok
14:20:03.0352 2484 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:20:03.0368 2484 msdsm - ok
14:20:03.0399 2484 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:20:03.0399 2484 MSDTC - ok
14:20:03.0446 2484 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:20:03.0446 2484 Msfs - ok
14:20:03.0493 2484 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
14:20:03.0524 2484 MSHUSBVideo - ok
14:20:03.0602 2484 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
14:20:03.0602 2484 msisadrv - ok
14:20:03.0649 2484 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:20:03.0649 2484 MSiSCSI - ok
14:20:03.0649 2484 msiserver - ok
14:20:03.0727 2484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:20:03.0727 2484 MSKSSRV - ok
14:20:03.0742 2484 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:20:03.0742 2484 MSPCLOCK - ok
14:20:03.0773 2484 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:20:03.0773 2484 MSPQM - ok
14:20:03.0820 2484 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
14:20:03.0820 2484 MsRPC - ok
14:20:03.0867 2484 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
14:20:03.0867 2484 mssmbios - ok
14:20:03.0914 2484 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:20:03.0914 2484 MSTEE - ok
14:20:03.0961 2484 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
14:20:03.0961 2484 Mup - ok
14:20:04.0007 2484 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
14:20:04.0023 2484 napagent - ok
14:20:04.0070 2484 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
14:20:04.0070 2484 NativeWifiP - ok
14:20:04.0132 2484 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
14:20:04.0132 2484 NDIS - ok
14:20:04.0148 2484 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:20:04.0148 2484 NdisTapi - ok
14:20:04.0163 2484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:20:04.0163 2484 Ndisuio - ok
14:20:04.0195 2484 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
14:20:04.0195 2484 NdisWan - ok
14:20:04.0210 2484 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:20:04.0226 2484 NDProxy - ok
14:20:04.0288 2484 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
14:20:04.0288 2484 Net Driver HPZ12 - ok
14:20:04.0304 2484 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:20:04.0304 2484 NetBIOS - ok
14:20:04.0351 2484 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
14:20:04.0351 2484 netbt - ok
14:20:04.0382 2484 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
14:20:04.0382 2484 Netlogon - ok
14:20:04.0413 2484 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:20:04.0429 2484 Netman - ok
14:20:04.0444 2484 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:20:04.0444 2484 netprofm - ok
14:20:04.0522 2484 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:20:04.0522 2484 NetTcpPortSharing - ok
14:20:04.0725 2484 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
14:20:04.0834 2484 NETw5v32 - ok
14:20:04.0959 2484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:20:04.0959 2484 nfrd960 - ok
14:20:05.0006 2484 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:20:05.0006 2484 NlaSvc - ok
14:20:05.0021 2484 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
14:20:05.0021 2484 Npfs - ok
14:20:05.0037 2484 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:20:05.0053 2484 nsi - ok
14:20:05.0084 2484 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:20:05.0084 2484 nsiproxy - ok
14:20:05.0131 2484 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
14:20:05.0146 2484 Ntfs - ok
14:20:05.0193 2484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:20:05.0193 2484 ntrigdigi - ok
14:20:05.0224 2484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:20:05.0224 2484 Null - ok
14:20:05.0255 2484 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:20:05.0255 2484 nvraid - ok
14:20:05.0271 2484 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:20:05.0271 2484 nvstor - ok
14:20:05.0318 2484 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:20:05.0318 2484 nv_agp - ok
14:20:05.0333 2484 NwlnkFlt - ok
14:20:05.0333 2484 NwlnkFwd - ok
14:20:05.0380 2484 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:20:05.0380 2484 ohci1394 - ok
14:20:05.0505 2484 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:20:05.0536 2484 ose - ok
14:20:05.0895 2484 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:20:06.0020 2484 osppsvc - ok
14:20:06.0145 2484 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:20:06.0145 2484 p2pimsvc - ok
14:20:06.0160 2484 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:20:06.0176 2484 p2psvc - ok
14:20:06.0238 2484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:20:06.0238 2484 Parport - ok
14:20:06.0269 2484 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
14:20:06.0269 2484 partmgr - ok
14:20:06.0285 2484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:20:06.0285 2484 Parvdm - ok
14:20:06.0316 2484 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:20:06.0332 2484 PcaSvc - ok
14:20:06.0347 2484 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
14:20:06.0347 2484 pci - ok
14:20:06.0379 2484 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
14:20:06.0379 2484 pciide - ok
14:20:06.0410 2484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:20:06.0410 2484 pcmcia - ok
14:20:06.0472 2484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:20:06.0488 2484 PEAUTH - ok
14:20:06.0566 2484 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys
14:20:06.0566 2484 PGEffect - ok
14:20:06.0706 2484 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:20:06.0737 2484 pla - ok
14:20:06.0831 2484 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
14:20:06.0847 2484 PlugPlay - ok
14:20:06.0925 2484 PMCF (dffa8a407ad703853fb3253db953c20c) C:\Windows\system32\drivers\PMCF.sys
14:20:06.0925 2484 PMCF - ok
14:20:06.0971 2484 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
14:20:06.0987 2484 Pml Driver HPZ12 - ok
14:20:07.0034 2484 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:20:07.0034 2484 PNRPAutoReg - ok
14:20:07.0049 2484 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
14:20:07.0065 2484 PNRPsvc - ok
14:20:07.0096 2484 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
14:20:07.0112 2484 PolicyAgent - ok
14:20:07.0143 2484 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:20:07.0143 2484 PptpMiniport - ok
14:20:07.0174 2484 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:20:07.0174 2484 Processor - ok
14:20:07.0205 2484 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
14:20:07.0221 2484 ProfSvc - ok
14:20:07.0252 2484 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
14:20:07.0252 2484 ProtectedStorage - ok
14:20:07.0283 2484 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
14:20:07.0283 2484 PSched - ok
14:20:07.0315 2484 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
14:20:07.0330 2484 PSI - ok
14:20:07.0377 2484 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
14:20:07.0377 2484 PxHelp20 - ok
14:20:07.0424 2484 qcfilterTSH (10a7821507b0eec4aa1453682a24cbc1) C:\Windows\system32\DRIVERS\qcfilterTSH.sys
14:20:07.0424 2484 qcfilterTSH - ok
14:20:07.0455 2484 qcusbnetTSH (848600b136b84442592c1c2bc895f956) C:\Windows\system32\DRIVERS\qcusbnetTSH.sys
14:20:07.0455 2484 qcusbnetTSH - ok
14:20:07.0471 2484 qcusbserTSH (b24f6e60ec594a6c3796b764bcb2ef13) C:\Windows\system32\DRIVERS\qcusbserTSH.sys
14:20:07.0471 2484 qcusbserTSH - ok
14:20:07.0517 2484 QDLService (a8bdbb2e1fa2e5e8eb7d4c4457b79cdd) C:\QUALCOMM\QDLService\QDLService.exe
14:20:07.0533 2484 QDLService - ok
14:20:07.0627 2484 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:20:07.0642 2484 ql2300 - ok
14:20:07.0705 2484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:20:07.0705 2484 ql40xx - ok
14:20:07.0751 2484 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:20:07.0751 2484 QWAVE - ok
14:20:07.0767 2484 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:20:07.0767 2484 QWAVEdrv - ok
14:20:07.0783 2484 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:20:07.0783 2484 RasAcd - ok
14:20:07.0814 2484 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:20:07.0814 2484 RasAuto - ok
14:20:07.0861 2484 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:20:07.0861 2484 Rasl2tp - ok
14:20:07.0876 2484 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
14:20:07.0876 2484 RasMan - ok
14:20:07.0892 2484 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
