effa

Not so Happili Redirected-- audiodev32.dll TrojanDownloader Win32/Tracur

60 posts in this topic

Hi,

Like many others, I have problems with Happili redirect and other crappy commercial looking redirects in IE. I scanned my computer with Avira and Malwarebytes (free versions), but it did not solve the problem.

I then ran DDS, which resulted in the logs I inserted below.

Anyone out there willing and able to help me?

Thanks!

dds.text

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088

Run by Carl at 12:11:25 on 2012-04-27

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3034.1115 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\QUALCOMM\QDLService\QDLService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\ltmoh\ltmoh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\TANU\TANU.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\program files\toshiba wwan manager\bin\gbx4log.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Secunia\PSI\sua.exe

C:\Program Files\pdf24\pdf24.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\ehome\ehRecvr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

BHO: {17dd4ccf-48ac-481f-a8a9-8b65774437f7} - c:\windows\system32\audiodev32.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: 96f8244b: {32d19711-e290-8fdc-42b4-effd46023ab9} - c:\programdata\audiodev32.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Octoshape Streaming Services] "c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Adobe] rundll32.exe "c:\users\carl\appdata\local\google\adobe\ihkpbqo.dll",DllRegisterServer

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe

mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [coreworks] "c:\program files\toshiba wwan manager\bin\gbxapp.exe" runatstartup

mRun: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"

mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe

mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe

mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"

mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} - hxxps://webmail.worldbank.org/dwa85W.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://webmail.worldbank.org/dwa8W.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://webmail.worldbank.org/dwa7W.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2CE2B1B3-C808-42AE-BE4D-50F976A14FCF} : NameServer = 172.24.24.10

TCP: Interfaces\{96FB2830-CE1A-44CA-AC71-EBDAABF3DC2D} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll, c:\programdata\audiodev32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 30272]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-1 36000]

R1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-6-1 14856]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-1 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-1 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-1 74640]

R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-7-22 20544]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-3-19 345336]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2009-7-22 45056]

R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-7-22 38400]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-24 176128]

R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-22 112128]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-7-22 22272]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 qcfilterTSH;Toshiba USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterTSH.sys [2009-3-19 5248]

R3 qcusbnetTSH;Toshiba USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetTSH.sys [2009-3-19 115200]

R3 qcusbserTSH;Toshiba USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserTSH.sys [2009-3-19 104448]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\pnpxassoc32.exe --> c:\windows\system32\PNPXAssoc32.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-27 13:23:53 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72338c3f-a70f-4386-80a7-7f34b8c2e17a}\mpengine.dll

2012-04-24 19:27:25 -------- d-----w- c:\program files\Microsoft LifeCam

2012-04-24 19:27:14 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-04-24 19:27:14 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-04-15 13:14:27 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-14 20:01:14 -------- d-----w- c:\program files\Research In Motion Limited

2012-04-01 16:53:09 -------- d-----w- c:\users\carl\appdata\roaming\Avira

2012-04-01 15:27:58 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-04-01 15:27:58 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-04-01 15:27:55 -------- d-----w- c:\programdata\Avira

2012-04-01 15:27:55 -------- d-----w- c:\program files\Avira

.

==================== Find3M ====================

.

2012-04-15 13:14:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-14 16:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX

.

============= FINISH: 12:12:40.41 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 7/22/2009 6:37:14 PM

System Uptime: 4/27/2012 5:13:15 AM (7 hours ago)

.

Motherboard: TOSHIBA | | To be filled by O.E.M.

Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | CPU 1 | 2100/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 138 GiB total, 57.812 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP739: 4/13/2012 6:00:53 AM - Scheduled Checkpoint

RP740: 4/13/2012 2:49:55 PM - Windows Update

RP741: 4/14/2012 3:20:35 AM - Scheduled Checkpoint

RP742: 4/14/2012 4:00:07 PM - Installed BlackBerry App World Browser Plugin

RP743: 4/16/2012 3:01:26 AM - Windows Update

RP744: 4/17/2012 3:27:43 AM - Scheduled Checkpoint

RP745: 4/17/2012 6:53:43 PM - Windows Update

RP747: 4/20/2012 8:40:02 AM - Windows Update

RP748: 4/21/2012 8:24:22 AM - Scheduled Checkpoint

RP749: 4/23/2012 7:00:28 AM - Scheduled Checkpoint

RP750: 4/24/2012 3:56:14 AM - Scheduled Checkpoint

RP751: 4/24/2012 4:02:55 AM - Windows Update

RP753: 4/24/2012 3:26:56 PM - Installed DirectX

RP754: 4/24/2012 3:28:02 PM - Device Driver Package Install: Microsoft Imaging devices

RP755: 4/24/2012 3:28:43 PM - Device Driver Package Install: Microsoft Sound, video and game controllers

RP756: 4/24/2012 3:29:44 PM - Device Driver Package Install: Microsoft Imaging devices

RP757: 4/24/2012 3:30:23 PM - Device Driver Package Install: Microsoft Sound, video and game controllers

RP758: 4/24/2012 3:31:23 PM - Device Driver Package Install: Microsoft Imaging devices

RP759: 4/24/2012 3:32:34 PM - Device Driver Package Install: Microsoft Sound, video and game controllers

RP760: 4/24/2012 3:33:47 PM - Device Driver Package Install: Microsoft Imaging devices

RP761: 4/24/2012 3:34:36 PM - Device Driver Package Install: Microsoft Sound, video and game controllers

RP762: 4/25/2012 6:21:55 AM - Scheduled Checkpoint

RP763: 4/27/2012 6:06:50 AM - Scheduled Checkpoint

RP764: 4/27/2012 9:22:57 AM - Windows Update

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.6

ALPS Touch Pad Driver

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Artweaver 1.0

Avira Free Antivirus

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 6.1

BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone

Bonjour

Compatibility Pack for the 2007 Office system

CyberLink PowerCinema for TOSHIBA

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Direct DiscRecorder

DJ_AIO_05_F4400_Software_Min

Dolby Control Center

DVD MovieFactory for TOSHIBA

Exstora Pro 2.5

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Deskjet F4400 Printer Driver 14.0 Rel. 5

Ilwis

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® PROSet/Wireless WiFi Software

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java™ 6 Update 29

LightScribe 1.4.124.1

Malwarebytes Anti-Malware version 1.61.0.1400

Mathe Klasse 11-13

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Corporation

Microsoft LifeCam

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Netzero Internet Access Installer

Norton Internet Security

Octoshape Streaming Services

PDF24 Creator 4.1.2

Picasa 3

PlayReady PC runtime

Qualcomm Gobi Single Installer Package for Toshiba

QuickBooks Financial Center

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Recuva

RICOH R5U230 Media Driver ver.2.02.02.01

Scan

Secunia PSI (2.0.0.4003)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype web features

Skype™ 5.8

Spelling Dictionaries Support For Adobe Reader 9

Toolbox

TOSHIBA Agreement Notification Utility

Toshiba Application and Driver Installer

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA Internal Modem Region Select Utility

Toshiba Quality Application

TOSHIBA Recovery Disc Creator

Toshiba Registration

Toshiba Resources Page

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA WWAN Manager

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VoiceOver Kit

WildTangent Games

.

==== Event Viewer Messages From Past Week ========

.

4/26/2012 5:41:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

4/24/2012 3:47:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.

4/24/2012 3:46:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ehSched service.

4/24/2012 2:56:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

4/23/2012 2:28:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Carl-notebook\Carl SID (S-1-5-21-2291974740-4036391792-2128109495-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/23/2012 10:33:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

4/22/2012 5:40:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello effa,

Kindly advise me if the redirects are only in Internet Explorer, or, if it too occurs in Firefox or Chrome, or other browser !

Let's start with some preliminaries and have you post log-reports for my review.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

b]Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. :excl:

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Share this post


Link to post
Share on other sites

Hi Maurice Naggar,

Thank you very much for your reply.

I am going to start with your instructions and will post the logs a.s.a.p. Just to answer your first question, only IE is used on this computer, so obviously only redirect problems in IE.

Effa

Share this post


Link to post
Share on other sites

Hi Maurice Naggar,

I followed your instructions and everything went fine when performing step 1 till 4 (see logs below). I was unfortunately not able to perform the scan in step 5 (and hence I did not try to do step 6).

Here is a little desciption of what went wrong in step 5:

  • I downloaded a file called 0n3bgh0k.exe
  • Running this program did not work out and gave the following message: "Invalid access to memory."
  • I decided to delete the exe file and try again, following your instructions in step 5 from the beginning
  • I downloaded a file called hy5hg09p.exe and ran it
  • I was able to start the scan this time, however after a little time a MS window popped up saying "program has stopped working", I closed this window
  • I decided to run the same exe again, but I ended up with a blue screen after doing so
  • Being a little in panic I pressed restart in safe mode (which I hardly understand :-( ), but realized I had no idea what to do after and had no internet connection, so I restarted the computer, expecting to choose safe mode + internet, but ending up with a normal reboot.

I did not do anything else afterwards, besides posting this and saving some unsaved docs.

Looking forward to your reply. Sorry for being such a dummy.

Effa

aswMBR.exe log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-29 10:50:05

-----------------------------

10:50:05.222 OS Version: Windows 6.0.6001 Service Pack 1

10:50:05.222 Number of processors: 2 586 0x170A

10:50:05.223 ComputerName: CARL-NOTEBOOK UserName: Carl

10:50:37.713 Initialize success

10:54:24.175 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

10:54:24.178 Disk 0 Vendor: TOSHIBA_ FG01 Size: 152627MB BusType: 3

10:54:24.189 Disk 0 MBR read successfully

10:54:24.193 Disk 0 MBR scan

10:54:24.196 Disk 0 Windows VISTA default MBR code

10:54:24.204 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

10:54:24.220 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 141597 MB offset 3074048

10:54:24.257 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9529 MB offset 293064704

10:54:24.289 Disk 0 scanning sectors +312580096

10:54:24.376 Disk 0 scanning C:\Windows\system32\drivers

10:54:31.892 Service scanning

10:54:58.557 Modules scanning

10:55:11.637 Scan finished successfully

10:55:30.529 Disk 0 MBR has been saved successfully to "C:\Users\Carl\Desktop\MBR.dat"

10:55:30.543 The log file has been saved successfully to "C:\Users\Carl\Desktop\aswMBR.txt"

TDSSKiller log;

11:01:16.0970 4380 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

11:01:17.0224 4380 ============================================================

11:01:17.0225 4380 Current date / time: 2012/04/29 11:01:17.0224

11:01:17.0225 4380 SystemInfo:

11:01:17.0225 4380

11:01:17.0225 4380 OS Version: 6.0.6001 ServicePack: 1.0

11:01:17.0225 4380 Product type: Workstation

11:01:17.0225 4380 ComputerName: CARL-NOTEBOOK

11:01:17.0225 4380 UserName: Carl

11:01:17.0225 4380 Windows directory: C:\Windows

11:01:17.0225 4380 System windows directory: C:\Windows

11:01:17.0225 4380 Processor architecture: Intel x86

11:01:17.0225 4380 Number of processors: 2

11:01:17.0225 4380 Page size: 0x1000

11:01:17.0225 4380 Boot type: Normal boot

11:01:17.0225 4380 ============================================================

11:01:17.0631 4380 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

11:01:17.0633 4380 ============================================================

11:01:17.0633 4380 \Device\Harddisk0\DR0:

11:01:17.0633 4380 MBR partitions:

11:01:17.0633 4380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1148E800

11:01:17.0633 4380 ============================================================

11:01:17.0667 4380 C: <-> \Device\Harddisk0\DR0\Partition0

11:01:17.0667 4380 ============================================================

11:01:17.0667 4380 Initialize success

11:01:17.0667 4380 ============================================================

11:02:03.0039 4560 ============================================================

11:02:03.0039 4560 Scan started

11:02:03.0039 4560 Mode: Manual; SigCheck; TDLFS;

11:02:03.0039 4560 ============================================================

11:02:04.0072 4560 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

11:02:04.0214 4560 ACPI - ok

11:02:04.0375 4560 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

11:02:04.0390 4560 AdobeFlashPlayerUpdateSvc - ok

11:02:04.0449 4560 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

11:02:04.0470 4560 adp94xx - ok

11:02:04.0520 4560 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

11:02:04.0537 4560 adpahci - ok

11:02:04.0568 4560 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

11:02:04.0581 4560 adpu160m - ok

11:02:04.0600 4560 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

11:02:04.0617 4560 adpu320 - ok

11:02:04.0659 4560 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

11:02:04.0767 4560 AeLookupSvc - ok

11:02:04.0863 4560 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

11:02:04.0951 4560 AFD - ok

11:02:04.0990 4560 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe

11:02:05.0067 4560 AgereModemAudio - ok

11:02:05.0156 4560 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

11:02:05.0262 4560 AgereSoftModem - ok

11:02:05.0316 4560 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

11:02:05.0331 4560 agp440 - ok

11:02:05.0389 4560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

11:02:05.0405 4560 aic78xx - ok

11:02:05.0479 4560 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

11:02:05.0543 4560 ALG - ok

11:02:05.0585 4560 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

11:02:05.0599 4560 aliide - ok

11:02:05.0647 4560 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

11:02:05.0662 4560 amdagp - ok

11:02:05.0684 4560 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

11:02:05.0698 4560 amdide - ok

11:02:05.0719 4560 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

11:02:05.0757 4560 AmdK7 - ok

11:02:05.0800 4560 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

11:02:05.0851 4560 AmdK8 - ok

11:02:06.0073 4560 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe

11:02:06.0088 4560 AntiVirSchedulerService - ok

11:02:06.0139 4560 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

11:02:06.0152 4560 AntiVirService - ok

11:02:06.0219 4560 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys

11:02:06.0262 4560 ApfiltrService - ok

11:02:06.0312 4560 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

11:02:06.0354 4560 Appinfo - ok

11:02:06.0508 4560 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:02:06.0520 4560 Apple Mobile Device - ok

11:02:06.0572 4560 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

11:02:06.0589 4560 arc - ok

11:02:06.0622 4560 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

11:02:06.0638 4560 arcsas - ok

11:02:06.0672 4560 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

11:02:06.0736 4560 AsyncMac - ok

11:02:06.0780 4560 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys

11:02:06.0791 4560 atapi - ok

11:02:06.0854 4560 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

11:02:06.0925 4560 AudioEndpointBuilder - ok

11:02:06.0932 4560 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

11:02:06.0965 4560 Audiosrv - ok

11:02:07.0026 4560 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

11:02:07.0035 4560 avgntflt - ok

11:02:07.0069 4560 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

11:02:07.0079 4560 avipbb - ok

11:02:07.0093 4560 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

11:02:07.0102 4560 avkmgr - ok

11:02:07.0171 4560 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

11:02:07.0233 4560 Beep - ok

11:02:07.0303 4560 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll

11:02:07.0369 4560 BFE - ok

11:02:07.0451 4560 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll

11:02:07.0532 4560 BITS - ok

11:02:07.0581 4560 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

11:02:07.0617 4560 blbdrive - ok

11:02:07.0821 4560 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

11:02:07.0867 4560 Bonjour Service - ok

11:02:07.0922 4560 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

11:02:08.0015 4560 bowser - ok

11:02:08.0078 4560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

11:02:08.0129 4560 BrFiltLo - ok

11:02:08.0160 4560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

11:02:08.0178 4560 BrFiltUp - ok

11:02:08.0286 4560 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

11:02:08.0334 4560 Browser - ok

11:02:08.0396 4560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

11:02:08.0662 4560 Brserid - ok

11:02:08.0727 4560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

11:02:08.0800 4560 BrSerWdm - ok

11:02:08.0860 4560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

11:02:08.0959 4560 BrUsbMdm - ok

11:02:08.0986 4560 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

11:02:09.0026 4560 BrUsbSer - ok

11:02:09.0086 4560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

11:02:09.0147 4560 BTHMODEM - ok

11:02:09.0216 4560 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS

11:02:09.0262 4560 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning

11:02:09.0262 4560 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)

11:02:09.0381 4560 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

11:02:09.0389 4560 camsvc - ok

11:02:09.0437 4560 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

11:02:09.0486 4560 cdfs - ok

11:02:09.0537 4560 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

11:02:09.0593 4560 cdrom - ok

11:02:09.0641 4560 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

11:02:09.0670 4560 CertPropSvc - ok

11:02:09.0729 4560 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

11:02:09.0782 4560 circlass - ok

11:02:09.0899 4560 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

11:02:09.0914 4560 CLFS - ok

11:02:10.0079 4560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:02:10.0090 4560 clr_optimization_v2.0.50727_32 - ok

11:02:10.0191 4560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:02:10.0204 4560 clr_optimization_v4.0.30319_32 - ok