14:20:07.0892 2484 RasPppoe - ok
14:20:07.0907 2484 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
14:20:07.0923 2484 RasSstp - ok
14:20:07.0954 2484 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
14:20:07.0954 2484 rdbss - ok
14:20:07.0970 2484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:20:07.0970 2484 RDPCDD - ok
14:20:08.0001 2484 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:20:08.0001 2484 rdpdr - ok
14:20:08.0001 2484 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:20:08.0017 2484 RDPENCDD - ok
14:20:08.0063 2484 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
14:20:08.0063 2484 RDPWD - ok
14:20:08.0204 2484 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:20:08.0219 2484 RegSrvc - ok
14:20:08.0266 2484 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:20:08.0266 2484 RemoteAccess - ok
14:20:08.0297 2484 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
14:20:08.0297 2484 RemoteRegistry - ok
14:20:08.0360 2484 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\Windows\system32\DRIVERS\rimspe86.sys
14:20:08.0360 2484 rimspci - ok
14:20:08.0375 2484 RimUsb - ok
14:20:08.0422 2484 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:20:08.0422 2484 RimVSerPort - ok
14:20:08.0453 2484 rixdpcie (0eb91c79a5247941341bbfb50ca3bb6c) C:\Windows\system32\DRIVERS\rixdpe86.sys
14:20:08.0453 2484 rixdpcie - ok
14:20:08.0485 2484 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:20:08.0485 2484 ROOTMODEM - ok
14:20:08.0516 2484 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:20:08.0516 2484 RpcLocator - ok
14:20:08.0578 2484 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
14:20:08.0594 2484 RpcSs - ok
14:20:08.0672 2484 RSELSVC - ok
14:20:08.0703 2484 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:20:08.0703 2484 rspndr - ok
14:20:08.0750 2484 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:20:08.0750 2484 RTL8169 - ok
14:20:08.0781 2484 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
14:20:08.0781 2484 SamSs - ok
14:20:08.0843 2484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:20:08.0843 2484 sbp2port - ok
14:20:08.0890 2484 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
14:20:08.0890 2484 SCardSvr - ok
14:20:08.0954 2484 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
14:20:08.0969 2484 Schedule - ok
14:20:08.0985 2484 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
14:20:08.0985 2484 SCPolicySvc - ok
14:20:09.0016 2484 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:20:09.0032 2484 sdbus - ok
14:20:09.0063 2484 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:20:09.0063 2484 SDRSVC - ok
14:20:09.0078 2484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:20:09.0078 2484 secdrv - ok
14:20:09.0078 2484 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:20:09.0094 2484 seclogon - ok
14:20:09.0297 2484 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
14:20:09.0297 2484 Secunia PSI Agent - ok
14:20:09.0406 2484 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
14:20:09.0406 2484 Secunia Update Agent - ok
14:20:09.0500 2484 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
14:20:09.0515 2484 SENS - ok
14:20:09.0578 2484 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:20:09.0578 2484 Serenum - ok
14:20:09.0593 2484 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:20:09.0593 2484 Serial - ok
14:20:09.0624 2484 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:20:09.0624 2484 sermouse - ok
14:20:09.0671 2484 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:20:09.0671 2484 SessionEnv - ok
14:20:09.0702 2484 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
14:20:09.0702 2484 sffdisk - ok
14:20:09.0734 2484 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:20:09.0734 2484 sffp_mmc - ok
14:20:09.0734 2484 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:20:09.0734 2484 sffp_sd - ok
14:20:09.0765 2484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:20:09.0765 2484 sfloppy - ok
14:20:09.0827 2484 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:20:09.0827 2484 SharedAccess - ok
14:20:09.0890 2484 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
14:20:09.0890 2484 ShellHWDetection - ok
14:20:09.0952 2484 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:20:09.0952 2484 sisagp - ok
14:20:09.0983 2484 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:20:09.0983 2484 SiSRaid2 - ok
14:20:10.0014 2484 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:20:10.0030 2484 SiSRaid4 - ok
14:20:10.0139 2484 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
14:20:10.0139 2484 SkypeUpdate - ok
14:20:10.0326 2484 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
14:20:10.0389 2484 slsvc - ok
14:20:10.0482 2484 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
14:20:10.0498 2484 SLUINotify - ok
14:20:10.0545 2484 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
14:20:10.0545 2484 Smb - ok
14:20:10.0560 2484 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:20:10.0560 2484 SNMPTRAP - ok
14:20:10.0576 2484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:20:10.0576 2484 spldr - ok
14:20:10.0607 2484 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
14:20:10.0623 2484 Spooler - ok
14:20:10.0670 2484 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
14:20:10.0685 2484 srv - ok
14:20:10.0763 2484 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
14:20:10.0763 2484 srv2 - ok
14:20:10.0779 2484 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
14:20:10.0779 2484 srvnet - ok
14:20:10.0826 2484 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:20:10.0826 2484 SSDPSRV - ok
14:20:10.0857 2484 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:20:10.0857 2484 ssmdrv - ok
14:20:10.0919 2484 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:20:10.0919 2484 SstpSvc - ok
14:20:10.0982 2484 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
14:20:10.0997 2484 stisvc - ok
14:20:11.0013 2484 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
14:20:11.0013 2484 swenum - ok
14:20:11.0044 2484 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
14:20:11.0060 2484 swprv - ok
14:20:11.0075 2484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:20:11.0075 2484 Symc8xx - ok
14:20:11.0106 2484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:20:11.0106 2484 Sym_hi - ok
14:20:11.0138 2484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:20:11.0138 2484 Sym_u3 - ok
14:20:11.0216 2484 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
14:20:11.0216 2484 SysMain - ok
14:20:11.0247 2484 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:20:11.0247 2484 TabletInputService - ok
14:20:11.0278 2484 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
14:20:11.0278 2484 TapiSrv - ok
14:20:11.0294 2484 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:20:11.0294 2484 TBS - ok
14:20:11.0387 2484 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
14:20:11.0403 2484 Tcpip - ok
14:20:11.0403 2484 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
14:20:11.0418 2484 Tcpip6 - ok
14:20:11.0450 2484 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
14:20:11.0450 2484 tcpipreg - ok
14:20:11.0496 2484 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:20:11.0496 2484 tdcmdpst - ok
14:20:11.0512 2484 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:20:11.0512 2484 TDPIPE - ok
14:20:11.0528 2484 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:20:11.0528 2484 TDTCP - ok
14:20:11.0543 2484 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
14:20:11.0543 2484 tdx - ok
14:20:11.0574 2484 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
14:20:11.0590 2484 TermDD - ok
14:20:11.0637 2484 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
14:20:11.0637 2484 TermService - ok
14:20:11.0699 2484 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
14:20:11.0699 2484 Themes - ok
14:20:11.0762 2484 Thpdrv (ea15a18dcf3b34d590bc8843d3611ea5) C:\Windows\system32\DRIVERS\thpdrv.sys
14:20:11.0762 2484 Thpdrv - ok
14:20:11.0762 2484 Thpevm (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS
14:20:11.0762 2484 Thpevm - ok
14:20:11.0793 2484 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\Windows\system32\ThpSrv.exe
14:20:11.0808 2484 Thpsrv - ok
14:20:11.0840 2484 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:20:11.0840 2484 THREADORDER - ok
14:20:11.0855 2484 THREADORDER32 - ok
14:20:11.0949 2484 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:20:11.0949 2484 TNaviSrv - ok
14:20:11.0980 2484 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
14:20:11.0980 2484 TODDSrv - ok
14:20:12.0058 2484 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:20:12.0058 2484 TosCoSrv - ok
14:20:12.0089 2484 TOSHIBA eco Utility Service (9d1c30ce9f1a8488d5d9102c0820743d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
14:20:12.0089 2484 TOSHIBA eco Utility Service - ok
14:20:12.0167 2484 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:20:12.0167 2484 TOSHIBA HDD SSD Alert Service - ok
14:20:12.0261 2484 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:20:12.0261 2484 tos_sps32 - ok
14:20:12.0308 2484 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:20:12.0308 2484 TrkWks - ok
14:20:12.0354 2484 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
14:20:12.0354 2484 TrustedInstaller - ok
14:20:12.0386 2484 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:20:12.0386 2484 tssecsrv - ok
14:20:12.0432 2484 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:20:12.0432 2484 tunmp - ok
14:20:12.0464 2484 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
14:20:12.0464 2484 tunnel - ok
14:20:12.0495 2484 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:20:12.0495 2484 TVALZ - ok
14:20:12.0526 2484 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:20:12.0526 2484 uagp35 - ok
14:20:12.0557 2484 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
14:20:12.0557 2484 udfs - ok
14:20:12.0604 2484 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:20:12.0604 2484 UI0Detect - ok
14:20:12.0666 2484 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:20:12.0666 2484 uliagpkx - ok
14:20:12.0713 2484 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:20:12.0713 2484 uliahci - ok
14:20:12.0729 2484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:20:12.0729 2484 UlSata - ok
14:20:12.0760 2484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:20:12.0760 2484 ulsata2 - ok
14:20:12.0791 2484 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:20:12.0807 2484 umbus - ok
14:20:12.0838 2484 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:20:12.0838 2484 upnphost - ok
14:20:12.0900 2484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:20:12.0916 2484 USBAAPL - ok
14:20:12.0947 2484 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
14:20:12.0947 2484 usbaudio - ok
14:20:13.0010 2484 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys
14:20:13.0010 2484 usbccgp - ok
14:20:13.0025 2484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:20:13.0025 2484 usbcir - ok
14:20:13.0072 2484 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys
14:20:13.0072 2484 usbehci - ok
14:20:13.0088 2484 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys
14:20:13.0088 2484 usbhub - ok
14:20:13.0103 2484 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:20:13.0103 2484 usbohci - ok
14:20:13.0150 2484 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:20:13.0150 2484 usbprint - ok
14:20:13.0181 2484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:20:13.0181 2484 usbscan - ok
14:20:13.0228 2484 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:20:13.0228 2484 USBSTOR - ok
14:20:13.0244 2484 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys
14:20:13.0244 2484 usbuhci - ok
14:20:13.0275 2484 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:20:13.0275 2484 usbvideo - ok
14:20:13.0306 2484 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
14:20:13.0306 2484 UxSms - ok
14:20:13.0337 2484 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
14:20:13.0353 2484 vds - ok
14:20:13.0384 2484 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:20:13.0384 2484 vga - ok
14:20:13.0400 2484 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:20:13.0400 2484 VgaSave - ok
14:20:13.0431 2484 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:20:13.0431 2484 viaagp - ok
14:20:13.0446 2484 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:20:13.0446 2484 ViaC7 - ok
14:20:13.0462 2484 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:20:13.0462 2484 viaide - ok
14:20:13.0509 2484 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
14:20:13.0509 2484 volmgr - ok
14:20:13.0524 2484 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
14:20:13.0524 2484 volmgrx - ok
14:20:13.0556 2484 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
14:20:13.0556 2484 volsnap - ok
14:20:13.0571 2484 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:20:13.0571 2484 vsmraid - ok
14:20:13.0649 2484 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
14:20:13.0665 2484 VSS - ok
14:20:13.0712 2484 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
14:20:13.0712 2484 W32Time - ok
14:20:13.0805 2484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:20:13.0805 2484 WacomPen - ok
14:20:13.0836 2484 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:13.0836 2484 Wanarp - ok
14:20:13.0852 2484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:13.0852 2484 Wanarpv6 - ok
14:20:13.0899 2484 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
14:20:13.0914 2484 wcncsvc - ok
14:20:13.0930 2484 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:20:13.0930 2484 WcsPlugInService - ok
14:20:13.0961 2484 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:20:13.0961 2484 Wd - ok
14:20:14.0039 2484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:20:14.0039 2484 Wdf01000 - ok
14:20:14.0070 2484 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:20:14.0070 2484 WdiServiceHost - ok
14:20:14.0086 2484 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:20:14.0086 2484 WdiSystemHost - ok
14:20:14.0102 2484 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
14:20:14.0102 2484 WebClient - ok
14:20:14.0164 2484 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:20:14.0164 2484 Wecsvc - ok
14:20:14.0195 2484 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:20:14.0211 2484 wercplsupport - ok
14:20:14.0258 2484 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
14:20:14.0258 2484 WerSvc - ok
14:20:14.0336 2484 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:20:14.0336 2484 WinDefend - ok
14:20:14.0351 2484 WinHttpAutoProxySvc - ok
14:20:14.0398 2484 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
14:20:14.0398 2484 Winmgmt - ok
14:20:14.0507 2484 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:20:14.0523 2484 WinRM - ok
14:20:14.0585 2484 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
14:20:14.0601 2484 Wlansvc - ok
14:20:14.0710 2484 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:20:14.0710 2484 WmiAcpi - ok
14:20:14.0772 2484 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
14:20:14.0772 2484 wmiApSrv - ok
14:20:14.0913 2484 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:20:14.0913 2484 WMPNetworkSvc - ok
14:20:14.0975 2484 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
14:20:14.0991 2484 WPCSvc - ok
14:20:15.0006 2484 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
14:20:15.0006 2484 WPDBusEnum - ok
14:20:15.0100 2484 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
14:20:15.0100 2484 WpdUsb - ok
14:20:15.0334 2484 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:20:15.0350 2484 WPFFontCache_v0400 - ok
14:20:15.0381 2484 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:20:15.0381 2484 ws2ifsl - ok
14:20:15.0412 2484 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
14:20:15.0428 2484 wscsvc - ok
14:20:15.0428 2484 WSearch - ok
14:20:15.0552 2484 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:20:15.0584 2484 wuauserv - ok
14:20:15.0693 2484 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:20:15.0708 2484 WUDFRd - ok
14:20:15.0755 2484 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:20:15.0755 2484 wudfsvc - ok
14:20:15.0786 2484 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:20:15.0849 2484 \Device\Harddisk0\DR0 - ok
14:20:15.0849 2484 Boot (0x1200) (73080fe18bae5e781528fa50fd654e61) \Device\Harddisk0\DR0\Partition0
14:20:15.0849 2484 \Device\Harddisk0\DR0\Partition0 - ok
14:20:15.0849 2484 ============================================================
14:20:15.0849 2484 Scan finished
14:20:15.0849 2484 ============================================================
14:20:15.0864 3196 Detected object count: 0
14:20:15.0864 3196 Actual detected object count: 0