11:02:10.0262 4560 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

11:02:10.0311 4560 CmBatt - ok

11:02:10.0334 4560 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

11:02:10.0344 4560 cmdide - ok

11:02:10.0360 4560 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

11:02:10.0371 4560 Compbatt - ok

11:02:10.0375 4560 COMSysApp - ok

11:02:10.0436 4560 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

11:02:10.0442 4560 ConfigFree Service - ok

11:02:10.0473 4560 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

11:02:10.0481 4560 crcdisk - ok

11:02:10.0500 4560 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

11:02:10.0538 4560 Crusoe - ok

11:02:10.0592 4560 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll

11:02:10.0634 4560 CryptSvc - ok

11:02:10.0785 4560 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

11:02:10.0834 4560 DcomLaunch - ok

11:02:10.0882 4560 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

11:02:10.0967 4560 DfsC - ok

11:02:11.0214 4560 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe

11:02:11.0314 4560 DFSR - ok

11:02:11.0426 4560 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll

11:02:11.0499 4560 Dhcp - ok

11:02:11.0585 4560 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

11:02:11.0600 4560 disk - ok

11:02:11.0697 4560 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll

11:02:11.0783 4560 Dnscache - ok

11:02:11.0861 4560 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll

11:02:11.0912 4560 dot3svc - ok

11:02:11.0976 4560 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

11:02:12.0033 4560 Dot4 - ok

11:02:12.0171 4560 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

11:02:12.0230 4560 Dot4Print - ok

11:02:12.0289 4560 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

11:02:12.0312 4560 dot4usb - ok

11:02:12.0351 4560 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

11:02:12.0398 4560 DPS - ok

11:02:12.0434 4560 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

11:02:12.0475 4560 drmkaud - ok

11:02:12.0518 4560 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

11:02:12.0560 4560 DXGKrnl - ok

11:02:12.0622 4560 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

11:02:12.0668 4560 E1G60 - ok

11:02:12.0719 4560 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

11:02:12.0763 4560 EapHost - ok

11:02:12.0824 4560 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

11:02:12.0837 4560 Ecache - ok

11:02:12.0906 4560 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe

11:02:12.0953 4560 ehRecvr - ok

11:02:12.0981 4560 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe

11:02:13.0025 4560 ehSched - ok

11:02:13.0066 4560 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll

11:02:13.0108 4560 ehstart - ok

11:02:13.0164 4560 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

11:02:13.0183 4560 elxstor - ok

11:02:13.0259 4560 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll

11:02:13.0340 4560 EMDMgmt - ok

11:02:13.0399 4560 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

11:02:13.0452 4560 ErrDev - ok

11:02:13.0520 4560 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll

11:02:13.0553 4560 EventSystem - ok

11:02:13.0697 4560 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

11:02:13.0772 4560 EvtEng ( UnsignedFile.Multi.Generic ) - warning

11:02:13.0772 4560 EvtEng - detected UnsignedFile.Multi.Generic (1)

11:02:13.0827 4560 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

11:02:13.0871 4560 exfat - ok

11:02:13.0917 4560 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

11:02:13.0971 4560 fastfat - ok

11:02:14.0019 4560 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

11:02:14.0062 4560 fdc - ok

11:02:14.0101 4560 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

11:02:14.0154 4560 fdPHost - ok

11:02:14.0179 4560 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

11:02:14.0267 4560 FDResPub - ok

11:02:14.0312 4560 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

11:02:14.0324 4560 FileInfo - ok

11:02:14.0351 4560 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

11:02:14.0380 4560 Filetrace - ok

11:02:14.0423 4560 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

11:02:14.0472 4560 flpydisk - ok

11:02:14.0503 4560 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

11:02:14.0517 4560 FltMgr - ok

11:02:14.0596 4560 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

11:02:14.0605 4560 FontCache3.0.0.0 - ok

11:02:14.0642 4560 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

11:02:14.0684 4560 Fs_Rec - ok

11:02:14.0711 4560 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

11:02:14.0723 4560 gagp30kx - ok

11:02:14.0824 4560 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

11:02:14.0836 4560 GameConsoleService - ok

11:02:14.0892 4560 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:02:14.0900 4560 GEARAspiWDM - ok

11:02:15.0003 4560 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll

11:02:15.0074 4560 gpsvc - ok

11:02:15.0177 4560 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

11:02:15.0188 4560 gupdate - ok

11:02:15.0216 4560 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

11:02:15.0227 4560 gupdatem - ok

11:02:15.0330 4560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

11:02:15.0341 4560 gusvc - ok

11:02:15.0396 4560 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

11:02:15.0450 4560 HdAudAddService - ok

11:02:15.0467 4560 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:02:15.0520 4560 HDAudBus - ok

11:02:15.0565 4560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

11:02:15.0618 4560 HidBth - ok

11:02:15.0639 4560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

11:02:15.0715 4560 HidIr - ok

11:02:15.0760 4560 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

11:02:15.0843 4560 hidserv - ok

11:02:15.0883 4560 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

11:02:15.0940 4560 HidUsb - ok

11:02:15.0975 4560 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

11:02:16.0006 4560 hkmsvc - ok

11:02:16.0029 4560 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

11:02:16.0040 4560 HpCISSs - ok

11:02:16.0083 4560 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

11:02:16.0148 4560 HTTP - ok

11:02:16.0181 4560 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

11:02:16.0191 4560 i2omp - ok

11:02:16.0235 4560 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

11:02:16.0276 4560 i8042prt - ok

11:02:16.0328 4560 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

11:02:16.0342 4560 iaStor - ok

11:02:16.0403 4560 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

11:02:16.0415 4560 iaStorV - ok

11:02:16.0541 4560 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

11:02:16.0563 4560 IDriverT ( UnsignedFile.Multi.Generic ) - warning

11:02:16.0563 4560 IDriverT - detected UnsignedFile.Multi.Generic (1)

11:02:16.0658 4560 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:02:16.0689 4560 idsvc - ok

11:02:16.0848 4560 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys

11:02:16.0999 4560 igfx - ok

11:02:17.0099 4560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

11:02:17.0109 4560 iirsp - ok

11:02:17.0163 4560 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll

11:02:17.0230 4560 IKEEXT - ok

11:02:17.0409 4560 IntcAzAudAddService (1dd40eb58f202880d24fc06a01cc729d) C:\Windows\system32\drivers\RTKVHDA.sys

11:02:17.0484 4560 IntcAzAudAddService - ok

11:02:17.0627 4560 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

11:02:17.0663 4560 IntcHdmiAddService - ok

11:02:17.0711 4560 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

11:02:17.0722 4560 intelide - ok

11:02:17.0759 4560 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

11:02:17.0810 4560 intelppm - ok

11:02:17.0852 4560 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

11:02:17.0910 4560 IPBusEnum - ok

11:02:17.0934 4560 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:02:17.0996 4560 IpFilterDriver - ok

11:02:18.0051 4560 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll

11:02:18.0124 4560 iphlpsvc - ok

11:02:18.0129 4560 IpInIp - ok

11:02:18.0167 4560 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

11:02:18.0229 4560 IPMIDRV - ok

11:02:18.0277 4560 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

11:02:18.0316 4560 IPNAT - ok

11:02:18.0476 4560 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

11:02:18.0509 4560 iPod Service - ok

11:02:18.0543 4560 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

11:02:18.0601 4560 IRENUM - ok

11:02:18.0629 4560 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

11:02:18.0644 4560 isapnp - ok

11:02:18.0710 4560 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

11:02:18.0727 4560 iScsiPrt - ok

11:02:18.0756 4560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

11:02:18.0769 4560 iteatapi - ok

11:02:18.0840 4560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

11:02:18.0854 4560 iteraid - ok

11:02:18.0878 4560 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

11:02:18.0892 4560 kbdclass - ok

11:02:18.0930 4560 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

11:02:18.0995 4560 kbdhid - ok

11:02:19.0036 4560 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

11:02:19.0078 4560 KeyIso - ok

11:02:19.0117 4560 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

11:02:19.0146 4560 KSecDD - ok

11:02:19.0220 4560 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

11:02:19.0290 4560 KtmRm - ok

11:02:19.0334 4560 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll

11:02:19.0359 4560 LanmanServer - ok

11:02:19.0427 4560 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll

11:02:19.0474 4560 LanmanWorkstation - ok

11:02:19.0588 4560 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

11:02:19.0613 4560 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

11:02:19.0613 4560 LightScribeService - detected UnsignedFile.Multi.Generic (1)

11:02:19.0648 4560 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

11:02:19.0697 4560 lltdio - ok

11:02:19.0753 4560 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

11:02:19.0806 4560 lltdsvc - ok

11:02:19.0838 4560 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

11:02:19.0926 4560 lmhosts - ok

11:02:19.0983 4560 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

11:02:19.0992 4560 LSI_FC - ok

11:02:20.0006 4560 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

11:02:20.0015 4560 LSI_SAS - ok

11:02:20.0063 4560 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

11:02:20.0072 4560 LSI_SCSI - ok

11:02:20.0095 4560 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

11:02:20.0119 4560 luafv - ok

11:02:20.0148 4560 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll

11:02:20.0180 4560 Mcx2Svc - ok

11:02:20.0244 4560 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

11:02:20.0253 4560 megasas - ok

11:02:20.0301 4560 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

11:02:20.0318 4560 MegaSR - ok

11:02:20.0370 4560 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

11:02:20.0420 4560 MMCSS - ok

11:02:20.0446 4560 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

11:02:20.0499 4560 Modem - ok

11:02:20.0537 4560 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

11:02:20.0590 4560 monitor - ok

11:02:20.0622 4560 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

11:02:20.0633 4560 mouclass - ok

11:02:20.0643 4560 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

11:02:20.0692 4560 mouhid - ok

11:02:20.0718 4560 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

11:02:20.0729 4560 MountMgr - ok

11:02:20.0762 4560 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

11:02:20.0774 4560 mpio - ok

11:02:20.0795 4560 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

11:02:20.0819 4560 mpsdrv - ok

11:02:20.0851 4560 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll

11:02:20.0913 4560 MpsSvc - ok

11:02:20.0955 4560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

11:02:20.0965 4560 Mraid35x - ok

11:02:20.0987 4560 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

11:02:21.0056 4560 MRxDAV - ok

11:02:21.0114 4560 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:02:21.0143 4560 mrxsmb - ok

11:02:21.0200 4560 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:02:21.0243 4560 mrxsmb10 - ok

11:02:21.0304 4560 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:02:21.0336 4560 mrxsmb20 - ok

11:02:21.0385 4560 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys

11:02:21.0396 4560 msahci - ok

11:02:21.0600 4560 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

11:02:21.0611 4560 MSCamSvc - ok

11:02:21.0646 4560 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

11:02:21.0658 4560 msdsm - ok

11:02:21.0699 4560 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

11:02:21.0760 4560 MSDTC - ok

11:02:21.0797 4560 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

11:02:21.0853 4560 Msfs - ok

11:02:21.0907 4560 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys

11:02:21.0916 4560 MSHUSBVideo - ok

11:02:21.0959 4560 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys

11:02:21.0969 4560 msisadrv - ok

11:02:22.0089 4560 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

11:02:22.0142 4560 MSiSCSI - ok

11:02:22.0146 4560 msiserver - ok

11:02:22.0207 4560 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

11:02:22.0255 4560 MSKSSRV - ok

11:02:22.0288 4560 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

11:02:22.0311 4560 MSPCLOCK - ok

11:02:22.0341 4560 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

11:02:22.0365 4560 MSPQM - ok

11:02:22.0404 4560 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

11:02:22.0414 4560 MsRPC - ok

11:02:22.0430 4560 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys

11:02:22.0438 4560 mssmbios - ok

11:02:22.0473 4560 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

11:02:22.0495 4560 MSTEE - ok

11:02:22.0528 4560 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

11:02:22.0537 4560 Mup - ok

11:02:22.0573 4560 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll

11:02:22.0629 4560 napagent - ok

11:02:22.0692 4560 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

11:02:22.0707 4560 NativeWifiP - ok

11:02:22.0761 4560 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

11:02:22.0783 4560 NDIS - ok

11:02:22.0795 4560 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

11:02:22.0837 4560 NdisTapi - ok

11:02:22.0868 4560 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

11:02:22.0897 4560 Ndisuio - ok

11:02:22.0935 4560 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

11:02:22.0964 4560 NdisWan - ok

11:02:22.0982 4560 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

11:02:23.0028 4560 NDProxy - ok

11:02:23.0107 4560 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

11:02:23.0133 4560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:02:23.0133 4560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:02:23.0162 4560 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

11:02:23.0214 4560 NetBIOS - ok

11:02:23.0256 4560 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

11:02:23.0315 4560 netbt - ok

11:02:23.0359 4560 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

11:02:23.0375 4560 Netlogon - ok

11:02:23.0406 4560 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

11:02:23.0462 4560 Netman - ok

11:02:23.0496 4560 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

11:02:23.0549 4560 netprofm - ok

11:02:23.0624 4560 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:02:23.0635 4560 NetTcpPortSharing - ok

11:02:23.0806 4560 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

11:02:24.0041 4560 NETw5v32 - ok

11:02:24.0162 4560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

11:02:24.0176 4560 nfrd960 - ok

11:02:24.0219 4560 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

11:02:24.0282 4560 NlaSvc - ok

11:02:24.0303 4560 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

11:02:24.0368 4560 Npfs - ok

11:02:24.0409 4560 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

11:02:24.0480 4560 nsi - ok

11:02:24.0522 4560 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

11:02:24.0560 4560 nsiproxy - ok

11:02:24.0620 4560 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

11:02:24.0698 4560 Ntfs - ok

11:02:24.0779 4560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

11:02:24.0875 4560 ntrigdigi - ok

11:02:24.0904 4560 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

11:02:24.0965 4560 Null - ok

11:02:25.0016 4560 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

11:02:25.0032 4560 nvraid - ok

11:02:25.0050 4560 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

11:02:25.0065 4560 nvstor - ok

11:02:25.0085 4560 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

11:02:25.0102 4560 nv_agp - ok

11:02:25.0107 4560 NwlnkFlt - ok

11:02:25.0115 4560 NwlnkFwd - ok

11:02:25.0189 4560 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

11:02:25.0258 4560 ohci1394 - ok

11:02:25.0387 4560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:02:25.0402 4560 ose - ok

11:02:25.0648 4560 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:02:25.0866 4560 osppsvc - ok

11:02:26.0146 4560 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

11:02:26.0201 4560 p2pimsvc - ok

11:02:26.0215 4560 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

11:02:26.0314 4560 p2psvc - ok

11:02:26.0391 4560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

11:02:26.0477 4560 Parport - ok

11:02:26.0505 4560 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

11:02:26.0520 4560 partmgr - ok

11:02:26.0537 4560 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

11:02:26.0633 4560 Parvdm - ok

11:02:26.0675 4560 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

11:02:26.0717 4560 PcaSvc - ok

11:02:26.0744 4560 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys

11:02:26.0762 4560 pci - ok

11:02:26.0791 4560 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

11:02:26.0806 4560 pciide - ok

11:02:26.0842 4560 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

11:02:26.0859 4560 pcmcia - ok

11:02:26.0966 4560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

11:02:27.0057 4560 PEAUTH - ok

11:02:27.0122 4560 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys

11:02:27.0151 4560 PGEffect - ok

11:02:27.0236 4560 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

11:02:27.0333 4560 pla - ok

11:02:27.0446 4560 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll

11:02:27.0510 4560 PlugPlay - ok

11:02:27.0600 4560 PMCF (dffa8a407ad703853fb3253db953c20c) C:\Windows\system32\drivers\PMCF.sys

11:02:27.0609 4560 PMCF - ok

11:02:27.0654 4560 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

11:02:27.0685 4560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

11:02:27.0685 4560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

11:02:27.0752 4560 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

11:02:27.0785 4560 PNRPAutoReg - ok

11:02:27.0797 4560 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

11:02:27.0832 4560 PNRPsvc - ok

11:02:27.0881 4560 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll

11:02:27.0932 4560 PolicyAgent - ok

11:02:27.0976 4560 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

11:02:28.0019 4560 PptpMiniport - ok

11:02:28.0051 4560 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

11:02:28.0088 4560 Processor - ok

11:02:28.0122 4560 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll

11:02:28.0180 4560 ProfSvc - ok

11:02:28.0226 4560 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

11:02:28.0241 4560 ProtectedStorage - ok

11:02:28.0281 4560 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

11:02:28.0345 4560 PSched - ok

11:02:28.0386 4560 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys

11:02:28.0393 4560 PSI - ok

11:02:28.0439 4560 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

11:02:28.0446 4560 PxHelp20 - ok

11:02:28.0501 4560 qcfilterTSH (10a7821507b0eec4aa1453682a24cbc1) C:\Windows\system32\DRIVERS\qcfilterTSH.sys

11:02:28.0554 4560 qcfilterTSH - ok

11:02:28.0584 4560 qcusbnetTSH (848600b136b84442592c1c2bc895f956) C:\Windows\system32\DRIVERS\qcusbnetTSH.sys

11:02:28.0644 4560 qcusbnetTSH - ok

11:02:28.0680 4560 qcusbserTSH (b24f6e60ec594a6c3796b764bcb2ef13) C:\Windows\system32\DRIVERS\qcusbserTSH.sys