#11 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 30 April 2012 - 02:02 PM

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Go slow and careful. This next task is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on
For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

*****************************************************************
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
c:|Fun4IM;true;true;true; /FP
c:|Bandoo;true;true;true; /FP
c:|Searchn;true;true;true; /FP
c:|Searchq;true;true;true; /FP
c:|datamngr;true;true;true; /FP
c:|iLivid;true;true;true; /FP
c:|whitesmoke;true;true;true; /FP
%USERPROFILE%\..|smtmp;true;true;true /FP
%systemroot%\*. /mp /s
CLEARALLRESTOREPOINTS

*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on Run Scan.
The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
These are saved in the same location as OTL.
Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Re-enable your antivirus program.

Maurice Naggar
Consumer Support Specialist

#12 effa

Regular Member

Honorary Members
53 posts

Posted 30 April 2012 - 02:39 PM

Here are the OTL logs:

OTL.txt:

OTL logfile created on: 4/30/2012 3:20:37 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Carl\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.44% Memory free
6.13 Gb Paging File | 4.80 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.28 Gb Total Space | 60.56 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: CARL-NOTEBOOK | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 15:17:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/12/16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe
PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/06/08 22:19:54 | 000,117,224 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbx4log.exe
PRC - [2009/06/08 22:19:52 | 000,637,416 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe
PRC - [2009/05/13 01:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/04/24 14:40:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2009/04/24 14:40:08 | 001,323,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe
PRC - [2009/04/23 23:01:24 | 001,011,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
PRC - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2009/03/28 15:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TANU\TANU.exe
PRC - [2009/03/23 13:50:40 | 000,729,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2009/03/19 13:20:12 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\Qualcomm\QDLService\QDLService.exe
PRC - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/03/10 21:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/03/06 21:29:04 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
PRC - [2009/02/16 20:09:44 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
PRC - [2009/02/16 20:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
PRC - [2009/02/01 01:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe
PRC - [2008/12/18 17:34:24 | 000,448,376 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/16 20:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 19:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/22 13:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe
PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/01/09 17:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 08:25:04 | 000,409,600 | ---- | M] () -- C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/08 22:20:10 | 000,502,248 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\OsifUtils.dll
MOD - [2009/06/08 22:20:04 | 000,276,968 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\mdvauthapi32.dll
MOD - [2009/06/08 22:19:58 | 002,824,680 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\connmgr.dll
MOD - [2009/03/07 16:15:46 | 007,005,496 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2009/02/16 20:09:46 | 000,868,352 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/16 20:09:42 | 000,007,680 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
MOD - [2009/01/31 01:11:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2008/07/14 13:37:00 | 000,095,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2008/01/20 22:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/12/19 15:12:38 | 000,077,824 | ---- | M] () -- C:\Program Files\TOSHIBA\HDD Protection\NotifyTHP.dll
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\PNPXAssoc32.exe -- (THREADORDER32)
SRV - [2012/04/15 09:14:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/04/24 14:40:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)
SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2009/03/19 13:20:12 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Qualcomm\QDLService\QDLService.exe -- (QDLService)
SRV - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/10/16 20:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 19:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/22 13:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/06 23:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/01/29 01:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/05 02:35:24 | 000,163,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/04/23 18:42:44 | 000,014,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\PMCF.sys -- (PMCF)
DRV - [2009/04/03 05:37:24 | 000,200,240 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/25 20:23:30 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)
DRV - [2009/03/19 12:52:14 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnetTSH.sys -- (qcusbnetTSH)
DRV - [2009/03/19 12:52:14 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserTSH.sys -- (qcusbserTSH)
DRV - [2009/03/19 12:52:14 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfilterTSH.sys -- (qcfilterTSH)
DRV - [2009/03/18 14:44:54 | 000,022,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/02/12 17:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/01/27 22:12:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2009/01/14 14:37:32 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2008/11/17 10:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/22 09:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/04 13:30:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {76B49697-B060-4BD0-8D47-3D89767A3125}
IE - HKLM\..\SearchScopes\{76B49697-B060-4BD0-8D47-3D89767A3125}: "URL" = http://www.google.co...ng}&rlz=1I7TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSHB&bmod=TSHB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 4C DD 17 AC 48 1F 48 A8 A9 8B 65 77 44 37 F7 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {76B49697-B060-4BD0-8D47-3D89767A3125}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{76B49697-B060-4BD0-8D47-3D89767A3125}: "URL" = http://www.google.co...HB_enUS347US347
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {17DD4CCF-48AC-481F-A8A9-8B65774437F7} - C:\Windows\system32\audiodev32.dll File not found
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (96f8244b) - {32D19711-E290-8FDC-42B4-EFFD46023AB9} - C:\ProgramData\audiodev32.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [coreworks] C:\Program Files\TOSHIBA WWAN Manager\bin\gbxapp.exe (Toshiba)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TANU] C:\Program Files\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Adobe] C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll ()
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://webmail.worl....org/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://webmail.worl...k.org/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.worl...k.org/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE2B1B3-C808-42AE-BE4D-50F976A14FCF}: NameServer = 172.24.24.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FB2830-CE1A-44CA-AC71-EBDAABF3DC2D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - File not found
O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CLEARALLRESTOREPOINTS
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 15:17:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2012/04/30 14:18:25 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Carl\Desktop\tdsskiller.exe
[2012/04/29 12:49:56 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Photos
[2012/04/29 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Administration
[2012/04/29 12:49:09 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\French
[2012/04/29 11:08:21 | 000,000,000 | ---D | C] -- C:\ARK
[2012/04/29 10:40:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/29 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/29 10:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/27 12:10:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carl\Desktop\dds.scr
[2012/04/24 15:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012/04/24 15:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012/04/24 15:27:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2012/04/24 15:27:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/04/18 14:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/18 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/15 09:14:27 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/14 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2012/04/01 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Avira
[2012/04/01 11:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/04/01 11:27:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/04/01 11:27:58 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/04/01 11:27:58 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/04/01 11:27:58 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/04/01 11:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/04/01 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[1 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 15:17:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe
[2012/04/30 14:57:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 14:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 14:29:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/30 14:22:15 | 000,002,613 | ---- | M] () -- C:\Users\Carl\Desktop\Microsoft Word 2010.lnk
[2012/04/30 14:18:32 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Carl\Desktop\tdsskiller.exe
[2012/04/30 14:12:12 | 000,304,845 | ---- | M] () -- C:\Users\Carl\Desktop\ListParts.exe
[2012/04/30 14:07:13 | 001,008,141 | ---- | M] () -- C:\Users\Carl\Desktop\rkill.com
[2012/04/30 09:08:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/30 09:08:52 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/30 09:03:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 09:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 09:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 09:02:52 | 3182,612,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 23:22:07 | 000,047,616 | ---- | M] () -- C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/29 11:24:20 | 331,292,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/29 10:55:30 | 000,000,512 | ---- | M] () -- C:\Users\Carl\Desktop\MBR.dat
[2012/04/29 10:36:07 | 000,000,744 | ---- | M] () -- C:\Users\Carl\Desktop\NTREGOPT.lnk
[2012/04/29 10:36:07 | 000,000,725 | ---- | M] () -- C:\Users\Carl\Desktop\ERUNT.lnk
[2012/04/27 12:10:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carl\Desktop\dds.scr
[2012/04/24 15:35:22 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/04/20 11:38:17 | 000,002,571 | ---- | M] () -- C:\Users\Carl\Desktop\Microsoft Excel 2010.lnk
[2012/04/18 14:23:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/15 09:14:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/15 09:14:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/10 13:50:22 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/01 11:28:46 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[1 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 14:12:10 | 000,304,845 | ---- | C] () -- C:\Users\Carl\Desktop\ListParts.exe
[2012/04/30 14:07:11 | 001,008,141 | ---- | C] () -- C:\Users\Carl\Desktop\rkill.com
[2012/04/29 11:29:56 | 3182,612,480 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/29 10:55:30 | 000,000,512 | ---- | C] () -- C:\Users\Carl\Desktop\MBR.dat
[2012/04/29 10:36:07 | 000,000,744 | ---- | C] () -- C:\Users\Carl\Desktop\NTREGOPT.lnk
[2012/04/29 10:36:07 | 000,000,725 | ---- | C] () -- C:\Users\Carl\Desktop\ERUNT.lnk
[2012/04/24 15:35:22 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012/04/18 14:23:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/15 09:14:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/01 11:28:46 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/18 12:51:37 | 000,000,680 | ---- | C] () -- C:\Users\Carl\AppData\Local\d3d9caps.dat
[2012/01/16 22:30:29 | 000,008,823 | ---- | C] () -- C:\Users\Carl\AppData\Local\d1a7ebf0
[2012/01/16 22:30:29 | 000,008,821 | ---- | C] () -- C:\ProgramData\84e2a78c
[2012/01/16 22:30:29 | 000,008,782 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\90570254
[2011/06/12 15:37:25 | 000,000,024 | ---- | C] () -- C:\ProgramData\360b7319
[2010/07/25 09:50:51 | 000,024,064 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\UserTile.png
[2010/06/18 09:27:38 | 000,135,167 | ---- | C] () -- C:\Windows\hpoins37.dat.temp
[2010/06/18 09:27:38 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/06/15 21:40:51 | 000,134,739 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/15 21:40:51 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/01/21 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Adobe
[2011/11/29 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Apple Computer
[2009/11/07 22:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Artweaver
[2012/04/09 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Avira
[2011/11/06 23:06:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Blackberry Desktop
[2009/10/18 21:35:22 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\CyberLink
[2009/11/09 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Exstora
[2011/04/24 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GetRightToGo
[2009/10/04 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Google
[2009/10/04 15:09:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Identities
[2010/07/25 09:49:32 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Intel
[2009/10/04 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Macromedia
[2011/06/19 06:53:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Media Center Programs
[2012/04/16 10:52:33 | 000,000,000 | --SD | M] -- C:\Users\Carl\AppData\Roaming\Microsoft
[2011/05/14 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla
[2011/05/14 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Octoshape
[2009/10/04 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\OpenOffice.org
[2010/07/25 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PeerNetworking
[2009/10/08 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PowerCinema
[2011/11/01 22:12:50 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Research In Motion
[2012/04/29 23:36:01 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Skype
[2012/04/18 08:49:54 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\skypePM
[2012/03/01 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TOSHIBA
[2011/07/31 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TP
[2009/10/04 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\WinBatch

< %APPDATA%\*.exe /s >
[2012/01/21 12:02:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009/10/07 20:02:15 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011/10/30 09:56:03 | 000,413,696 | R--- | M] (Acresso Software Inc.) -- C:\Users\Carl\AppData\Roaming\Microsoft\Installer\{5BF4B3ED-682C-4363-95D6-9F741D914B6B}\BlackBerry.exe
[2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >
< End of report >

Extras.txt:

OTL Extras logfile created on: 4/30/2012 3:20:37 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Carl\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.44% Memory free
6.13 Gb Paging File | 4.80 Gb Available in Paging File | 78.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.28 Gb Total Space | 60.56 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: CARL-NOTEBOOK | User Name: Carl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FBB2B60-978D-46A2-A189-123060039506}" = lport=445 | protocol=6 | dir=in | app=system |
"{42820793-9EA8-42BF-9816-17328BA0A558}" = rport=139 | protocol=6 | dir=out | app=system |
"{4C5E3438-5781-494C-92A8-56E4136B68F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{6F9C7365-DCF6-4570-9A1D-26BC050B18CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{73CB51F5-6F1A-49F7-8DDD-33481BEEFFF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{855F4B76-E3C5-4662-8739-F24B4C5A1960}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{92F2C806-9E12-4015-B69A-EF0D4F039F2E}" = lport=137 | protocol=17 | dir=in | app=system |
"{99F5BC79-8BFF-4EF4-BEE9-77376C700267}" = lport=139 | protocol=6 | dir=in | app=system |
"{9FF0FF50-E2FE-43A1-BEA1-088703AB36A6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B6863240-E963-4EA4-AAF0-E11B7B14FA83}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7DFA7AF-8473-4C17-A086-E6E28ED3C41C}" = rport=445 | protocol=6 | dir=out | app=system |
"{CEC996D5-0CB4-44DC-A458-B38B0ABA950F}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E3440D0F-C706-4A64-85E8-E9181CC1AD0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F7292523-489F-4398-B990-36C54F53417C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E4ACE8-A415-4054-97D0-3BA1D684E262}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06350D94-BE8B-4389-911F-86A18C32DC54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A00C53E-3542-41D2-A581-481D9C22E674}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1F0B6F5A-A2EE-4266-880A-C86E9058B312}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |
"{24ABB148-8D7B-4E7E-89F7-6A4ED32A1A73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{299C75B9-B8A6-477F-B2C2-25EADB1DA682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2A540111-10F4-44B7-8D98-40030954B906}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |
"{31EFCCDF-D343-4D37-AE0D-CB652AEE6921}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |
"{3BD4FDE9-41B4-49A4-8E22-3388F7896A46}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |
"{3D4991AF-881A-46DC-9C1D-268897FDB8C2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{407CC1CF-C1B8-4A9E-A42E-84BF1352192A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{57733693-653B-423D-BD4A-545DB3EEE06A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{6B5D6B35-4E1B-41BE-9766-040FCEE61920}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{78D7537F-2914-42B8-B63E-86D5BBCB9989}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |
"{7CB79612-E2E0-4AFD-8CF7-E00E13124C53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7EA64473-9D49-4287-9540-E021F0F9C28D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{84F83DC1-A484-4C52-A868-A1B2699ABC0C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{8ABEB4EB-CE66-4F99-9FEF-B7F7597BAFDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8D6B8EB9-DA9F-4298-B3BF-46B2E70E19A5}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |
"{936FEBD2-506A-444B-AC18-9109D8B3FB7D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9F2E0DBB-6EE2-42EC-8CE7-A615F6419570}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9F8D89ED-722D-451A-BE37-424815E12E62}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{A04F196F-C9DD-47DE-B68B-EA753C61801C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A116A866-F740-4BF7-962D-2BBF66BFF836}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{A18737B0-490B-4033-A0AD-E3F47578C888}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{A1EA29DC-8C07-4F34-87E0-DFF3436E8049}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C9932E24-F64B-458A-91ED-DDEE4D3571B6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C9B8DDD2-EC82-4B41-A9CF-6579F08A55E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA4EC0B8-C70B-4410-8C3B-3872D9440E8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{F39C97EC-0F02-4579-AD0D-0A63F8706F92}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F7D060DA-DEFA-43C6-87B7-123DBA64FB57}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F817C77B-EB2D-4310-8E7A-95AC5BB68DE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FEF01985-25CA-4595-9CC4-8DAB37C19CC6}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |
"TCP Query User{272080D1-97B9-4AB6-88BF-F7E5EA982B8E}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"TCP Query User{8596422A-F06B-428F-8EDE-F5F3140E56E0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{90BE5BB6-DFA3-42DF-B203-BF4E0E0DFE01}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{7B6327DD-5C5F-4939-A492-FE8216DEB45A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D99D49E1-2A66-4B50-97F6-DC4B8702126F}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{EF4F4F8A-03F3-4B9B-9BCC-7E096951A3F5}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{147944FC-6A9E-4DD9-9EC3-A242EE6C16FD}" = BlackBerry App World Browser Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BF4B3ED-682C-4363-95D6-9F741D914B6B}" = BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{618FF042-F011-489B-BAF0-37986134FC26}" = Ilwis
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B662092-665F-40C5-9835-4AFC12D36DC1}" = Mathe Klasse 11-13
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password
"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABD39060-5F6C-470A-A891-73ACC92ED8DB}" = TOSHIBA WWAN Manager
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B46E0571-DE58-4D5C-8D77-64070C6EACDA}" = Qualcomm Gobi Single Installer Package for Toshiba
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"ERUNT_is1" = ERUNT 1.1j
"ExstoraPro" = Exstora Pro 2.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = WildTangent Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 12:46:32 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1404