11:02:28.0690 4560 qcusbserTSH - ok

11:02:28.0711 4560 QDLService (a8bdbb2e1fa2e5e8eb7d4c4457b79cdd) C:\QUALCOMM\QDLService\QDLService.exe

11:02:28.0723 4560 QDLService - ok

11:02:28.0822 4560 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

11:02:28.0923 4560 ql2300 - ok

11:02:28.0979 4560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

11:02:28.0991 4560 ql40xx - ok

11:02:29.0042 4560 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

11:02:29.0088 4560 QWAVE - ok

11:02:29.0122 4560 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

11:02:29.0168 4560 QWAVEdrv - ok

11:02:29.0191 4560 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

11:02:29.0295 4560 RasAcd - ok

11:02:29.0338 4560 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

11:02:29.0380 4560 RasAuto - ok

11:02:29.0410 4560 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:02:29.0467 4560 Rasl2tp - ok

11:02:29.0519 4560 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll

11:02:29.0564 4560 RasMan - ok

11:02:29.0583 4560 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

11:02:29.0621 4560 RasPppoe - ok

11:02:29.0657 4560 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

11:02:29.0698 4560 RasSstp - ok

11:02:29.0718 4560 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

11:02:29.0785 4560 rdbss - ok

11:02:29.0809 4560 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:02:29.0871 4560 RDPCDD - ok

11:02:29.0920 4560 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

11:02:29.0962 4560 rdpdr - ok

11:02:29.0968 4560 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

11:02:30.0029 4560 RDPENCDD - ok

11:02:30.0066 4560 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

11:02:30.0126 4560 RDPWD - ok

11:02:30.0274 4560 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

11:02:30.0329 4560 RegSrvc ( UnsignedFile.Multi.Generic ) - warning

11:02:30.0330 4560 RegSrvc - detected UnsignedFile.Multi.Generic (1)

11:02:30.0388 4560 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

11:02:30.0429 4560 RemoteAccess - ok

11:02:30.0465 4560 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll

11:02:30.0502 4560 RemoteRegistry - ok

11:02:30.0561 4560 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\Windows\system32\DRIVERS\rimspe86.sys

11:02:30.0621 4560 rimspci - ok

11:02:30.0645 4560 RimUsb - ok

11:02:30.0688 4560 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

11:02:30.0710 4560 RimVSerPort - ok

11:02:30.0746 4560 rixdpcie (0eb91c79a5247941341bbfb50ca3bb6c) C:\Windows\system32\DRIVERS\rixdpe86.sys

11:02:30.0773 4560 rixdpcie - ok

11:02:30.0806 4560 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

11:02:30.0857 4560 ROOTMODEM - ok

11:02:30.0894 4560 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

11:02:30.0931 4560 RpcLocator - ok

11:02:31.0024 4560 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

11:02:31.0049 4560 RpcSs - ok

11:02:31.0166 4560 RSELSVC - ok

11:02:31.0190 4560 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

11:02:31.0219 4560 rspndr - ok

11:02:31.0265 4560 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys

11:02:31.0344 4560 RTL8169 - ok

11:02:31.0382 4560 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

11:02:31.0397 4560 SamSs - ok

11:02:31.0439 4560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

11:02:31.0450 4560 sbp2port - ok

11:02:31.0495 4560 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll

11:02:31.0557 4560 SCardSvr - ok

11:02:31.0628 4560 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll

11:02:31.0656 4560 Schedule - ok

11:02:31.0698 4560 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

11:02:31.0736 4560 SCPolicySvc - ok

11:02:31.0765 4560 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

11:02:31.0805 4560 sdbus - ok

11:02:31.0834 4560 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

11:02:31.0857 4560 SDRSVC - ok

11:02:31.0905 4560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

11:02:31.0977 4560 secdrv - ok

11:02:32.0006 4560 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

11:02:32.0037 4560 seclogon - ok

11:02:32.0242 4560 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe

11:02:32.0313 4560 Secunia PSI Agent - ok

11:02:32.0415 4560 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe

11:02:32.0428 4560 Secunia Update Agent - ok

11:02:32.0614 4560 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

11:02:32.0639 4560 SENS - ok

11:02:32.0681 4560 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

11:02:32.0752 4560 Serenum - ok

11:02:32.0779 4560 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

11:02:32.0850 4560 Serial - ok

11:02:32.0892 4560 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

11:02:32.0921 4560 sermouse - ok

11:02:32.0973 4560 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

11:02:33.0033 4560 SessionEnv - ok

11:02:33.0061 4560 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

11:02:33.0083 4560 sffdisk - ok

11:02:33.0106 4560 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys

11:02:33.0156 4560 sffp_mmc - ok

11:02:33.0181 4560 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys

11:02:33.0204 4560 sffp_sd - ok

11:02:33.0224 4560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

11:02:33.0287 4560 sfloppy - ok

11:02:33.0333 4560 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

11:02:33.0383 4560 SharedAccess - ok

11:02:33.0438 4560 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll

11:02:33.0454 4560 ShellHWDetection - ok

11:02:33.0500 4560 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

11:02:33.0509 4560 sisagp - ok

11:02:33.0527 4560 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

11:02:33.0536 4560 SiSRaid2 - ok

11:02:33.0563 4560 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

11:02:33.0572 4560 SiSRaid4 - ok

11:02:33.0663 4560 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

11:02:33.0673 4560 SkypeUpdate - ok

11:02:33.0806 4560 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe

11:02:34.0015 4560 slsvc - ok

11:02:34.0153 4560 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll

11:02:34.0231 4560 SLUINotify - ok

11:02:34.0302 4560 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

11:02:34.0366 4560 Smb - ok

11:02:34.0411 4560 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

11:02:34.0431 4560 SNMPTRAP - ok

11:02:34.0460 4560 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

11:02:34.0474 4560 spldr - ok

11:02:34.0520 4560 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe

11:02:34.0538 4560 Spooler - ok

11:02:34.0593 4560 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

11:02:34.0650 4560 srv - ok

11:02:34.0708 4560 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

11:02:34.0767 4560 srv2 - ok

11:02:34.0788 4560 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

11:02:34.0825 4560 srvnet - ok

11:02:34.0874 4560 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

11:02:34.0936 4560 SSDPSRV - ok

11:02:34.0971 4560 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

11:02:34.0982 4560 ssmdrv - ok

11:02:35.0021 4560 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

11:02:35.0044 4560 SstpSvc - ok

11:02:35.0108 4560 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll

11:02:35.0141 4560 stisvc - ok

11:02:35.0172 4560 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys

11:02:35.0186 4560 swenum - ok

11:02:35.0213 4560 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll

11:02:35.0260 4560 swprv - ok

11:02:35.0285 4560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

11:02:35.0299 4560 Symc8xx - ok

11:02:35.0323 4560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

11:02:35.0337 4560 Sym_hi - ok

11:02:35.0373 4560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

11:02:35.0387 4560 Sym_u3 - ok

11:02:35.0451 4560 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll

11:02:35.0504 4560 SysMain - ok

11:02:35.0524 4560 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

11:02:35.0574 4560 TabletInputService - ok

11:02:35.0622 4560 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll

11:02:35.0689 4560 TapiSrv - ok

11:02:35.0717 4560 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

11:02:35.0784 4560 TBS - ok

11:02:35.0942 4560 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

11:02:35.0987 4560 Tcpip - ok

11:02:36.0003 4560 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

11:02:36.0044 4560 Tcpip6 - ok

11:02:36.0110 4560 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

11:02:36.0172 4560 tcpipreg - ok

11:02:36.0221 4560 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys

11:02:36.0233 4560 tdcmdpst - ok

11:02:36.0265 4560 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

11:02:36.0322 4560 TDPIPE - ok

11:02:36.0349 4560 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

11:02:36.0388 4560 TDTCP - ok

11:02:36.0412 4560 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

11:02:36.0474 4560 tdx - ok

11:02:36.0513 4560 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys

11:02:36.0525 4560 TermDD - ok

11:02:36.0571 4560 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll

11:02:36.0611 4560 TermService - ok

11:02:36.0650 4560 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll

11:02:36.0670 4560 Themes - ok

11:02:36.0730 4560 Thpdrv (ea15a18dcf3b34d590bc8843d3611ea5) C:\Windows\system32\DRIVERS\thpdrv.sys

11:02:36.0736 4560 Thpdrv - ok

11:02:36.0752 4560 Thpevm (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS

11:02:36.0758 4560 Thpevm - ok

11:02:36.0787 4560 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\Windows\system32\ThpSrv.exe

11:02:36.0804 4560 Thpsrv - ok

11:02:36.0827 4560 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

11:02:36.0851 4560 THREADORDER - ok

11:02:36.0877 4560 THREADORDER32 - ok

11:02:36.0979 4560 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

11:02:36.0987 4560 TNaviSrv - ok

11:02:37.0036 4560 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe

11:02:37.0045 4560 TODDSrv - ok

11:02:37.0109 4560 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

11:02:37.0161 4560 TosCoSrv - ok

11:02:37.0193 4560 TOSHIBA eco Utility Service (9d1c30ce9f1a8488d5d9102c0820743d) C:\Program Files\TOSHIBA\TECO\TecoService.exe

11:02:37.0198 4560 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - warning

11:02:37.0198 4560 TOSHIBA eco Utility Service - detected UnsignedFile.Multi.Generic (1)

11:02:37.0275 4560 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

11:02:37.0279 4560 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - warning

11:02:37.0280 4560 TOSHIBA HDD SSD Alert Service - detected UnsignedFile.Multi.Generic (1)

11:02:37.0382 4560 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

11:02:37.0394 4560 tos_sps32 - ok

11:02:37.0466 4560 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

11:02:37.0492 4560 TrkWks - ok

11:02:37.0568 4560 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe

11:02:37.0597 4560 TrustedInstaller - ok

11:02:37.0633 4560 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:02:37.0690 4560 tssecsrv - ok

11:02:37.0729 4560 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

11:02:37.0744 4560 tunmp - ok

11:02:37.0759 4560 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

11:02:37.0774 4560 tunnel - ok

11:02:37.0805 4560 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

11:02:37.0813 4560 TVALZ - ok

11:02:37.0852 4560 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

11:02:37.0863 4560 uagp35 - ok

11:02:37.0903 4560 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys

11:02:37.0948 4560 udfs - ok

11:02:37.0994 4560 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

11:02:38.0056 4560 UI0Detect - ok

11:02:38.0100 4560 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

11:02:38.0116 4560 uliagpkx - ok

11:02:38.0150 4560 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

11:02:38.0170 4560 uliahci - ok

11:02:38.0184 4560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

11:02:38.0196 4560 UlSata - ok

11:02:38.0251 4560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

11:02:38.0263 4560 ulsata2 - ok

11:02:38.0296 4560 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

11:02:38.0345 4560 umbus - ok

11:02:38.0386 4560 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

11:02:38.0424 4560 upnphost - ok

11:02:38.0506 4560 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

11:02:38.0528 4560 USBAAPL ( UnsignedFile.Multi.Generic ) - warning

11:02:38.0528 4560 USBAAPL - detected UnsignedFile.Multi.Generic (1)

11:02:38.0571 4560 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

11:02:38.0601 4560 usbaudio - ok

11:02:38.0647 4560 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys

11:02:38.0712 4560 usbccgp - ok

11:02:38.0741 4560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

11:02:38.0808 4560 usbcir - ok

11:02:38.0840 4560 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys

11:02:38.0884 4560 usbehci - ok

11:02:38.0933 4560 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys

11:02:38.0945 4560 usbhub - ok

11:02:38.0962 4560 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

11:02:39.0003 4560 usbohci - ok

11:02:39.0032 4560 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

11:02:39.0054 4560 usbprint - ok

11:02:39.0078 4560 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

11:02:39.0123 4560 usbscan - ok

11:02:39.0175 4560 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:02:39.0198 4560 USBSTOR - ok

11:02:39.0207 4560 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys

11:02:39.0241 4560 usbuhci - ok

11:02:39.0309 4560 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

11:02:39.0358 4560 usbvideo - ok

11:02:39.0398 4560 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll

11:02:39.0430 4560 UxSms - ok

11:02:39.0459 4560 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe

11:02:39.0495 4560 vds - ok

11:02:39.0537 4560 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

11:02:39.0573 4560 vga - ok

11:02:39.0602 4560 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

11:02:39.0652 4560 VgaSave - ok

11:02:39.0673 4560 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

11:02:39.0681 4560 viaagp - ok

11:02:39.0698 4560 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

11:02:39.0721 4560 ViaC7 - ok

11:02:39.0755 4560 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

11:02:39.0763 4560 viaide - ok

11:02:39.0780 4560 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys

11:02:39.0789 4560 volmgr - ok

11:02:39.0812 4560 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

11:02:39.0825 4560 volmgrx - ok

11:02:39.0860 4560 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

11:02:39.0872 4560 volsnap - ok

11:02:39.0918 4560 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

11:02:39.0928 4560 vsmraid - ok

11:02:39.0998 4560 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe

11:02:40.0136 4560 VSS - ok

11:02:40.0180 4560 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll

11:02:40.0238 4560 W32Time - ok

11:02:40.0313 4560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

11:02:40.0408 4560 WacomPen - ok

11:02:40.0441 4560 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:02:40.0471 4560 Wanarp - ok

11:02:40.0476 4560 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

11:02:40.0508 4560 Wanarpv6 - ok

11:02:40.0557 4560 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll

11:02:40.0617 4560 wcncsvc - ok

11:02:40.0647 4560 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

11:02:40.0694 4560 WcsPlugInService - ok

11:02:40.0741 4560 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

11:02:40.0752 4560 Wd - ok

11:02:40.0827 4560 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

11:02:40.0883 4560 Wdf01000 - ok

11:02:40.0917 4560 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

11:02:40.0975 4560 WdiServiceHost - ok

11:02:40.0979 4560 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

11:02:41.0012 4560 WdiSystemHost - ok

11:02:41.0046 4560 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll

11:02:41.0065 4560 WebClient - ok

11:02:41.0127 4560 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

11:02:41.0167 4560 Wecsvc - ok

11:02:41.0209 4560 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

11:02:41.0256 4560 wercplsupport - ok

11:02:41.0299 4560 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll

11:02:41.0312 4560 WerSvc - ok

11:02:41.0392 4560 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

11:02:41.0405 4560 WinDefend - ok

11:02:41.0412 4560 WinHttpAutoProxySvc - ok

11:02:41.0464 4560 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll

11:02:41.0513 4560 Winmgmt - ok

11:02:41.0595 4560 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

11:02:41.0681 4560 WinRM - ok

11:02:41.0750 4560 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll

11:02:41.0802 4560 Wlansvc - ok

11:02:41.0882 4560 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

11:02:41.0900 4560 WmiAcpi - ok

11:02:41.0958 4560 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe

11:02:42.0011 4560 wmiApSrv - ok

11:02:42.0150 4560 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

11:02:42.0215 4560 WMPNetworkSvc - ok

11:02:42.0257 4560 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll

11:02:42.0270 4560 WPCSvc - ok

11:02:42.0289 4560 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

11:02:42.0316 4560 WPDBusEnum - ok

11:02:42.0400 4560 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

11:02:42.0434 4560 WpdUsb - ok

11:02:42.0666 4560 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

11:02:42.0694 4560 WPFFontCache_v0400 - ok

11:02:42.0733 4560 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

11:02:42.0756 4560 ws2ifsl - ok

11:02:42.0791 4560 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll

11:02:42.0804 4560 wscsvc - ok

11:02:42.0808 4560 WSearch - ok

11:02:42.0929 4560 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

11:02:43.0023 4560 wuauserv - ok

11:02:43.0173 4560 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:02:43.0203 4560 WUDFRd - ok

11:02:43.0232 4560 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

11:02:43.0265 4560 wudfsvc - ok

11:02:43.0291 4560 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

11:02:44.0240 4560 \Device\Harddisk0\DR0 - ok

11:02:44.0278 4560 Boot (0x1200) (73080fe18bae5e781528fa50fd654e61) \Device\Harddisk0\DR0\Partition0

11:02:44.0280 4560 \Device\Harddisk0\DR0\Partition0 - ok

11:02:44.0280 4560 ============================================================

11:02:44.0280 4560 Scan finished

11:02:44.0280 4560 ============================================================

11:02:44.0299 0580 Detected object count: 10

11:02:44.0299 0580 Actual detected object count: 10

11:04:26.0101 0580 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0101 0580 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0104 0580 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0104 0580 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0107 0580 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0107 0580 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0110 0580 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0110 0580 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0113 0580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0113 0580 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0115 0580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0115 0580 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0118 0580 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0118 0580 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0123 0580 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0123 0580 TOSHIBA eco Utility Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0124 0580 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0124 0580 TOSHIBA HDD SSD Alert Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:04:26.0127 0580 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

11:04:26.0127 0580 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

Hold on. Your system may well have a hidden bootkit. Do NOT use this system for anything at all, other than to access thif forum or the sites I guide you to.

There's a hidden 3rd partition on your disk that is suspicious. And needs some checking.