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4534184

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4534184

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4535385

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4535385

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46052

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46052

[ Media Center Events ]
Error - 10/13/2011 4:58:04 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (5648.1128)

Error - 10/13/2011 4:58:04 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (5648.1129)

Error - 10/13/2011 2:55:08 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3452.1128)

Error - 10/13/2011 2:55:08 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3452.1129)

Error - 10/13/2011 2:55:55 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3452.1128)

Error - 10/13/2011 2:55:55 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3452.1129)

Error - 10/14/2011 4:32:17 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (876.1128)

Error - 10/14/2011 4:32:17 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (876.1129)

Error - 10/14/2011 4:32:22 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (876.1128)

Error - 10/14/2011 4:32:22 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (876.1129)

[ System Events ]
Error - 4/29/2012 11:26:12 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2012 11:26:12 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2012 11:26:26 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2012 11:26:27 AM | Computer Name = Carl-notebook | Source = DCOM | ID = 10005
Description =

Error - 4/29/2012 11:26:28 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2012 11:26:37 AM | Computer Name = Carl-notebook | Source = DCOM | ID = 10005
Description =

Error - 4/29/2012 11:30:05 AM | Computer Name = Carl-notebook | Source = HTTP | ID = 15016
Description =

Error - 4/29/2012 12:08:00 PM | Computer Name = Carl-notebook | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 4/30/2012 9:03:03 AM | Computer Name = Carl-notebook | Source = HTTP | ID = 15016
Description =

Error - 4/30/2012 9:13:06 AM | Computer Name = Carl-notebook | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

< End of report >

#13 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 30 April 2012 - 04:39 PM

There is one trojan onboard a stray audiodev32.dll that I'd like submitted for online analysis and 1 other possible suspect.
I'll ask you to use your browser and upload 2 files at 2 websites. This will not take long.

Use your browser to go here at Virustotal website
Click the Browse button and then navigate to C:\ProgramData\audiodev32.dll, then click the Submit button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll
Save the results, and post back here in a reply.
==

Use your browser to go here at VirSCAN.org website
Click the Browse button and then navigate to C:\ProgramData\audiodev32.dll, then click the Submit button.

Save the results, and post back here in a reply.

Repeat the same steps for C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll
Save the results, and post back here in a reply.

Maurice Naggar
Consumer Support Specialist

#14 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 30 April 2012 - 05:37 PM

This is for after you have done the Tasks in my prior reply. Pls be sure you have done those first.

This file c:\programdata\audiodev32.dll is a trojan identfied by ESET as Win32/Kryptik.RSL trojan & also by MS as TrojanDownloader Win32/Tracur

TrojanDownloader:Win32/Tracur.M is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files.

You are advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you "may" be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.

These steps are for effa only. If you are a casual viewer, do NOT try this on your system!
If you are not effa and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do NOT run any other programs while these tools are in-progress :excl:

This next OTL task will remove the trojan that I have found. Make sure you close any open files/programs you started.
This will require a Restart-Reboot.

Temporarily turn off your Avira antivirus so that it does not interfere.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

*****************************************************************
:OTL
O2 - BHO: (96f8244b) - {32D19711-E290-8FDC-42B4-EFFD46023AB9} - C:\ProgramData\audiodev32.dll
O3 - HKLM\..\Toolbar: (no name)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440}
O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll)
:files
recycler /alldrives
C:\ProgramData\audiodev32.dll
c:\windows\system32\pnpxassoc32.exe
:Commands
[purity]
[resethosts]
[emptytemp]
[CLEARALLRESTOREPOINTS]
[EMPTYFLASH]
[Reboot]

*****************************************************************
Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button Run Fix.
Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2
If you have a prior copy of Combofix, delete it now

Recheck again --- Temporarily turn off your Avira antivirus so that it does not interfere.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop

and select "Run as Administrator".

A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 3
You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/u...ine-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of OTL MovedFiles log
C:\combofix.txt
the Eset scan log
and Tell me :excl:

Is the Happili redirect or similar browser redirect happening ?

For much later, this has an outdated Java runtime, Adobe Reader, and a leftover of Norton Internet Security --- all need addressing.

Edited by Maurice Naggar, 30 April 2012 - 06:32 PM.

Maurice Naggar
Consumer Support Specialist

#15 effa

Regular Member

Honorary Members
53 posts

Posted 30 April 2012 - 09:25 PM

Hi Maurice Naggar,

The file audiodev32.dll can't be found, not by myself browsing and also not by copy/pasting the path you gave in the browser.

I had no problems with the file ihkpbqo.dllwhen using Virustotal. The scan results can be found below - I didn't really know how much details you wanted, so I pasted everything I could find. When using VirSCAN, I did not manage to perform a new scan. It always seemed to stop at around 80% of completion. I thereforalready added previous scan results. I will try again tomorrow.