Make sure you have no external drives attached, nor any USB drives inserted, or any CD or DVD.

The fixes in this Topic are for this system only :excl:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

NEXT: Step 2

Please download Listparts

Right click on the exe to Run the tool, click Scan and post the log (Result.txt) it makes.

Copy & Paste Result.txt for my review.

Step 3

Delete the copy of TDSSKILLER.exe & get the latest version.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Re-enable your antivirus program.

Reply with copy of Result.txt and the latest TDSSKILLER log

Share this post


Link to post
Share on other sites

Hi Maurice Naggar,

Just some small questions to make sure I am doing everything right, before I get started for real. This is my husband's computer I am dealing with and we are not using the same antivirus and firewall, so I quickly want to make sure I switch everything on/off in an appropriate way.

  • The Avira Free Antivirus gives the impression that "Internet protection" is on and working well, but since I cannot click on firewall or any of the other options, I assume that it does NOT include a firewall. That being said, I see that Windows Security Center seems to offer a firewall on this computer, but that it is switched off. Do I switch this firewall on?
  • Besides that, he quickly made some backups on DVD and cleaned up/reorganized some data folders (being well aware that those DVDs might be infected) before I could start with the new steps you sent. I hope that this doesn't cause harm to the strategy you propose. I guess not, but I just wanted to double check.

Thanks,

Effa

Share this post


Link to post
Share on other sites

Hello effa,

Avira Free does not include a software firewall. While I did not ask you to touch the firewall (jsut only turn off temporarily the antivirus), the Windows firewall should be on. So turn it on if it is off.

But please do all you can to do as much as possible of what I had listed before.

Tell your husband and all users of pc, to consider that this pc is in quarantine until such time as we are all done.

That means no websurfing, no online banking or purchasing or shopping; and most especially, no changes to system whilst we are in the hunt to find & clean out pests, infection, etc.

I should probably know what "he" cleaned/reorganized.

Share this post


Link to post
Share on other sites

Hi Maurice Naggar,

When I download Rkill, using the first link, and choose to save it to my desktop (instead of choosing to run it immediately), then Rkill.com is saved to the desktop. When,however, I right-click on the Rkill desktop icon, I cannot choose "run as admin", but I can only choose to "open" (besides deleting, scanning, etc.).

In the "download complete" window, I can choose to run, but then I am not sure if it runs as admin.

What to do best?

Share this post


Link to post
Share on other sites

When you download, you make sure to SAVE it first. To the Desktop.

AFTER the download completes (totally), you can choose 2 ways:

a) Close the browser. Exit Internet Explorer.

Go to your desktop and then start the tool. If on Windows XP, double click to start.

If on Vista or 7, do a Right click and select Run as Administrator.

OR

b) when download completes (totally), click on Open Folder button. It will open a window, with the tool selected.

Start the tool from there.

Share this post


Link to post
Share on other sites

You can find the Listparts and TDSKiller logs below.

Result.txt

ListParts by Farbar Version: 12-03-2012 03

Ran by Carl (administrator) on 30-04-2012 at 14:14:27

Windows Vista (X86)

Running From: C:\Users\Carl\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 44%

Total physical RAM: 3034.42 MB

Available physical RAM: 1692.44 MB

Total Pagefile: 6273.13 MB

Available Pagefile: 4846.86 MB

Total Virtual: 2047.88 MB

Available Virtual: 1960.81 MB

======================= Partitions =========================

1 Drive c: (TI100576V0G) (Fixed) (Total:138.28 GB) (Free:60.56 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 1500 MB 1024 KB

Partition 2 Primary 138 GB 1501 MB

Partition 3 Primary 9 GB 140 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C TI100576V0G NTFS Partition 138 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

TDSSKiller:

14:19:11.0264 5292 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

14:19:11.0482 5292 ============================================================

14:19:11.0482 5292 Current date / time: 2012/04/30 14:19:11.0482

14:19:11.0482 5292 SystemInfo:

14:19:11.0482 5292

14:19:11.0482 5292 OS Version: 6.0.6001 ServicePack: 1.0

14:19:11.0482 5292 Product type: Workstation

14:19:11.0482 5292 ComputerName: CARL-NOTEBOOK

14:19:11.0482 5292 UserName: Carl

14:19:11.0482 5292 Windows directory: C:\Windows

14:19:11.0482 5292 System windows directory: C:\Windows

14:19:11.0482 5292 Processor architecture: Intel x86

14:19:11.0482 5292 Number of processors: 2

14:19:11.0482 5292 Page size: 0x1000

14:19:11.0482 5292 Boot type: Normal boot

14:19:11.0482 5292 ============================================================

14:19:11.0919 5292 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:19:11.0919 5292 ============================================================

14:19:11.0919 5292 \Device\Harddisk0\DR0:

14:19:11.0919 5292 MBR partitions:

14:19:11.0919 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1148E800

14:19:11.0919 5292 ============================================================

14:19:11.0950 5292 C: <-> \Device\Harddisk0\DR0\Partition0

14:19:11.0950 5292 ============================================================

14:19:11.0950 5292 Initialize success

14:19:11.0950 5292 ============================================================

14:19:52.0931 2484 ============================================================

14:19:52.0931 2484 Scan started

14:19:52.0931 2484 Mode: Manual;

14:19:52.0931 2484 ============================================================

14:19:53.0571 2484 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

14:19:53.0587 2484 ACPI - ok

14:19:53.0727 2484 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:19:53.0743 2484 AdobeFlashPlayerUpdateSvc - ok

14:19:53.0836 2484 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

14:19:53.0836 2484 adp94xx - ok

14:19:53.0883 2484 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

14:19:53.0883 2484 adpahci - ok

14:19:53.0899 2484 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

14:19:53.0899 2484 adpu160m - ok

14:19:53.0930 2484 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

14:19:53.0930 2484 adpu320 - ok

14:19:53.0961 2484 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

14:19:53.0961 2484 AeLookupSvc - ok

14:19:54.0055 2484 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

14:19:54.0055 2484 AFD - ok

14:19:54.0101 2484 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe

14:19:54.0101 2484 AgereModemAudio - ok

14:19:54.0195 2484 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

14:19:54.0211 2484 AgereSoftModem - ok

14:19:54.0242 2484 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

14:19:54.0242 2484 agp440 - ok

14:19:54.0289 2484 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:19:54.0289 2484 aic78xx - ok

14:19:54.0335 2484 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

14:19:54.0335 2484 ALG - ok

14:19:54.0382 2484 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

14:19:54.0382 2484 aliide - ok

14:19:54.0413 2484 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

14:19:54.0413 2484 amdagp - ok

14:19:54.0445 2484 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

14:19:54.0445 2484 amdide - ok

14:19:54.0460 2484 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

14:19:54.0460 2484 AmdK7 - ok

14:19:54.0507 2484 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

14:19:54.0523 2484 AmdK8 - ok

14:19:54.0725 2484 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe

14:19:54.0725 2484 AntiVirSchedulerService - ok

14:19:54.0819 2484 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

14:19:54.0819 2484 AntiVirService - ok

14:19:54.0913 2484 ApfiltrService (ccf9cc50dda86023626de4cda96a5934) C:\Windows\system32\DRIVERS\Apfiltr.sys

14:19:54.0913 2484 ApfiltrService - ok

14:19:54.0975 2484 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

14:19:54.0975 2484 Appinfo - ok

14:19:55.0115 2484 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:19:55.0115 2484 Apple Mobile Device - ok

14:19:55.0162 2484 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

14:19:55.0162 2484 arc - ok

14:19:55.0193 2484 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

14:19:55.0193 2484 arcsas - ok

14:19:55.0225 2484 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:19:55.0225 2484 AsyncMac - ok

14:19:55.0256 2484 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys

14:19:55.0256 2484 atapi - ok

14:19:55.0318 2484 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

14:19:55.0334 2484 AudioEndpointBuilder - ok

14:19:55.0334 2484 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll

14:19:55.0334 2484 Audiosrv - ok

14:19:55.0412 2484 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

14:19:55.0427 2484 avgntflt - ok

14:19:55.0490 2484 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

14:19:55.0490 2484 avipbb - ok

14:19:55.0505 2484 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

14:19:55.0505 2484 avkmgr - ok

14:19:55.0568 2484 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:19:55.0568 2484 Beep - ok

14:19:55.0708 2484 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll

14:19:55.0708 2484 BFE - ok

14:19:55.0833 2484 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll

14:19:55.0849 2484 BITS - ok

14:19:55.0911 2484 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

14:19:55.0911 2484 blbdrive - ok

14:19:56.0067 2484 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

14:19:56.0067 2484 Bonjour Service - ok

14:19:56.0129 2484 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

14:19:56.0129 2484 bowser - ok

14:19:56.0192 2484 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:19:56.0192 2484 BrFiltLo - ok

14:19:56.0207 2484 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:19:56.0207 2484 BrFiltUp - ok

14:19:56.0239 2484 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

14:19:56.0239 2484 Browser - ok

14:19:56.0301 2484 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:19:56.0317 2484 Brserid - ok

14:19:56.0348 2484 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:19:56.0348 2484 BrSerWdm - ok

14:19:56.0379 2484 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:19:56.0379 2484 BrUsbMdm - ok

14:19:56.0395 2484 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:19:56.0395 2484 BrUsbSer - ok

14:19:56.0426 2484 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:19:56.0441 2484 BTHMODEM - ok

14:19:56.0488 2484 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS

14:19:56.0488 2484 BVRPMPR5 - ok

14:19:56.0566 2484 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

14:19:56.0566 2484 camsvc - ok

14:19:56.0613 2484 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:19:56.0613 2484 cdfs - ok

14:19:56.0675 2484 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

14:19:56.0675 2484 cdrom - ok

14:19:56.0707 2484 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

14:19:56.0707 2484 CertPropSvc - ok

14:19:56.0738 2484 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

14:19:56.0738 2484 circlass - ok

14:19:56.0769 2484 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

14:19:56.0769 2484 CLFS - ok

14:19:56.0831 2484 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:19:56.0831 2484 clr_optimization_v2.0.50727_32 - ok

14:19:56.0956 2484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:19:56.0956 2484 clr_optimization_v4.0.30319_32 - ok

14:19:57.0019 2484 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:19:57.0019 2484 CmBatt - ok

14:19:57.0034 2484 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

14:19:57.0034 2484 cmdide - ok

14:19:57.0050 2484 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:19:57.0050 2484 Compbatt - ok

14:19:57.0050 2484 COMSysApp - ok

14:19:57.0112 2484 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

14:19:57.0112 2484 ConfigFree Service - ok

14:19:57.0159 2484 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

14:19:57.0159 2484 crcdisk - ok

14:19:57.0175 2484 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

14:19:57.0175 2484 Crusoe - ok

14:19:57.0237 2484 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll

14:19:57.0237 2484 CryptSvc - ok

14:19:57.0299 2484 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

14:19:57.0315 2484 DcomLaunch - ok

14:19:57.0377 2484 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

14:19:57.0377 2484 DfsC - ok

14:19:57.0502 2484 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe

14:19:57.0533 2484 DFSR - ok

14:19:57.0643 2484 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll

14:19:57.0658 2484 Dhcp - ok

14:19:57.0736 2484 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

14:19:57.0736 2484 disk - ok

14:19:57.0767 2484 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll

14:19:57.0783 2484 Dnscache - ok

14:19:57.0814 2484 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll

14:19:57.0814 2484 dot3svc - ok

14:19:57.0877 2484 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

14:19:57.0877 2484 Dot4 - ok

14:19:57.0908 2484 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

14:19:57.0908 2484 Dot4Print - ok

14:19:57.0939 2484 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

14:19:57.0939 2484 dot4usb - ok

14:19:57.0986 2484 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

14:19:57.0986 2484 DPS - ok

14:19:58.0017 2484 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:19:58.0017 2484 drmkaud - ok

14:19:58.0048 2484 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

14:19:58.0064 2484 DXGKrnl - ok

14:19:58.0126 2484 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:19:58.0126 2484 E1G60 - ok

14:19:58.0173 2484 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

14:19:58.0173 2484 EapHost - ok

14:19:58.0220 2484 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

14:19:58.0220 2484 Ecache - ok

14:19:58.0298 2484 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe

14:19:58.0298 2484 ehRecvr - ok

14:19:58.0313 2484 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe

14:19:58.0313 2484 ehSched - ok

14:19:58.0329 2484 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll

14:19:58.0329 2484 ehstart - ok

14:19:58.0391 2484 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

14:19:58.0391 2484 elxstor - ok

14:19:58.0454 2484 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll

14:19:58.0454 2484 EMDMgmt - ok

14:19:58.0516 2484 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

14:19:58.0516 2484 ErrDev - ok

14:19:58.0594 2484 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll

14:19:58.0594 2484 EventSystem - ok

14:19:58.0735 2484 EvtEng (54b6e150bff4a47eb0d204119d262e46) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

14:19:58.0735 2484 EvtEng - ok

14:19:58.0781 2484 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

14:19:58.0781 2484 exfat - ok

14:19:58.0813 2484 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

14:19:58.0828 2484 fastfat - ok

14:19:58.0859 2484 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

14:19:58.0859 2484 fdc - ok

14:19:58.0906 2484 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

14:19:58.0906 2484 fdPHost - ok

14:19:58.0922 2484 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

14:19:58.0922 2484 FDResPub - ok

14:19:58.0953 2484 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:19:58.0953 2484 FileInfo - ok

14:19:58.0984 2484 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:19:58.0984 2484 Filetrace - ok

14:19:59.0031 2484 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

14:19:59.0031 2484 flpydisk - ok

14:19:59.0047 2484 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

14:19:59.0047 2484 FltMgr - ok

14:19:59.0125 2484 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:19:59.0125 2484 FontCache3.0.0.0 - ok

14:19:59.0171 2484 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:19:59.0171 2484 Fs_Rec - ok

14:19:59.0187 2484 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

14:19:59.0187 2484 gagp30kx - ok

14:19:59.0296 2484 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

14:19:59.0296 2484 GameConsoleService - ok

14:19:59.0343 2484 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:19:59.0343 2484 GEARAspiWDM - ok

14:19:59.0452 2484 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll

14:19:59.0499 2484 gpsvc - ok

14:19:59.0608 2484 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

14:19:59.0608 2484 gupdate - ok

14:19:59.0655 2484 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

14:19:59.0655 2484 gupdatem - ok

14:19:59.0717 2484 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:19:59.0717 2484 gusvc - ok

14:19:59.0764 2484 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:19:59.0780 2484 HdAudAddService - ok

14:19:59.0795 2484 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:19:59.0795 2484 HDAudBus - ok

14:19:59.0827 2484 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:19:59.0827 2484 HidBth - ok

14:19:59.0858 2484 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:19:59.0858 2484 HidIr - ok

14:19:59.0889 2484 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll

14:19:59.0889 2484 hidserv - ok

14:19:59.0889 2484 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

14:19:59.0889 2484 HidUsb - ok

14:19:59.0936 2484 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

14:19:59.0936 2484 hkmsvc - ok

14:19:59.0983 2484 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

14:19:59.0983 2484 HpCISSs - ok

14:20:00.0092 2484 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

14:20:00.0107 2484 HTTP - ok

14:20:00.0123 2484 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

14:20:00.0123 2484 i2omp - ok

14:20:00.0185 2484 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:20:00.0185 2484 i8042prt - ok

14:20:00.0232 2484 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys

14:20:00.0232 2484 iaStor - ok

14:20:00.0279 2484 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

14:20:00.0279 2484 iaStorV - ok

14:20:00.0404 2484 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

14:20:00.0404 2484 IDriverT - ok

14:20:00.0544 2484 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:20:00.0560 2484 idsvc - ok

14:20:00.0685 2484 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:20:00.0716 2484 igfx - ok

14:20:00.0825 2484 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:20:00.0825 2484 iirsp - ok

14:20:00.0872 2484 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll

14:20:00.0887 2484 IKEEXT - ok

14:20:01.0012 2484 IntcAzAudAddService (1dd40eb58f202880d24fc06a01cc729d) C:\Windows\system32\drivers\RTKVHDA.sys

14:20:01.0043 2484 IntcAzAudAddService - ok

14:20:01.0168 2484 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

14:20:01.0168 2484 IntcHdmiAddService - ok

14:20:01.0231 2484 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:20:01.0231 2484 intelide - ok

14:20:01.0262 2484 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:20:01.0262 2484 intelppm - ok

14:20:01.0293 2484 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

14:20:01.0309 2484 IPBusEnum - ok

14:20:01.0324 2484 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:20:01.0324 2484 IpFilterDriver - ok

14:20:01.0371 2484 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll

14:20:01.0371 2484 iphlpsvc - ok

14:20:01.0371 2484 IpInIp - ok

14:20:01.0402 2484 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

14:20:01.0402 2484 IPMIDRV - ok

14:20:01.0418 2484 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:20:01.0418 2484 IPNAT - ok

14:20:01.0605 2484 iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

14:20:01.0621 2484 iPod Service - ok

14:20:01.0683 2484 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:20:01.0683 2484 IRENUM - ok

14:20:01.0714 2484 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

14:20:01.0714 2484 isapnp - ok

14:20:01.0745 2484 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

14:20:01.0745 2484 iScsiPrt - ok

14:20:01.0761 2484 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:20:01.0777 2484 iteatapi - ok

14:20:01.0823 2484 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:20:01.0839 2484 iteraid - ok

14:20:01.0855 2484 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:20:01.0855 2484 kbdclass - ok

14:20:01.0870 2484 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

14:20:01.0870 2484 kbdhid - ok

14:20:01.0901 2484 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

14:20:01.0901 2484 KeyIso - ok

14:20:01.0933 2484 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

14:20:01.0933 2484 KSecDD - ok

14:20:02.0011 2484 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

14:20:02.0011 2484 KtmRm - ok

14:20:02.0057 2484 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll

14:20:02.0057 2484 LanmanServer - ok

14:20:02.0104 2484 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll

14:20:02.0104 2484 LanmanWorkstation - ok

14:20:02.0229 2484 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

14:20:02.0229 2484 LightScribeService - ok

14:20:02.0245 2484 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:20:02.0245 2484 lltdio - ok

14:20:02.0291 2484 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

14:20:02.0291 2484 lltdsvc - ok

14:20:02.0323 2484 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

14:20:02.0323 2484 lmhosts - ok

14:20:02.0354 2484 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

14:20:02.0354 2484 LSI_FC - ok

14:20:02.0401 2484 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

14:20:02.0401 2484 LSI_SAS - ok

14:20:02.0447 2484 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

14:20:02.0447 2484 LSI_SCSI - ok

14:20:02.0525 2484 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:20:02.0525 2484 luafv - ok

14:20:02.0557 2484 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll

14:20:02.0557 2484 Mcx2Svc - ok

14:20:02.0619 2484 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

14:20:02.0619 2484 megasas - ok

14:20:02.0666 2484 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

14:20:02.0666 2484 MegaSR - ok

14:20:02.0697 2484 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:20:02.0697 2484 MMCSS - ok

14:20:02.0728 2484 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:20:02.0728 2484 Modem - ok

14:20:02.0744 2484 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:20:02.0744 2484 monitor - ok

14:20:02.0775 2484 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:20:02.0775 2484 mouclass - ok

14:20:02.0775 2484 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:20:02.0775 2484 mouhid - ok

14:20:02.0791 2484 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:20:02.0806 2484 MountMgr - ok

14:20:02.0837 2484 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

14:20:02.0837 2484 mpio - ok

14:20:02.0853 2484 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:20:02.0853 2484 mpsdrv - ok

14:20:02.0884 2484 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll

14:20:02.0900 2484 MpsSvc - ok

14:20:02.0915 2484 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:20:02.0915 2484 Mraid35x - ok

14:20:02.0947 2484 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

14:20:02.0947 2484 MRxDAV - ok

14:20:03.0009 2484 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:20:03.0009 2484 mrxsmb - ok

14:20:03.0071 2484 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:20:03.0071 2484 mrxsmb10 - ok

14:20:03.0087 2484 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:20:03.0087 2484 mrxsmb20 - ok

14:20:03.0134 2484 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys

14:20:03.0134 2484 msahci - ok

14:20:03.0321 2484 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe

14:20:03.0321 2484 MSCamSvc - ok

14:20:03.0352 2484 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

14:20:03.0368 2484 msdsm - ok

14:20:03.0399 2484 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

14:20:03.0399 2484 MSDTC - ok

14:20:03.0446 2484 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:20:03.0446 2484 Msfs - ok

14:20:03.0493 2484 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys

14:20:03.0524 2484 MSHUSBVideo - ok

14:20:03.0602 2484 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys

14:20:03.0602 2484 msisadrv - ok

14:20:03.0649 2484 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

14:20:03.0649 2484 MSiSCSI - ok

14:20:03.0649 2484 msiserver - ok

14:20:03.0727 2484 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:20:03.0727 2484 MSKSSRV - ok

14:20:03.0742 2484 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:20:03.0742 2484 MSPCLOCK - ok

14:20:03.0773 2484 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:20:03.0773 2484 MSPQM - ok

14:20:03.0820 2484 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

14:20:03.0820 2484 MsRPC - ok

14:20:03.0867 2484 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys

14:20:03.0867 2484 mssmbios - ok

14:20:03.0914 2484 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:20:03.0914 2484 MSTEE - ok

14:20:03.0961 2484 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

14:20:03.0961 2484 Mup - ok

14:20:04.0007 2484 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll

14:20:04.0023 2484 napagent - ok

14:20:04.0070 2484 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

14:20:04.0070 2484 NativeWifiP - ok

14:20:04.0132 2484 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys

14:20:04.0132 2484 NDIS - ok

14:20:04.0148 2484 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:20:04.0148 2484 NdisTapi - ok

14:20:04.0163 2484 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:20:04.0163 2484 Ndisuio - ok

14:20:04.0195 2484 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

14:20:04.0195 2484 NdisWan - ok

14:20:04.0210 2484 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:20:04.0226 2484 NDProxy - ok

14:20:04.0288 2484 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll

14:20:04.0288 2484 Net Driver HPZ12 - ok

14:20:04.0304 2484 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:20:04.0304 2484 NetBIOS - ok

14:20:04.0351 2484 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

14:20:04.0351 2484 netbt - ok

14:20:04.0382 2484 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

14:20:04.0382 2484 Netlogon - ok

14:20:04.0413 2484 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

14:20:04.0429 2484 Netman - ok

14:20:04.0444 2484 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

14:20:04.0444 2484 netprofm - ok

14:20:04.0522 2484 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:20:04.0522 2484 NetTcpPortSharing - ok

14:20:04.0725 2484 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys

14:20:04.0834 2484 NETw5v32 - ok

14:20:04.0959 2484 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:20:04.0959 2484 nfrd960 - ok

14:20:05.0006 2484 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

14:20:05.0006 2484 NlaSvc - ok

14:20:05.0021 2484 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

14:20:05.0021 2484 Npfs - ok

14:20:05.0037 2484 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

14:20:05.0053 2484 nsi - ok

14:20:05.0084 2484 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:20:05.0084 2484 nsiproxy - ok

14:20:05.0131 2484 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

14:20:05.0146 2484 Ntfs - ok

14:20:05.0193 2484 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:20:05.0193 2484 ntrigdigi - ok

14:20:05.0224 2484 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:20:05.0224 2484 Null - ok

14:20:05.0255 2484 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

14:20:05.0255 2484 nvraid - ok

14:20:05.0271 2484 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

14:20:05.0271 2484 nvstor - ok

14:20:05.0318 2484 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

14:20:05.0318 2484 nv_agp - ok

14:20:05.0333 2484 NwlnkFlt - ok

14:20:05.0333 2484 NwlnkFwd - ok

14:20:05.0380 2484 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:20:05.0380 2484 ohci1394 - ok

14:20:05.0505 2484 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:20:05.0536 2484 ose - ok

14:20:05.0895 2484 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:20:06.0020 2484 osppsvc - ok

14:20:06.0145 2484 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

14:20:06.0145 2484 p2pimsvc - ok

14:20:06.0160 2484 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

14:20:06.0176 2484 p2psvc - ok

14:20:06.0238 2484 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:20:06.0238 2484 Parport - ok

14:20:06.0269 2484 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

14:20:06.0269 2484 partmgr - ok

14:20:06.0285 2484 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:20:06.0285 2484 Parvdm - ok

14:20:06.0316 2484 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

14:20:06.0332 2484 PcaSvc - ok

14:20:06.0347 2484 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys

14:20:06.0347 2484 pci - ok

14:20:06.0379 2484 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

14:20:06.0379 2484 pciide - ok

14:20:06.0410 2484 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

14:20:06.0410 2484 pcmcia - ok

14:20:06.0472 2484 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:20:06.0488 2484 PEAUTH - ok

14:20:06.0566 2484 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys

14:20:06.0566 2484 PGEffect - ok

14:20:06.0706 2484 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

14:20:06.0737 2484 pla - ok

14:20:06.0831 2484 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll

14:20:06.0847 2484 PlugPlay - ok

14:20:06.0925 2484 PMCF (dffa8a407ad703853fb3253db953c20c) C:\Windows\system32\drivers\PMCF.sys

14:20:06.0925 2484 PMCF - ok

14:20:06.0971 2484 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll

14:20:06.0987 2484 Pml Driver HPZ12 - ok

14:20:07.0034 2484 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

14:20:07.0034 2484 PNRPAutoReg - ok

14:20:07.0049 2484 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll

14:20:07.0065 2484 PNRPsvc - ok

14:20:07.0096 2484 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll

14:20:07.0112 2484 PolicyAgent - ok

14:20:07.0143 2484 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:20:07.0143 2484 PptpMiniport - ok

14:20:07.0174 2484 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

14:20:07.0174 2484 Processor - ok

14:20:07.0205 2484 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll

14:20:07.0221 2484 ProfSvc - ok

14:20:07.0252 2484 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

14:20:07.0252 2484 ProtectedStorage - ok

14:20:07.0283 2484 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

14:20:07.0283 2484 PSched - ok

14:20:07.0315 2484 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys

14:20:07.0330 2484 PSI - ok

14:20:07.0377 2484 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

14:20:07.0377 2484 PxHelp20 - ok

14:20:07.0424 2484 qcfilterTSH (10a7821507b0eec4aa1453682a24cbc1) C:\Windows\system32\DRIVERS\qcfilterTSH.sys

14:20:07.0424 2484 qcfilterTSH - ok

14:20:07.0455 2484 qcusbnetTSH (848600b136b84442592c1c2bc895f956) C:\Windows\system32\DRIVERS\qcusbnetTSH.sys

14:20:07.0455 2484 qcusbnetTSH - ok

14:20:07.0471 2484 qcusbserTSH (b24f6e60ec594a6c3796b764bcb2ef13) C:\Windows\system32\DRIVERS\qcusbserTSH.sys

14:20:07.0471 2484 qcusbserTSH - ok

14:20:07.0517 2484 QDLService (a8bdbb2e1fa2e5e8eb7d4c4457b79cdd) C:\QUALCOMM\QDLService\QDLService.exe

14:20:07.0533 2484 QDLService - ok

14:20:07.0627 2484 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

14:20:07.0642 2484 ql2300 - ok

14:20:07.0705 2484 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:20:07.0705 2484 ql40xx - ok

14:20:07.0751 2484 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

14:20:07.0751 2484 QWAVE - ok

14:20:07.0767 2484 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:20:07.0767 2484 QWAVEdrv - ok

14:20:07.0783 2484 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:20:07.0783 2484 RasAcd - ok

14:20:07.0814 2484 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

14:20:07.0814 2484 RasAuto - ok

14:20:07.0861 2484 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:20:07.0861 2484 Rasl2tp - ok

14:20:07.0876 2484 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll

14:20:07.0876 2484 RasMan - ok

14:20:07.0892 2484 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

14:20:07.0892 2484 RasPppoe - ok

14:20:07.0907 2484 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

14:20:07.0923 2484 RasSstp - ok

14:20:07.0954 2484 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

14:20:07.0954 2484 rdbss - ok

14:20:07.0970 2484 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:20:07.0970 2484 RDPCDD - ok

14:20:08.0001 2484 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

14:20:08.0001 2484 rdpdr - ok

14:20:08.0001 2484 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:20:08.0017 2484 RDPENCDD - ok

14:20:08.0063 2484 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

14:20:08.0063 2484 RDPWD - ok

14:20:08.0204 2484 RegSrvc (3ff45b7f17d5837216abae652cc61540) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

14:20:08.0219 2484 RegSrvc - ok

14:20:08.0266 2484 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

14:20:08.0266 2484 RemoteAccess - ok

14:20:08.0297 2484 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll

14:20:08.0297 2484 RemoteRegistry - ok

14:20:08.0360 2484 rimspci (571e6ae8d33f6aaaf342d0919630f901) C:\Windows\system32\DRIVERS\rimspe86.sys

14:20:08.0360 2484 rimspci - ok

14:20:08.0375 2484 RimUsb - ok

14:20:08.0422 2484 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys

14:20:08.0422 2484 RimVSerPort - ok

14:20:08.0453 2484 rixdpcie (0eb91c79a5247941341bbfb50ca3bb6c) C:\Windows\system32\DRIVERS\rixdpe86.sys

14:20:08.0453 2484 rixdpcie - ok

14:20:08.0485 2484 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

14:20:08.0485 2484 ROOTMODEM - ok

14:20:08.0516 2484 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

14:20:08.0516 2484 RpcLocator - ok

14:20:08.0578 2484 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll

14:20:08.0594 2484 RpcSs - ok

14:20:08.0672 2484 RSELSVC - ok

14:20:08.0703 2484 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:20:08.0703 2484 rspndr - ok

14:20:08.0750 2484 RTL8169 (034033f5a921764d8c4ba6698800d95b) C:\Windows\system32\DRIVERS\Rtlh86.sys

14:20:08.0750 2484 RTL8169 - ok

14:20:08.0781 2484 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe

14:20:08.0781 2484 SamSs - ok

14:20:08.0843 2484 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:20:08.0843 2484 sbp2port - ok

14:20:08.0890 2484 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll

14:20:08.0890 2484 SCardSvr - ok

14:20:08.0954 2484 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll

14:20:08.0969 2484 Schedule - ok

14:20:08.0985 2484 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll

14:20:08.0985 2484 SCPolicySvc - ok

14:20:09.0016 2484 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

14:20:09.0032 2484 sdbus - ok

14:20:09.0063 2484 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

14:20:09.0063 2484 SDRSVC - ok

14:20:09.0078 2484 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:20:09.0078 2484 secdrv - ok

14:20:09.0078 2484 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

14:20:09.0094 2484 seclogon - ok

14:20:09.0297 2484 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe

14:20:09.0297 2484 Secunia PSI Agent - ok

14:20:09.0406 2484 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe

14:20:09.0406 2484 Secunia Update Agent - ok

14:20:09.0500 2484 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

14:20:09.0515 2484 SENS - ok

14:20:09.0578 2484 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:20:09.0578 2484 Serenum - ok

14:20:09.0593 2484 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:20:09.0593 2484 Serial - ok

14:20:09.0624 2484 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:20:09.0624 2484 sermouse - ok

14:20:09.0671 2484 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

14:20:09.0671 2484 SessionEnv - ok

14:20:09.0702 2484 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

14:20:09.0702 2484 sffdisk - ok

14:20:09.0734 2484 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\DRIVERS\sffp_mmc.sys

14:20:09.0734 2484 sffp_mmc - ok

14:20:09.0734 2484 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys

14:20:09.0734 2484 sffp_sd - ok

14:20:09.0765 2484 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:20:09.0765 2484 sfloppy - ok

14:20:09.0827 2484 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

14:20:09.0827 2484 SharedAccess - ok

14:20:09.0890 2484 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll

14:20:09.0890 2484 ShellHWDetection - ok

14:20:09.0952 2484 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

14:20:09.0952 2484 sisagp - ok

14:20:09.0983 2484 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

14:20:09.0983 2484 SiSRaid2 - ok

14:20:10.0014 2484 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

14:20:10.0030 2484 SiSRaid4 - ok

14:20:10.0139 2484 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

14:20:10.0139 2484 SkypeUpdate - ok

14:20:10.0326 2484 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe

14:20:10.0389 2484 slsvc - ok

14:20:10.0482 2484 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll

14:20:10.0498 2484 SLUINotify - ok

14:20:10.0545 2484 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

14:20:10.0545 2484 Smb - ok

14:20:10.0560 2484 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

14:20:10.0560 2484 SNMPTRAP - ok

14:20:10.0576 2484 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:20:10.0576 2484 spldr - ok

14:20:10.0607 2484 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe

14:20:10.0623 2484 Spooler - ok

14:20:10.0670 2484 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

14:20:10.0685 2484 srv - ok

14:20:10.0763 2484 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

14:20:10.0763 2484 srv2 - ok

14:20:10.0779 2484 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

14:20:10.0779 2484 srvnet - ok

14:20:10.0826 2484 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

14:20:10.0826 2484 SSDPSRV - ok

14:20:10.0857 2484 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

14:20:10.0857 2484 ssmdrv - ok

14:20:10.0919 2484 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

14:20:10.0919 2484 SstpSvc - ok

14:20:10.0982 2484 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll

14:20:10.0997 2484 stisvc - ok

14:20:11.0013 2484 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys

14:20:11.0013 2484 swenum - ok

14:20:11.0044 2484 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll

14:20:11.0060 2484 swprv - ok

14:20:11.0075 2484 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:20:11.0075 2484 Symc8xx - ok

14:20:11.0106 2484 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:20:11.0106 2484 Sym_hi - ok

14:20:11.0138 2484 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:20:11.0138 2484 Sym_u3 - ok