Virustotal:

SHA256: 58ab4e88ad027ac28747ad2e621d0ce359cf9d4fc335fcb78f0c8cf330f955e6 SHA1: adbb1a60c8e6a7e0170a0cbefa854666d6dc63d2 MD5: 34f8ecb55579bbbced8b39f0e448700c File size: 400.0 KB ( 409600 bytes ) File name: ihkpbqo.dll File type: Win32 DLL Detection ratio: 10 / 42 Analysis date:
2012-05-01 01:28:16 UTC ( 0 minutes ago )
AhnLab-V3 - 20120430 AntiVir - 20120430 Antiy-AVL - 20120430 Avast - 20120501 AVG - 20120430 BitDefender - 20120501 ByteHero - 20120430 CAT-QuickHeal - 20120430 ClamAV - 20120430 Commtouch - 20120430 Comodo UnclassifiedMalware 20120501 DrWeb - 20120501 Emsisoft - 20120501 eSafe - 20120430 eTrust-Vet - 20120430 F-Prot - 20120430 F-Secure - 20120501 Fortinet W32/Sefnit.16DP12!tr 20120430 GData - 20120501 Ikarus - 20120501 Jiangmin - 20120430 K7AntiVirus - 20120430 Kaspersky - 20120501 McAfee Sefnit.ah 20120501 McAfee-GW-Edition Artemis!34F8ECB55579 20120430 Microsoft Trojan:Win32/Tracur.AK 20120430 NOD32 a variant of Win32/Kryptik.AEVS 20120501 Norman - 20120430 nProtect - 20120430 Panda Trj/CI.A 20120430 PCTools - 20120430 Rising - 20120428 Sophos - 20120501 SUPERAntiSpyware - 20120402 Symantec - 20120430 TheHacker - 20120428 TrendMicro TROJ_SPNR.16DP12 20120430 TrendMicro-HouseCall TROJ_SPNR.16DP12 20120430 VBA32 - 20120430 VIPRE Trojan.Win32.Generic!BT 20120430 ViRobot - 20120430 VirusBuster - 20120501

ssdeep
1536:q9cnQV4lDWjV2EfbQgZV5KgtlKWvtmgMbFu8ukCqMcVMj2VbLW0lA1CR4zZDXHcb:q9/6Ij3bvFJAg0Fu8us+0lAs4zZDH0
TrID
Windows OCX File (63.5%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Windows Screen Saver (6.7%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)

ExifTool

UninitializedDataSize....: 0
InitializedDataSize......: 131072
ImageVersion.............: 0.0
ProductName..............: ASUS Filter Effect Dynamic Link Library
FileVersionNumber........: 1.0.0.3
LanguageCode.............: Chinese (Traditional)
FileFlagsMask............: 0x003f
FileDescription..........: ASUS Filter Effect DLL
CharacterSet.............: Unicode
LinkerVersion............: 7.1
OriginalFilename.........: EffectDLL.DLL
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1, 0, 0, 3
TimeStamp................: 2007:07:31 05:03:12+02:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: EffectDLL
ProductVersion...........: 1, 0, 0, 3
SubsystemVersion.........: 4.0
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright © 2006
MachineType..............: Intel 386 or later, and compatibles
CodeSize.................: 290816
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.3
EntryPoint...............: 0x1000
ObjectFileType...........: Dynamic link library

Sigcheck

product..................: ASUS Filter Effect Dynamic Link Library
internal name............: EffectDLL
copyright................: Copyright © 2006
original name............: EffectDLL.DLL
file version.............: 1, 0, 0, 3
description..............: ASUS Filter Effect DLL

Portable Executable structural information

Compilation timedatestamp.....: 2007-07-31 03:03:12
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x00001000

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 289560 290816 1.45 c899559b22354e5ea53fce286fa6cf9a
.rdata 294912 70211 73728 5.61 f108c9886d8e3a3888b8c90c9f9d60eb
.data 368640 23044 8192 4.49 2cc05d7183eb1be598afaadf4ba9ee4d
.rsrc 393216 11648 12288 3.86 c0ac679395c284b5e1f991736c6ea24c
.reloc 405504 16472 20480 0.00 daa100df6e6711906b61c9ab5aa16032

PE Imports....................:

comdlg32.dll
GetFileTitleW, GetOpenFileNameW, GetSaveFileNameW

COMCTL32.dll

GDI32.dll
SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, DeleteDC, CreateDIBPatternBrushPt, CreatePatternBrush, CreateCompatibleDC, GetStockObject, SelectPalette, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetDeviceCaps, CreatePen, ExtCreatePen, ScaleViewportExtEx, CreateHatchBrush, CopyMetaFileW, CreateDCW, Escape, GetDCOrgEx, CreateFontIndirectW, GetTextExtentPoint32W, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, PatBlt, DPtoLP, GetTextMetricsW, ExtTextOutW, TextOutW, RectVisible, PtVisible, StartDocW, GetPixel, BitBlt, GetWindowExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetObjectW, DeleteObject, CreateSolidBrush, CreateDIBSection, GetViewportExtEx, SelectClipPath, CreateRectRgn, GetClipRgn, SelectClipRgn, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, MoveToEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SelectObject

ADVAPI32.dll
RegQueryValueW, RegCreateKeyW, RegSetValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW

KERNEL32.dll
SetEndOfFile, GetFileSize, DuplicateHandle, GetCurrentProcess, FindClose, FindFirstFileW, GetVolumeInformationW, GetFullPathNameW, CreateFileW, GetShortPathNameW, FileTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SetFileTime, SetFileAttributesW, GetFileAttributesW, GetFileTime, HeapFree, GetCommandLineA, ExitProcess, RtlUnwind, TerminateProcess, ExitThread, CreateThread, HeapAlloc, HeapSize, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, UnlockFile, HeapDestroy, HeapCreate, VirtualFree, FatalAppExitA, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, GetTimeZoneInformation, GetOEMCP, GetCPInfo, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetStringTypeExW, DeleteFileW, MoveFileW, FreeResource, GlobalFindAtomW, lstrlenA, LoadLibraryA, GetVersionExA, CopyFileW, GlobalSize, FormatMessageW, GetLastError, RaiseException, GetModuleHandleA, SetLastError, GlobalFlags, MulDiv, InterlockedIncrement, GetCurrentDirectoryW, lstrcmpiW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, SetErrorMode, lstrcatW, lstrcpynW, InterlockedDecrement, TlsFree, GlobalFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalUnlock, GlobalReAlloc, LeaveCriticalSection, LocalFree, LocalAlloc, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, CloseHandle, GlobalAddAtomW, FindResourceW, LoadResource, LockResource, SizeofResource, lstrlenW, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GlobalDeleteAtom, WideCharToMultiByte, lstrcmpA, lstrcmpiA, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcpyW, LoadLibraryW, GetLocaleInfoW, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, VirtualQuery

gdiplus.dll
GdipCreateHBITMAPFromBitmap, GdipGetImageWidth, GdipCreateBitmapFromHBITMAP, GdipGetImageHeight, GdipDisposeImage, GdiplusStartup, GdipAlloc, GdipFree, GdipCloneImage, GdiplusShutdown

WINSPOOL.DRV
DocumentPropertiesW, ClosePrinter, OpenPrinterW

SHELL32.dll
SHGetFileInfoW, ExtractIconW

ole32.dll
CoTaskMemFree, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, CreateBindCtx, CoTaskMemAlloc, ReleaseStgMedium, OleDuplicateData, StringFromCLSID, CoTreatAsClass, CoDisconnectObject, CoCreateInstance, StringFromGUID2, CLSIDFromString

SHLWAPI.dll
PathFindExtensionW, PathRemoveExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW

USER32.dll
InflateRect, GetMenuItemInfoW, DestroyMenu, SystemParametersInfoW, EndDialog, GetNextDlgTabItem, CreateDialogIndirectParamW, GetDialogBaseUnits, GetPropW, RemovePropW, SendDlgItemMessageA, IsWindow, IsChild, GetForegroundWindow, SetActiveWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, LoadIconW, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, UpdateWindow, GetClientRect, GetMenu, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetClassInfoW, RegisterClassW, SetWindowPlacement, DefWindowProcW, CallWindowProcW, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, CopyRect, GetWindowTextLengthW, SetWindowPos, ScrollWindowEx, SetFocus, CharUpperW, MoveWindow, SetWindowLongW, IsDialogMessageW, IsDlgButtonChecked, UnregisterClassA, SetDlgItemInt, SendDlgItemMessageW, GetDlgItemTextW, GetDlgItemInt, GetDlgItem, CheckRadioButton, CheckDlgButton, LoadCursorW, GetSystemMetrics, GetSysColorBrush, GetMenuStringW, AppendMenuW, GetMenuItemID, GetSubMenu, RemoveMenu, GetSysColor, EndPaint, BeginPaint, ScreenToClient, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetDesktopWindow, GetWindowTextW, SetWindowTextW, GetClassNameW, MessageBoxW, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, EnableWindow, InsertMenuW, GetMenuItemCount, DeleteMenu, wsprintfW, UnregisterClassW, UnhookWindowsHookEx, SetMenuItemBitmaps, GetFocus, GetParent, ModifyMenuW, GetMenuState, EnableMenuItem, DestroyIcon, RegisterWindowMessageW, WinHelpW, CheckMenuItem, GetMenuCheckMarkDimensions, GetCapture, CreateWindowExW, GetClassInfoExW, GetClassLongW, ShowWindow, SetPropW, LoadBitmapW, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, ShowOwnedPopups, SendMessageW, SetCursor, PostMessageW, PostQuitMessage, GetDC, ReleaseDC, GetWindowDC, SetDlgItemTextW

OLEAUT32.dll
-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

PE Exports....................:

CreateEffectARGB, CreateEffectBitmap, CreateEffectHBITMAP, EnumEffectIds, GetEffectDescription
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2012-04-25 11:49:13 UTC ( 5 days, 13 hours ago )
Last seen by VirusTotal
2012-05-01 01:28:16 UTC ( 5 minutes ago )
File names (max. 25)

ihkpbqo.dll
34f8ecb55579bbbced8b39f0e448700c.exe

VirScan:
Scanner results : 8% Scanner(s) (3/36) found malware! Time : 2012/04/30 22:04:01 (EDT) Scanner

Engine Ver Sig Ver Sig Date Scan result Time a-squared 5.1.0.4 20120501070152 2012-05-01
- 0.000 AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26
- 0.000 AntiVir 8.2.10.58 7.11.28.226 2012-04-27
- 0.178 Antiy 2.0.18 2.0.18. 0002-18-00
- 0.277 Arcavir 2011 201204271537 2012-04-27
- 4.115 Authentium 5.1.1 201204301805 2012-04-30
- 1.444 AVAST! 4.7.4 120430-1 2012-04-30
- 0.217 AVG 12.0.1782 2409/4970 2012-04-30
- 0.288 BitDefender 7.90123.7119837 7.42112 2012-05-01
- 3.790 ClamAV 0.97.3 14866 2012-05-01
- 0.189 Comodo 5.1 12196 2012-04-30
- 0.000 CP Secure 1.3.0.5 2012.05.01 2012-05-01
- 0.231 Dr.Web 7.0.1.2210 2012.04.30 2012-04-30
- 12.943 F-Prot 4.6.2.117 20120430 2012-04-30
- 0.843 F-Secure 7.02.73807 2012.04.30.04 2012-04-30
- 2.578 Fortinet 4.3.392 15.481 2012-04-30
- 0.000 GData 22.4819 20120501 2012-05-01
- 0.000 Ikarus T3.1.32.20.0 2012.04.30.81074 2012-04-30
- 5.089 JiangMin 13.0.900 2012.04.29 2012-04-29
- 0.000 Kaspersky 5.5.10 2012.05.01 2012-05-01
- 0.307 KingSoft 2009.2.5.15 2012.5.1.9 2012-05-01
- 0.000 McAfee 5400.1158 6697 2012-04-30
Sefnit.ah 9.927 Microsoft 1.8304 2012.05.01 2012-05-01
- 0.000 NOD32 3.0.21 7099 2012-04-30
a variant of Win32/Kryptik.AEVS trojan 0.233 nProtect 20120429.01 11205192 2012-04-29
- 0.000 Panda 9.05.01 2012.04.29 2012-04-29
- 0.000 Quick Heal 11.00 2012.04.30 2012-04-30
- 0.000 Rising 20.0 24.07.05.02 2012-04-28
- 0.000 Sophos 3.30.0 4.76 2012-05-01
- 4.816 Sunbelt 3.9.2535.2 11860 2012-04-30
- 0.000 Symantec 1.3.0.24 20120430.002 2012-04-30
- 0.439 The Hacker 6.7.0.1 v00452 2012-04-28
- 0.000 Trend Micro 9.500-1005 8.956.03 2012-04-30
TROJ_SPNR.16DP12 0.182 VBA32 3.12.16.4 20120430.0726 2012-04-30
- 3.668 ViRobot 20120430 2012.04.30 2012-04-30
- 0.000 VirusBuster 5.5.0.2 14.2.50.0/8548113 2012-04-30
- 0.194

#16 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 08:14 AM

Good morning.

That is sufficient enough subsmissions to the sites. Please proceed forth with all that I had outlined in my previous reply to you
here -->> http://forums.malwar...ndpost&p=547658

Maurice Naggar
Consumer Support Specialist

#17 effa

Regular Member

Honorary Members
53 posts

Posted 01 May 2012 - 08:26 AM

Ok! I just tried te rescan ihkpbqo.dll with VirSCAN, but it again did not work out.

I will continue with the next steps right now.

#18 effa

Regular Member

Honorary Members
53 posts

Posted 01 May 2012 - 09:33 AM

Tried to run otl, but it stalled. Otl does not do much while desktop items are gone. What to do? I am writingthis from android smartphone. Any easy way to access this forum like that because it is a pain.

#19 Maurice Naggar

Eradicator de logiciels malveillants

Moderators
13,616 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 09:44 AM

You say that OTL "stalled". How much time did you give it? Allow at least 10 minutes or so before you judged as a stall.
Sometimes you may even see "...not responding" but however after a few minutes it will continue on.

If the pc is truly/truly stalled, use CTRL+ALT+DEL keys to bring up Task Manager and restart the system.

When get back into normal Windows, make sure your antivirus is off and retry the OTL section just one more time.
Once started, allow at least 10 to 15 minutes for OTL to do it's magic.

IF and only if it really does not work, then scratch that portion, and proceed forward to the Combofix section (as I outlined).

Maurice Naggar
Consumer Support Specialist

#20 effa

Regular Member

Honorary Members
53 posts

Posted 01 May 2012 - 09:55 AM

I am sorry for being inpatient! A green bar started to move in the otl window, so I guess it is just working fine. I thought otl would be faster. Sorry!

Back to Resolved HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Not so Happili Redirected-- audiodev32.dll TrojanDownloader Win32/Tracur

0 user(s) are reading this topic

Sign In