14:20:11.0216 2484 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll

14:20:11.0216 2484 SysMain - ok

14:20:11.0247 2484 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

14:20:11.0247 2484 TabletInputService - ok

14:20:11.0278 2484 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll

14:20:11.0278 2484 TapiSrv - ok

14:20:11.0294 2484 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

14:20:11.0294 2484 TBS - ok

14:20:11.0387 2484 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

14:20:11.0403 2484 Tcpip - ok

14:20:11.0403 2484 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

14:20:11.0418 2484 Tcpip6 - ok

14:20:11.0450 2484 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

14:20:11.0450 2484 tcpipreg - ok

14:20:11.0496 2484 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys

14:20:11.0496 2484 tdcmdpst - ok

14:20:11.0512 2484 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:20:11.0512 2484 TDPIPE - ok

14:20:11.0528 2484 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:20:11.0528 2484 TDTCP - ok

14:20:11.0543 2484 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

14:20:11.0543 2484 tdx - ok

14:20:11.0574 2484 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys

14:20:11.0590 2484 TermDD - ok

14:20:11.0637 2484 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll

14:20:11.0637 2484 TermService - ok

14:20:11.0699 2484 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll

14:20:11.0699 2484 Themes - ok

14:20:11.0762 2484 Thpdrv (ea15a18dcf3b34d590bc8843d3611ea5) C:\Windows\system32\DRIVERS\thpdrv.sys

14:20:11.0762 2484 Thpdrv - ok

14:20:11.0762 2484 Thpevm (ee6fe4f18657c6afed533a5d8fd4af5c) C:\Windows\system32\DRIVERS\Thpevm.SYS

14:20:11.0762 2484 Thpevm - ok

14:20:11.0793 2484 Thpsrv (a2b6029763f7c7d340aea8a0b1d44306) C:\Windows\system32\ThpSrv.exe

14:20:11.0808 2484 Thpsrv - ok

14:20:11.0840 2484 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

14:20:11.0840 2484 THREADORDER - ok

14:20:11.0855 2484 THREADORDER32 - ok

14:20:11.0949 2484 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

14:20:11.0949 2484 TNaviSrv - ok

14:20:11.0980 2484 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe

14:20:11.0980 2484 TODDSrv - ok

14:20:12.0058 2484 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

14:20:12.0058 2484 TosCoSrv - ok

14:20:12.0089 2484 TOSHIBA eco Utility Service (9d1c30ce9f1a8488d5d9102c0820743d) C:\Program Files\TOSHIBA\TECO\TecoService.exe

14:20:12.0089 2484 TOSHIBA eco Utility Service - ok

14:20:12.0167 2484 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

14:20:12.0167 2484 TOSHIBA HDD SSD Alert Service - ok

14:20:12.0261 2484 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

14:20:12.0261 2484 tos_sps32 - ok

14:20:12.0308 2484 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

14:20:12.0308 2484 TrkWks - ok

14:20:12.0354 2484 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe

14:20:12.0354 2484 TrustedInstaller - ok

14:20:12.0386 2484 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:20:12.0386 2484 tssecsrv - ok

14:20:12.0432 2484 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:20:12.0432 2484 tunmp - ok

14:20:12.0464 2484 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

14:20:12.0464 2484 tunnel - ok

14:20:12.0495 2484 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

14:20:12.0495 2484 TVALZ - ok

14:20:12.0526 2484 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

14:20:12.0526 2484 uagp35 - ok

14:20:12.0557 2484 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys

14:20:12.0557 2484 udfs - ok

14:20:12.0604 2484 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

14:20:12.0604 2484 UI0Detect - ok

14:20:12.0666 2484 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

14:20:12.0666 2484 uliagpkx - ok

14:20:12.0713 2484 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

14:20:12.0713 2484 uliahci - ok

14:20:12.0729 2484 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:20:12.0729 2484 UlSata - ok

14:20:12.0760 2484 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:20:12.0760 2484 ulsata2 - ok

14:20:12.0791 2484 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:20:12.0807 2484 umbus - ok

14:20:12.0838 2484 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

14:20:12.0838 2484 upnphost - ok

14:20:12.0900 2484 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

14:20:12.0916 2484 USBAAPL - ok

14:20:12.0947 2484 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

14:20:12.0947 2484 usbaudio - ok

14:20:13.0010 2484 usbccgp (3955375c83afbe4b110c5fb1231345af) C:\Windows\system32\DRIVERS\usbccgp.sys

14:20:13.0010 2484 usbccgp - ok

14:20:13.0025 2484 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:20:13.0025 2484 usbcir - ok

14:20:13.0072 2484 usbehci (7f8d9d95a00072ccdd43ad3f7b4450c2) C:\Windows\system32\DRIVERS\usbehci.sys

14:20:13.0072 2484 usbehci - ok

14:20:13.0088 2484 usbhub (63b44b390451ed3b95405adddcc1984e) C:\Windows\system32\DRIVERS\usbhub.sys

14:20:13.0088 2484 usbhub - ok

14:20:13.0103 2484 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:20:13.0103 2484 usbohci - ok

14:20:13.0150 2484 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:20:13.0150 2484 usbprint - ok

14:20:13.0181 2484 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

14:20:13.0181 2484 usbscan - ok

14:20:13.0228 2484 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:20:13.0228 2484 USBSTOR - ok

14:20:13.0244 2484 usbuhci (ca62c65383513c365e1ca5796ccac7b5) C:\Windows\system32\DRIVERS\usbuhci.sys

14:20:13.0244 2484 usbuhci - ok

14:20:13.0275 2484 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

14:20:13.0275 2484 usbvideo - ok

14:20:13.0306 2484 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll

14:20:13.0306 2484 UxSms - ok

14:20:13.0337 2484 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe

14:20:13.0353 2484 vds - ok

14:20:13.0384 2484 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

14:20:13.0384 2484 vga - ok

14:20:13.0400 2484 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:20:13.0400 2484 VgaSave - ok

14:20:13.0431 2484 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

14:20:13.0431 2484 viaagp - ok

14:20:13.0446 2484 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

14:20:13.0446 2484 ViaC7 - ok

14:20:13.0462 2484 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

14:20:13.0462 2484 viaide - ok

14:20:13.0509 2484 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys

14:20:13.0509 2484 volmgr - ok

14:20:13.0524 2484 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

14:20:13.0524 2484 volmgrx - ok

14:20:13.0556 2484 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

14:20:13.0556 2484 volsnap - ok

14:20:13.0571 2484 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

14:20:13.0571 2484 vsmraid - ok

14:20:13.0649 2484 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe

14:20:13.0665 2484 VSS - ok

14:20:13.0712 2484 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll

14:20:13.0712 2484 W32Time - ok

14:20:13.0805 2484 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:20:13.0805 2484 WacomPen - ok

14:20:13.0836 2484 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:20:13.0836 2484 Wanarp - ok

14:20:13.0852 2484 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:20:13.0852 2484 Wanarpv6 - ok

14:20:13.0899 2484 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll

14:20:13.0914 2484 wcncsvc - ok

14:20:13.0930 2484 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

14:20:13.0930 2484 WcsPlugInService - ok

14:20:13.0961 2484 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

14:20:13.0961 2484 Wd - ok

14:20:14.0039 2484 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:20:14.0039 2484 Wdf01000 - ok

14:20:14.0070 2484 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:20:14.0070 2484 WdiServiceHost - ok

14:20:14.0086 2484 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

14:20:14.0086 2484 WdiSystemHost - ok

14:20:14.0102 2484 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll

14:20:14.0102 2484 WebClient - ok

14:20:14.0164 2484 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

14:20:14.0164 2484 Wecsvc - ok

14:20:14.0195 2484 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

14:20:14.0211 2484 wercplsupport - ok

14:20:14.0258 2484 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll

14:20:14.0258 2484 WerSvc - ok

14:20:14.0336 2484 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

14:20:14.0336 2484 WinDefend - ok

14:20:14.0351 2484 WinHttpAutoProxySvc - ok

14:20:14.0398 2484 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll

14:20:14.0398 2484 Winmgmt - ok

14:20:14.0507 2484 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

14:20:14.0523 2484 WinRM - ok

14:20:14.0585 2484 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll

14:20:14.0601 2484 Wlansvc - ok

14:20:14.0710 2484 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

14:20:14.0710 2484 WmiAcpi - ok

14:20:14.0772 2484 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe

14:20:14.0772 2484 wmiApSrv - ok

14:20:14.0913 2484 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:20:14.0913 2484 WMPNetworkSvc - ok

14:20:14.0975 2484 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll

14:20:14.0991 2484 WPCSvc - ok

14:20:15.0006 2484 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll

14:20:15.0006 2484 WPDBusEnum - ok

14:20:15.0100 2484 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

14:20:15.0100 2484 WpdUsb - ok

14:20:15.0334 2484 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:20:15.0350 2484 WPFFontCache_v0400 - ok

14:20:15.0381 2484 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:20:15.0381 2484 ws2ifsl - ok

14:20:15.0412 2484 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll

14:20:15.0428 2484 wscsvc - ok

14:20:15.0428 2484 WSearch - ok

14:20:15.0552 2484 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

14:20:15.0584 2484 wuauserv - ok

14:20:15.0693 2484 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:20:15.0708 2484 WUDFRd - ok

14:20:15.0755 2484 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

14:20:15.0755 2484 wudfsvc - ok

14:20:15.0786 2484 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

14:20:15.0849 2484 \Device\Harddisk0\DR0 - ok

14:20:15.0849 2484 Boot (0x1200) (73080fe18bae5e781528fa50fd654e61) \Device\Harddisk0\DR0\Partition0

14:20:15.0849 2484 \Device\Harddisk0\DR0\Partition0 - ok

14:20:15.0849 2484 ============================================================

14:20:15.0849 2484 Scan finished

14:20:15.0849 2484 ============================================================

14:20:15.0864 3196 Detected object count: 0

14:20:15.0864 3196 Actual detected object count: 0

Share this post


Link to post
Share on other sites

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Go slow and careful. This next task is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Re-enable your antivirus program.

Share this post


Link to post
Share on other sites

Here are the OTL logs:

OTL.txt:

OTL logfile created on: 4/30/2012 3:20:37 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Carl\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.44% Memory free

6.13 Gb Paging File | 4.80 Gb Available in Paging File | 78.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.28 Gb Total Space | 60.56 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: CARL-NOTEBOOK | User Name: Carl | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 15:17:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe

PRC - [2012/01/31 08:57:32 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2012/01/31 08:56:50 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/12/16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe

PRC - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe

PRC - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe

PRC - [2011/10/14 02:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe

PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe

PRC - [2009/06/08 22:19:54 | 000,117,224 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbx4log.exe

PRC - [2009/06/08 22:19:52 | 000,637,416 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA WWAN Manager\bin\gbxApp.exe

PRC - [2009/05/13 01:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/04/24 14:40:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe

PRC - [2009/04/24 14:40:08 | 001,323,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TEco.exe

PRC - [2009/04/23 23:01:24 | 001,011,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

PRC - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe

PRC - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2009/03/28 15:30:44 | 000,263,560 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TANU\TANU.exe

PRC - [2009/03/23 13:50:40 | 000,729,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2009/03/19 13:20:12 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\Qualcomm\QDLService\QDLService.exe

PRC - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009/03/10 21:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2009/03/06 21:29:04 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

PRC - [2009/02/16 20:09:44 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe

PRC - [2009/02/16 20:09:36 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe

PRC - [2009/02/01 01:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\hidfind.exe

PRC - [2008/12/18 17:34:24 | 000,448,376 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/16 20:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2008/10/16 19:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2008/08/22 13:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe

PRC - [2008/01/20 22:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2007/01/09 17:23:04 | 000,191,552 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe

PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/25 08:25:04 | 000,409,600 | ---- | M] () -- C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/06/08 22:20:10 | 000,502,248 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\OsifUtils.dll

MOD - [2009/06/08 22:20:04 | 000,276,968 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\mdvauthapi32.dll

MOD - [2009/06/08 22:19:58 | 002,824,680 | ---- | M] () -- c:\Program Files\TOSHIBA WWAN Manager\bin\connmgr.dll

MOD - [2009/03/07 16:15:46 | 007,005,496 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

MOD - [2009/02/16 20:09:46 | 000,868,352 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll

MOD - [2009/02/16 20:09:42 | 000,007,680 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll

MOD - [2009/01/31 01:11:56 | 000,073,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

MOD - [2008/07/14 13:37:00 | 000,095,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll

MOD - [2008/01/20 22:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2007/12/19 15:12:38 | 000,077,824 | ---- | M] () -- C:\Program Files\TOSHIBA\HDD Protection\NotifyTHP.dll

MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\TOSHIBA\TBS\NotifyTBS.dll

MOD - [2006/10/10 14:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

MOD - [2006/10/07 14:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\PNPXAssoc32.exe -- (THREADORDER32)

SRV - [2012/04/15 09:14:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/31 08:57:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/01/31 08:56:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/10/14 02:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 02:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)

SRV - [2009/04/24 14:40:38 | 000,176,128 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2009/04/16 21:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)

SRV - [2009/03/30 19:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2009/03/19 13:20:12 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Qualcomm\QDLService\QDLService.exe -- (QDLService)

SRV - [2009/03/17 14:49:04 | 000,073,728 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009/03/06 21:29:16 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2009/02/19 17:52:38 | 000,057,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe -- (RSELSVC)

SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/10/16 20:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV - [2008/10/16 19:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV - [2008/08/22 13:26:38 | 000,523,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/01/31 08:57:31 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/01/31 08:57:31 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/06 23:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2010/01/29 01:03:58 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)

DRV - [2009/05/05 02:35:24 | 000,163,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009/04/23 18:42:44 | 000,014,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\PMCF.sys -- (PMCF)

DRV - [2009/04/03 05:37:24 | 000,200,240 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2009/03/25 20:23:30 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)

DRV - [2009/03/19 12:52:14 | 000,115,200 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbnetTSH.sys -- (qcusbnetTSH)

DRV - [2009/03/19 12:52:14 | 000,104,448 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcusbserTSH.sys -- (qcusbserTSH)

DRV - [2009/03/19 12:52:14 | 000,005,248 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\qcfilterTSH.sys -- (qcfilterTSH)

DRV - [2009/03/18 14:44:54 | 000,022,272 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)

DRV - [2009/02/12 17:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)

DRV - [2009/01/27 22:12:14 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2009/01/14 14:37:32 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)

DRV - [2008/11/17 10:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®

DRV - [2008/09/22 09:49:36 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/04 13:30:24 | 000,013,336 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)

DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

IE - HKLM\..\SearchScopes,DefaultScope = {76B49697-B060-4BD0-8D47-3D89767A3125}

IE - HKLM\..\SearchScopes\{76B49697-B060-4BD0-8D47-3D89767A3125}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CF 4C DD 17 AC 48 1F 48 A8 A9 8B 65 77 44 37 F7 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {76B49697-B060-4BD0-8D47-3D89767A3125}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7TSHB_enUS347US347&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{76B49697-B060-4BD0-8D47-3D89767A3125}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS347US347

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Reg Error: Value error.) - {17DD4CCF-48AC-481F-A8A9-8B65774437F7} - C:\Windows\system32\audiodev32.dll File not found

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (96f8244b) - {32D19711-E290-8FDC-42B4-EFFD46023AB9} - C:\ProgramData\audiodev32.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [coreworks] C:\Program Files\TOSHIBA WWAN Manager\bin\gbxapp.exe (Toshiba)

O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)

O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [PCMAgent] C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TANU] C:\Program Files\TOSHIBA\TANU\TANU.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ThpSrv] C:\Windows\System32\thpsrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Adobe] C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll ()

O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://webmail.worldbank.org/dwa85W.cab (IBM Lotus iNotes 8.5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://webmail.worldbank.org/dwa8W.cab (Domino Web Access 8 Control)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.worldbank.org/dwa7W.cab (Domino Web Access 7 Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE2B1B3-C808-42AE-BE4D-50F976A14FCF}: NameServer = 172.24.24.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96FB2830-CE1A-44CA-AC71-EBDAABF3DC2D}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - File not found

O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Carl\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)

Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 15:17:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe

[2012/04/30 14:18:25 | 002,074,160 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Carl\Desktop\tdsskiller.exe

[2012/04/29 12:49:56 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Photos

[2012/04/29 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\Administration

[2012/04/29 12:49:09 | 000,000,000 | ---D | C] -- C:\Users\Carl\Desktop\French

[2012/04/29 11:08:21 | 000,000,000 | ---D | C] -- C:\ARK

[2012/04/29 10:40:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/29 10:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/04/29 10:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/04/27 12:10:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carl\Desktop\dds.scr

[2012/04/24 15:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam

[2012/04/24 15:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam

[2012/04/24 15:27:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll

[2012/04/24 15:27:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll

[2012/04/18 14:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/04/18 14:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/04/15 09:14:27 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/14 16:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited

[2012/04/01 12:53:09 | 000,000,000 | ---D | C] -- C:\Users\Carl\AppData\Roaming\Avira

[2012/04/01 11:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012/04/01 11:27:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012/04/01 11:27:58 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012/04/01 11:27:58 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012/04/01 11:27:58 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012/04/01 11:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012/04/01 11:27:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[1 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/30 15:17:48 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Carl\Desktop\OTL.exe

[2012/04/30 14:57:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/30 14:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/30 14:29:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/30 14:22:15 | 000,002,613 | ---- | M] () -- C:\Users\Carl\Desktop\Microsoft Word 2010.lnk

[2012/04/30 14:18:32 | 002,074,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Carl\Desktop\tdsskiller.exe

[2012/04/30 14:12:12 | 000,304,845 | ---- | M] () -- C:\Users\Carl\Desktop\ListParts.exe

[2012/04/30 14:07:13 | 001,008,141 | ---- | M] () -- C:\Users\Carl\Desktop\rkill.com

[2012/04/30 09:08:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/30 09:08:52 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/30 09:03:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/30 09:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/30 09:03:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/30 09:02:52 | 3182,612,480 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/29 23:22:07 | 000,047,616 | ---- | M] () -- C:\Users\Carl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/29 11:24:20 | 331,292,588 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/04/29 10:55:30 | 000,000,512 | ---- | M] () -- C:\Users\Carl\Desktop\MBR.dat

[2012/04/29 10:36:07 | 000,000,744 | ---- | M] () -- C:\Users\Carl\Desktop\NTREGOPT.lnk

[2012/04/29 10:36:07 | 000,000,725 | ---- | M] () -- C:\Users\Carl\Desktop\ERUNT.lnk

[2012/04/27 12:10:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carl\Desktop\dds.scr

[2012/04/24 15:35:22 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk

[2012/04/20 11:38:17 | 000,002,571 | ---- | M] () -- C:\Users\Carl\Desktop\Microsoft Excel 2010.lnk

[2012/04/18 14:23:03 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/04/15 09:14:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/04/15 09:14:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/04/10 13:50:22 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/04/01 11:28:46 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[1 C:\Users\Carl\Desktop\*.tmp files -> C:\Users\Carl\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/30 14:12:10 | 000,304,845 | ---- | C] () -- C:\Users\Carl\Desktop\ListParts.exe

[2012/04/30 14:07:11 | 001,008,141 | ---- | C] () -- C:\Users\Carl\Desktop\rkill.com

[2012/04/29 11:29:56 | 3182,612,480 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/29 10:55:30 | 000,000,512 | ---- | C] () -- C:\Users\Carl\Desktop\MBR.dat

[2012/04/29 10:36:07 | 000,000,744 | ---- | C] () -- C:\Users\Carl\Desktop\NTREGOPT.lnk

[2012/04/29 10:36:07 | 000,000,725 | ---- | C] () -- C:\Users\Carl\Desktop\ERUNT.lnk

[2012/04/24 15:35:22 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk

[2012/04/18 14:23:03 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/04/15 09:14:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/01 11:28:46 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/01/18 12:51:37 | 000,000,680 | ---- | C] () -- C:\Users\Carl\AppData\Local\d3d9caps.dat

[2012/01/16 22:30:29 | 000,008,823 | ---- | C] () -- C:\Users\Carl\AppData\Local\d1a7ebf0

[2012/01/16 22:30:29 | 000,008,821 | ---- | C] () -- C:\ProgramData\84e2a78c

[2012/01/16 22:30:29 | 000,008,782 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\90570254

[2011/06/12 15:37:25 | 000,000,024 | ---- | C] () -- C:\ProgramData\360b7319

[2010/07/25 09:50:51 | 000,024,064 | ---- | C] () -- C:\Users\Carl\AppData\Roaming\UserTile.png

[2010/06/18 09:27:38 | 000,135,167 | ---- | C] () -- C:\Windows\hpoins37.dat.temp

[2010/06/18 09:27:38 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp

[2010/06/15 21:40:51 | 000,134,739 | ---- | C] () -- C:\Windows\hpoins37.dat

[2010/06/15 21:40:51 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >

[2012/01/21 12:03:06 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Adobe

[2011/11/29 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Apple Computer

[2009/11/07 22:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Artweaver

[2012/04/09 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Avira

[2011/11/06 23:06:09 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Blackberry Desktop

[2009/10/18 21:35:22 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\CyberLink

[2009/11/09 08:19:24 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Exstora

[2011/04/24 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\GetRightToGo

[2009/10/04 15:42:25 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Google

[2009/10/04 15:09:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Identities

[2010/07/25 09:49:32 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Intel

[2009/10/04 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Macromedia

[2011/06/19 06:53:56 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Malwarebytes

[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Media Center Programs

[2012/04/16 10:52:33 | 000,000,000 | --SD | M] -- C:\Users\Carl\AppData\Roaming\Microsoft

[2011/05/14 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Mozilla

[2011/05/14 11:49:41 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Octoshape

[2009/10/04 19:23:55 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\OpenOffice.org

[2010/07/25 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PeerNetworking

[2009/10/08 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\PowerCinema

[2011/11/01 22:12:50 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Research In Motion

[2012/04/29 23:36:01 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\Skype

[2012/04/18 08:49:54 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\skypePM

[2012/03/01 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TOSHIBA

[2011/07/31 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\TP

[2009/10/04 15:08:45 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\WinBatch

< %APPDATA%\*.exe /s >

[2012/01/21 12:02:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2009/10/07 20:02:15 | 001,961,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Carl\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

[2011/10/30 09:56:03 | 000,413,696 | R--- | M] (Acresso Software Inc.) -- C:\Users\Carl\AppData\Roaming\Microsoft\Installer\{5BF4B3ED-682C-4363-95D6-9F741D914B6B}\BlackBerry.exe

[2009/01/08 09:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Carl\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

< End of report >

Extras.txt:

OTL Extras logfile created on: 4/30/2012 3:20:37 PM - Run 1

OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Carl\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.44% Memory free

6.13 Gb Paging File | 4.80 Gb Available in Paging File | 78.41% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.28 Gb Total Space | 60.56 Gb Free Space | 43.80% Space Free | Partition Type: NTFS

Computer Name: CARL-NOTEBOOK | User Name: Carl | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1FBB2B60-978D-46A2-A189-123060039506}" = lport=445 | protocol=6 | dir=in | app=system |

"{42820793-9EA8-42BF-9816-17328BA0A558}" = rport=139 | protocol=6 | dir=out | app=system |

"{4C5E3438-5781-494C-92A8-56E4136B68F7}" = rport=138 | protocol=17 | dir=out | app=system |

"{6F9C7365-DCF6-4570-9A1D-26BC050B18CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{73CB51F5-6F1A-49F7-8DDD-33481BEEFFF8}" = rport=137 | protocol=17 | dir=out | app=system |

"{855F4B76-E3C5-4662-8739-F24B4C5A1960}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{92F2C806-9E12-4015-B69A-EF0D4F039F2E}" = lport=137 | protocol=17 | dir=in | app=system |

"{99F5BC79-8BFF-4EF4-BEE9-77376C700267}" = lport=139 | protocol=6 | dir=in | app=system |

"{9FF0FF50-E2FE-43A1-BEA1-088703AB36A6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{B6863240-E963-4EA4-AAF0-E11B7B14FA83}" = lport=138 | protocol=17 | dir=in | app=system |

"{C7DFA7AF-8473-4C17-A086-E6E28ED3C41C}" = rport=445 | protocol=6 | dir=out | app=system |

"{CEC996D5-0CB4-44DC-A458-B38B0ABA950F}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{E3440D0F-C706-4A64-85E8-E9181CC1AD0B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F7292523-489F-4398-B990-36C54F53417C}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00E4ACE8-A415-4054-97D0-3BA1D684E262}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{06350D94-BE8B-4389-911F-86A18C32DC54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{0A00C53E-3542-41D2-A581-481D9C22E674}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |

"{1F0B6F5A-A2EE-4266-880A-C86E9058B312}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |

"{24ABB148-8D7B-4E7E-89F7-6A4ED32A1A73}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{299C75B9-B8A6-477F-B2C2-25EADB1DA682}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{2A540111-10F4-44B7-8D98-40030954B906}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dmp\clbrowserengine.exe |

"{31EFCCDF-D343-4D37-AE0D-CB652AEE6921}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\pcmservice.exe |

"{3BD4FDE9-41B4-49A4-8E22-3388F7896A46}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |

"{3D4991AF-881A-46DC-9C1D-268897FDB8C2}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |

"{407CC1CF-C1B8-4A9E-A42E-84BF1352192A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{57733693-653B-423D-BD4A-545DB3EEE06A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |

"{6B5D6B35-4E1B-41BE-9766-040FCEE61920}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |

"{78D7537F-2914-42B8-B63E-86D5BBCB9989}" = dir=in | app=c:\windows\system32\pnpxassoc32.exe |

"{7CB79612-E2E0-4AFD-8CF7-E00E13124C53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7EA64473-9D49-4287-9540-E021F0F9C28D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{84F83DC1-A484-4C52-A868-A1B2699ABC0C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |

"{8ABEB4EB-CE66-4F99-9FEF-B7F7597BAFDA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{8D6B8EB9-DA9F-4298-B3BF-46B2E70E19A5}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\kernel\dms\clmsservice.exe |

"{936FEBD2-506A-444B-AC18-9109D8B3FB7D}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{9F2E0DBB-6EE2-42EC-8CE7-A615F6419570}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{9F8D89ED-722D-451A-BE37-424815E12E62}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{A04F196F-C9DD-47DE-B68B-EA753C61801C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A116A866-F740-4BF7-962D-2BBF66BFF836}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |

"{A18737B0-490B-4033-A0AD-E3F47578C888}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |

"{A1EA29DC-8C07-4F34-87E0-DFF3436E8049}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{C9932E24-F64B-458A-91ED-DDEE4D3571B6}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |

"{C9B8DDD2-EC82-4B41-A9CF-6579F08A55E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{CA4EC0B8-C70B-4410-8C3B-3872D9440E8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{F39C97EC-0F02-4579-AD0D-0A63F8706F92}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{F7D060DA-DEFA-43C6-87B7-123DBA64FB57}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F817C77B-EB2D-4310-8E7A-95AC5BB68DE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{FEF01985-25CA-4595-9CC4-8DAB37C19CC6}" = dir=in | app=c:\program files\cyberlink\powercinema for toshiba\powercinema.exe |

"TCP Query User{272080D1-97B9-4AB6-88BF-F7E5EA982B8E}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

"TCP Query User{8596422A-F06B-428F-8EDE-F5F3140E56E0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{90BE5BB6-DFA3-42DF-B203-BF4E0E0DFE01}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

"UDP Query User{7B6327DD-5C5F-4939-A492-FE8216DEB45A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{D99D49E1-2A66-4B50-97F6-DC4B8702126F}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

"UDP Query User{EF4F4F8A-03F3-4B9B-9BCC-7E096951A3F5}C:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\carl\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0

"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{147944FC-6A9E-4DD9-9EC3-A242EE6C16FD}" = BlackBerry App World Browser Plugin

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page

"{224821ED-CADA-4A8A-AC8D-3734CC0F0931}" = Amazon Links

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5BF4B3ED-682C-4363-95D6-9F741D914B6B}" = BlackBerry Device Software v7.0.0 for the BlackBerry 9900 smartphone

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam

"{5FFF9453-7B94-462A-B8F7-AC6D8D9EB1B5}" = Netzero Internet Access Installer

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{618FF042-F011-489B-BAF0-37986134FC26}" = Ilwis

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{7B662092-665F-40C5-9835-4AFC12D36DC1}" = Mathe Klasse 11-13

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2

"{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility

"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password

"{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1" = Artweaver 1.0

"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5

"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABD39060-5F6C-470A-A891-73ACC92ED8DB}" = TOSHIBA WWAN Manager

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B46E0571-DE58-4D5C-8D77-64070C6EACDA}" = Qualcomm Gobi Single Installer Package for Toshiba

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration

"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup

"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1

"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0A386D2-6E15-4A8F-A04E-87CE9BED0D48}" = TOSHIBA ConfigFree

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Avira AntiVir Desktop" = Avira Free Antivirus

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"ERUNT_is1" = ERUNT 1.1j

"ExstoraPro" = Exstora Pro 2.5

"HDMI" = Intel® Graphics Media Accelerator Driver

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA

"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA

"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{83892653-9EB8-4192-803E-D987A85CDD23}" = TOSHIBA Agreement Notification Utility

"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility

"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Picasa 3" = Picasa 3

"ProInst" = Intel PROSet Wireless

"Recuva" = Recuva

"Secunia PSI" = Secunia PSI (2.0.0.4003)

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"WildTangent toshiba Master Uninstall" = WildTangent Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/30/2012 12:46:32 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1404

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4534184

Error - 4/30/2012 2:02:05 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4534184

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4535385

Error - 4/30/2012 2:02:06 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4535385

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 46052

Error - 4/30/2012 2:57:52 PM | Computer Name = Carl-notebook | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 46052

[ Media Center Events ]

Error - 10/13/2011 4:58:04 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Error connecting to the internet. (5648.1128)

Error - 10/13/2011 4:58:04 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Unable to contact server.. (5648.1129)

Error - 10/13/2011 2:55:08 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Error connecting to the internet. (3452.1128)

Error - 10/13/2011 2:55:08 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Unable to contact server.. (3452.1129)

Error - 10/13/2011 2:55:55 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Error connecting to the internet. (3452.1128)

Error - 10/13/2011 2:55:55 PM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Unable to contact server.. (3452.1129)

Error - 10/14/2011 4:32:17 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Error connecting to the internet. (876.1128)

Error - 10/14/2011 4:32:17 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Unable to contact server.. (876.1129)

Error - 10/14/2011 4:32:22 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Error connecting to the internet. (876.1128)

Error - 10/14/2011 4:32:22 AM | Computer Name = Carl-notebook | Source = MCUpdate | ID = 0

Description = Unable to contact server.. (876.1129)

[ System Events ]

Error - 4/29/2012 11:26:12 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001

Description =

Error - 4/29/2012 11:26:12 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001

Description =

Error - 4/29/2012 11:26:26 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001

Description =

Error - 4/29/2012 11:26:27 AM | Computer Name = Carl-notebook | Source = DCOM | ID = 10005

Description =

Error - 4/29/2012 11:26:28 AM | Computer Name = Carl-notebook | Source = Service Control Manager | ID = 7001

Description =

Error - 4/29/2012 11:26:37 AM | Computer Name = Carl-notebook | Source = DCOM | ID = 10005

Description =

Error - 4/29/2012 11:30:05 AM | Computer Name = Carl-notebook | Source = HTTP | ID = 15016

Description =

Error - 4/29/2012 12:08:00 PM | Computer Name = Carl-notebook | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 4/30/2012 9:03:03 AM | Computer Name = Carl-notebook | Source = HTTP | ID = 15016

Description =

Error - 4/30/2012 9:13:06 AM | Computer Name = Carl-notebook | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

< End of report >

Share this post


Link to post
Share on other sites

There is one trojan onboard a stray audiodev32.dll that I'd like submitted for online analysis and 1 other possible suspect.

I'll ask you to use your browser and upload 2 files at 2 websites. This will not take long.

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to C:\ProgramData\audiodev32.dll, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll

Save the results, and post back here in a reply.

==

Use your browser to go here at VirSCAN.org website

Click the Browse button and then navigate to C:\ProgramData\audiodev32.dll, then click the Submit button.

Save the results, and post back here in a reply.

Repeat the same steps for C:\Users\Carl\AppData\Local\Google\Adobe\ihkpbqo.dll

Save the results, and post back here in a reply.

Share this post


Link to post
Share on other sites

ID: 14   Posted (edited)

This is for after you have done the Tasks in my prior reply. Pls be sure you have done those first.

This file c:\programdata\audiodev32.dll is a trojan identfied by ESET as Win32/Kryptik.RSL trojan & also by MS as TrojanDownloader Win32/Tracur

TrojanDownloader:Win32/Tracur.M is a trojan that redirects user searches from legitimate search sites to a Web site that contains malware. It is installed as a Browser Helper Object (BHO) in Internet Explorer, and replaces Firefox Extension Settings files.

You are advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you "may" be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

These steps are for effa only. If you are a casual viewer, do NOT try this on your system!

If you are not effa and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do NOT run any other programs while these tools are in-progress :excl:

This next OTL task will remove the trojan that I have found. Make sure you close any open files/programs you started.

This will require a Restart-Reboot.

Temporarily turn off your Avira antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :OTL
    O2 - BHO: (96f8244b) - {32D19711-E290-8FDC-42B4-EFFD46023AB9} - C:\ProgramData\audiodev32.dll
    O3 - HKLM\..\Toolbar: (no name)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440}
    O20 - AppInit_DLLs: (C:\ProgramData\audiodev32.dll)
    :files
    recycler /alldrives
    C:\ProgramData\audiodev32.dll
    c:\windows\system32\pnpxassoc32.exe
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

If you have a prior copy of Combofix, delete it now

Recheck again --- Temporarily turn off your Avira antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of OTL MovedFiles log

C:\combofix.txt

the Eset scan log

and Tell me :excl: Is the Happili redirect or similar browser redirect happening ?

For much later, this has an outdated Java runtime, Adobe Reader, and a leftover of Norton Internet Security --- all need addressing.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hi Maurice Naggar,

The file audiodev32.dll can't be found, not by myself browsing and also not by copy/pasting the path you gave in the browser.

I had no problems with the file ihkpbqo.dllwhen using Virustotal. The scan results can be found below - I didn't really know how much details you wanted, so I pasted everything I could find. When using VirSCAN, I did not manage to perform a new scan. It always seemed to stop at around 80% of completion. I thereforalready added previous scan results. I will try again tomorrow.

Virustotal:

SHA256: 58ab4e88ad027ac28747ad2e621d0ce359cf9d4fc335fcb78f0c8cf330f955e6 SHA1: adbb1a60c8e6a7e0170a0cbefa854666d6dc63d2 MD5: 34f8ecb55579bbbced8b39f0e448700c File size: 400.0 KB ( 409600 bytes ) File name: ihkpbqo.dll File type: Win32 DLL Detection ratio: 10 / 42 Analysis date:

2012-05-01 01:28:16 UTC ( 0 minutes ago )

AhnLab-V3 - 20120430 AntiVir - 20120430 Antiy-AVL - 20120430 Avast - 20120501 AVG - 20120430 BitDefender - 20120501 ByteHero - 20120430 CAT-QuickHeal - 20120430 ClamAV - 20120430 Commtouch - 20120430 Comodo UnclassifiedMalware 20120501 DrWeb - 20120501 Emsisoft - 20120501 eSafe - 20120430 eTrust-Vet - 20120430 F-Prot - 20120430 F-Secure - 20120501 Fortinet W32/Sefnit.16DP12!tr 20120430 GData - 20120501 Ikarus - 20120501 Jiangmin - 20120430 K7AntiVirus - 20120430 Kaspersky - 20120501 McAfee Sefnit.ah 20120501 McAfee-GW-Edition Artemis!34F8ECB55579 20120430 Microsoft Trojan:Win32/Tracur.AK 20120430 NOD32 a variant of Win32/Kryptik.AEVS 20120501 Norman - 20120430 nProtect - 20120430 Panda Trj/CI.A 20120430 PCTools - 20120430 Rising - 20120428 Sophos - 20120501 SUPERAntiSpyware - 20120402 Symantec - 20120430 TheHacker - 20120428 TrendMicro TROJ_SPNR.16DP12 20120430 TrendMicro-HouseCall TROJ_SPNR.16DP12 20120430 VBA32 - 20120430 VIPRE Trojan.Win32.Generic!BT 20120430 ViRobot - 20120430 VirusBuster - 20120501

ssdeep

1536:q9cnQV4lDWjV2EfbQgZV5KgtlKWvtmgMbFu8ukCqMcVMj2VbLW0lA1CR4zZDXHcb:q9/6Ij3bvFJAg0Fu8us+0lAs4zZDH0

TrID

Windows OCX File (63.5%)

Win32 Executable MS Visual C++ (generic) (19.3%)

Windows Screen Saver (6.7%)

Win32 Executable Generic (4.3%)

Win32 Dynamic Link Library (generic) (3.8%)

ExifTool

UninitializedDataSize....: 0

InitializedDataSize......: 131072

ImageVersion.............: 0.0

ProductName..............: ASUS Filter Effect Dynamic Link Library

FileVersionNumber........: 1.0.0.3

LanguageCode.............: Chinese (Traditional)

FileFlagsMask............: 0x003f

FileDescription..........: ASUS Filter Effect DLL

CharacterSet.............: Unicode

LinkerVersion............: 7.1

OriginalFilename.........: EffectDLL.DLL

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

FileVersion..............: 1, 0, 0, 3

TimeStamp................: 2007:07:31 05:03:12+02:00

FileType.................: Win32 DLL

PEType...................: PE32

InternalName.............: EffectDLL

ProductVersion...........: 1, 0, 0, 3

SubsystemVersion.........: 4.0

OSVersion................: 4.0

FileOS...................: Win32

LegalCopyright...........: Copyright © 2006

MachineType..............: Intel 386 or later, and compatibles

CodeSize.................: 290816

FileSubtype..............: 0

ProductVersionNumber.....: 1.0.0.3

EntryPoint...............: 0x1000

ObjectFileType...........: Dynamic link library

Sigcheck

product..................: ASUS Filter Effect Dynamic Link Library

internal name............: EffectDLL

copyright................: Copyright © 2006

original name............: EffectDLL.DLL

file version.............: 1, 0, 0, 3

description..............: ASUS Filter Effect DLL

Portable Executable structural information

Compilation timedatestamp.....: 2007-07-31 03:03:12

Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

Entry point address...........: 0x00001000

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 289560 290816 1.45 c899559b22354e5ea53fce286fa6cf9a

.rdata 294912 70211 73728 5.61 f108c9886d8e3a3888b8c90c9f9d60eb

.data 368640 23044 8192 4.49 2cc05d7183eb1be598afaadf4ba9ee4d

.rsrc 393216 11648 12288 3.86 c0ac679395c284b5e1f991736c6ea24c

.reloc 405504 16472 20480 0.00 daa100df6e6711906b61c9ab5aa16032

PE Imports....................:

comdlg32.dll

GetFileTitleW, GetOpenFileNameW, GetSaveFileNameW

COMCTL32.dll

GDI32.dll

SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, DeleteDC, CreateDIBPatternBrushPt, CreatePatternBrush, CreateCompatibleDC, GetStockObject, SelectPalette, PlayMetaFileRecord, GetObjectType, EnumMetaFile, PlayMetaFile, GetDeviceCaps, CreatePen, ExtCreatePen, ScaleViewportExtEx, CreateHatchBrush, CopyMetaFileW, CreateDCW, Escape, GetDCOrgEx, CreateFontIndirectW, GetTextExtentPoint32W, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, PatBlt, DPtoLP, GetTextMetricsW, ExtTextOutW, TextOutW, RectVisible, PtVisible, StartDocW, GetPixel, BitBlt, GetWindowExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetObjectW, DeleteObject, CreateSolidBrush, CreateDIBSection, GetViewportExtEx, SelectClipPath, CreateRectRgn, GetClipRgn, SelectClipRgn, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, SetTextAlign, MoveToEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SelectObject

ADVAPI32.dll

RegQueryValueW, RegCreateKeyW, RegSetValueW, RegDeleteValueW, RegSetValueExW, RegCreateKeyExW, RegCloseKey, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW

KERNEL32.dll

SetEndOfFile, GetFileSize, DuplicateHandle, GetCurrentProcess, FindClose, FindFirstFileW, GetVolumeInformationW, GetFullPathNameW, CreateFileW, GetShortPathNameW, FileTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SetFileTime, SetFileAttributesW, GetFileAttributesW, GetFileTime, HeapFree, GetCommandLineA, ExitProcess, RtlUnwind, TerminateProcess, ExitThread, CreateThread, HeapAlloc, HeapSize, HeapReAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, UnlockFile, HeapDestroy, HeapCreate, VirtualFree, FatalAppExitA, IsBadWritePtr, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, GetTimeZoneInformation, GetOEMCP, GetCPInfo, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetStringTypeExW, DeleteFileW, MoveFileW, FreeResource, GlobalFindAtomW, lstrlenA, LoadLibraryA, GetVersionExA, CopyFileW, GlobalSize, FormatMessageW, GetLastError, RaiseException, GetModuleHandleA, SetLastError, GlobalFlags, MulDiv, InterlockedIncrement, GetCurrentDirectoryW, lstrcmpiW, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileIntW, SetErrorMode, lstrcatW, lstrcpynW, InterlockedDecrement, TlsFree, GlobalFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalUnlock, GlobalReAlloc, LeaveCriticalSection, LocalFree, LocalAlloc, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, CloseHandle, GlobalAddAtomW, FindResourceW, LoadResource, LockResource, SizeofResource, lstrlenW, GetCurrentThread, GetCurrentThreadId, MultiByteToWideChar, GlobalLock, lstrcmpW, GlobalAlloc, FreeLibrary, GlobalDeleteAtom, WideCharToMultiByte, lstrcmpA, lstrcmpiA, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcpyW, LoadLibraryW, GetLocaleInfoW, GetVersionExW, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, VirtualQuery

gdiplus.dll

GdipCreateHBITMAPFromBitmap, GdipGetImageWidth, GdipCreateBitmapFromHBITMAP, GdipGetImageHeight, GdipDisposeImage, GdiplusStartup, GdipAlloc, GdipFree, GdipCloneImage, GdiplusShutdown

WINSPOOL.DRV

DocumentPropertiesW, ClosePrinter, OpenPrinterW

SHELL32.dll

SHGetFileInfoW, ExtractIconW

ole32.dll

CoTaskMemFree, SetConvertStg, WriteFmtUserTypeStg, WriteClassStg, OleRegGetUserType, ReadFmtUserTypeStg, ReadClassStg, CreateBindCtx, CoTaskMemAlloc, ReleaseStgMedium, OleDuplicateData, StringFromCLSID, CoTreatAsClass, CoDisconnectObject, CoCreateInstance, StringFromGUID2, CLSIDFromString

SHLWAPI.dll

PathFindExtensionW, PathRemoveExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW

USER32.dll

InflateRect, GetMenuItemInfoW, DestroyMenu, SystemParametersInfoW, EndDialog, GetNextDlgTabItem, CreateDialogIndirectParamW, GetDialogBaseUnits, GetPropW, RemovePropW, SendDlgItemMessageA, IsWindow, IsChild, GetForegroundWindow, SetActiveWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, LoadIconW, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, UpdateWindow, GetClientRect, GetMenu, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetClassInfoW, RegisterClassW, SetWindowPlacement, DefWindowProcW, CallWindowProcW, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, CopyRect, GetWindowTextLengthW, SetWindowPos, ScrollWindowEx, SetFocus, CharUpperW, MoveWindow, SetWindowLongW, IsDialogMessageW, IsDlgButtonChecked, UnregisterClassA, SetDlgItemInt, SendDlgItemMessageW, GetDlgItemTextW, GetDlgItemInt, GetDlgItem, CheckRadioButton, CheckDlgButton, LoadCursorW, GetSystemMetrics, GetSysColorBrush, GetMenuStringW, AppendMenuW, GetMenuItemID, GetSubMenu, RemoveMenu, GetSysColor, EndPaint, BeginPaint, ScreenToClient, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, FillRect, ClientToScreen, GetWindow, GetDlgCtrlID, GetWindowRect, PtInRect, GetDesktopWindow, GetWindowTextW, SetWindowTextW, GetClassNameW, MessageBoxW, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, EnableWindow, InsertMenuW, GetMenuItemCount, DeleteMenu, wsprintfW, UnregisterClassW, UnhookWindowsHookEx, SetMenuItemBitmaps, GetFocus, GetParent, ModifyMenuW, GetMenuState, EnableMenuItem, DestroyIcon, RegisterWindowMessageW, WinHelpW, CheckMenuItem, GetMenuCheckMarkDimensions, GetCapture, CreateWindowExW, GetClassInfoExW, GetClassLongW, ShowWindow, SetPropW, LoadBitmapW, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, ShowOwnedPopups, SendMessageW, SetCursor, PostMessageW, PostQuitMessage, GetDC, ReleaseDC, GetWindowDC, SetDlgItemTextW

OLEAUT32.dll

-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

PE Exports....................:

CreateEffectARGB, CreateEffectBitmap, CreateEffectHBITMAP, EnumEffectIds, GetEffectDescription

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2012-04-25 11:49:13 UTC ( 5 days, 13 hours ago )

Last seen by VirusTotal

2012-05-01 01:28:16 UTC ( 5 minutes ago )

File names (max. 25)

  1. ihkpbqo.dll
  2. 34f8ecb55579bbbced8b39f0e448700c.exe

VirScan:

Scanner results : 8% Scanner(s) (3/36) found malware! Time : 2012/04/30 22:04:01 (EDT) Scannerarrow-down.gif Engine Ver Sig Ver Sig Date Scan result Time a-squared 5.1.0.4 20120501070152 2012-05-01

- 0.000 AhnLab V3 2012.03.26.00 2012.03.26 2012-03-26

- 0.000 AntiVir 8.2.10.58 7.11.28.226 2012-04-27

- 0.178 Antiy 2.0.18 2.0.18. 0002-18-00

- 0.277 Arcavir 2011 201204271537 2012-04-27

- 4.115 Authentium 5.1.1 201204301805 2012-04-30

- 1.444 AVAST! 4.7.4 120430-1 2012-04-30

- 0.217 AVG 12.0.1782 2409/4970 2012-04-30

- 0.288 BitDefender 7.90123.7119837 7.42112 2012-05-01

- 3.790 ClamAV 0.97.3 14866 2012-05-01

- 0.189 Comodo 5.1 12196 2012-04-30

- 0.000 CP Secure 1.3.0.5 2012.05.01 2012-05-01

- 0.231 Dr.Web 7.0.1.2210 2012.04.30 2012-04-30

- 12.943 F-Prot 4.6.2.117 20120430 2012-04-30

- 0.843 F-Secure 7.02.73807 2012.04.30.04 2012-04-30

- 2.578 Fortinet 4.3.392 15.481 2012-04-30

- 0.000 GData 22.4819 20120501 2012-05-01

- 0.000 Ikarus T3.1.32.20.0 2012.04.30.81074 2012-04-30

- 5.089 JiangMin 13.0.900 2012.04.29 2012-04-29

- 0.000 Kaspersky 5.5.10 2012.05.01 2012-05-01

- 0.307 KingSoft 2009.2.5.15 2012.5.1.9 2012-05-01

- 0.000 McAfee 5400.1158 6697 2012-04-30

Sefnit.ah 9.927 Microsoft 1.8304 2012.05.01 2012-05-01

- 0.000 NOD32 3.0.21 7099 2012-04-30

a variant of Win32/Kryptik.AEVS trojan 0.233 nProtect 20120429.01 11205192 2012-04-29

- 0.000 Panda 9.05.01 2012.04.29 2012-04-29

- 0.000 Quick Heal 11.00 2012.04.30 2012-04-30

- 0.000 Rising 20.0 24.07.05.02 2012-04-28

- 0.000 Sophos 3.30.0 4.76 2012-05-01

- 4.816 Sunbelt 3.9.2535.2 11860 2012-04-30

- 0.000 Symantec 1.3.0.24 20120430.002 2012-04-30

- 0.439 The Hacker 6.7.0.1 v00452 2012-04-28

- 0.000 Trend Micro 9.500-1005 8.956.03 2012-04-30

TROJ_SPNR.16DP12 0.182 VBA32 3.12.16.4 20120430.0726 2012-04-30

- 3.668 ViRobot 20120430 2012.04.30 2012-04-30

- 0.000 VirusBuster 5.5.0.2 14.2.50.0/8548113 2012-04-30

- 0.194

Share this post


Link to post
Share on other sites

Ok! I just tried te rescan ihkpbqo.dll with VirSCAN, but it again did not work out.

I will continue with the next steps right now.

Share this post


Link to post
Share on other sites

Tried to run otl, but it stalled. Otl does not do much while desktop items are gone. What to do? I am writingthis from android smartphone. Any easy way to access this forum like that because it is a pain.

Share this post


Link to post
Share on other sites

You say that OTL "stalled". How much time did you give it? Allow at least 10 minutes or so before you judged as a stall.

Sometimes you may even see "...not responding" but however after a few minutes it will continue on.

If the pc is truly/truly stalled, use CTRL+ALT+DEL keys to bring up Task Manager and restart the system.

When get back into normal Windows, make sure your antivirus is off and retry the OTL section just one more time.

Once started, allow at least 10 to 15 minutes for OTL to do it's magic.

IF and only if it really does not work, then scratch that portion, and proceed forward to the Combofix section (as I outlined).

Share this post


Link to post
Share on other sites

I am sorry for being inpatient! A green bar started to move in the otl window, so I guess it is just working fine. I thought otl would be faster. Sorry!

Share this post


Link to post
Share on other sites

BTW, Have infinite patience while these tools are running. And expect that Combofix may take as much as 50 minutes to an hour to do all of it's stuff (speed may be faster or slower ---much depends on the hardware speed {disk, processor, RAM memory speed, etc})

Bottom line, have inifinite patience

Share this post


Link to post
Share on other sites

I just checked the computer again and a window popped up saying that otl has stopped working. Do I choose to close the program and restart the whole otl process? Do you need the problem details?

Share this post


Link to post
Share on other sites

Give some basic details. Close/exit/end OTL. Then proceed forward to what I outlined in the next step for Combofix.

Share this post


Link to post
Share on other sites

So, I closed OTL. Here is what was in the MS Windows Problem Details window:

Problem event name: APPCRASH

Application name: OTL.exe

Application version:3.2.42.2

Application timestamp: 2a425e19

Fault module name: RPCRT4.dll

Fault module version:6.0.6001.18247

Fault moduleTime Stamp: 49f0625f

Exception code: c0000005

Exception offset: 000b1ebb

OS Version: 6.0.6001.2.1.0.768.3

Locale ID: 1033

Additional info 1: 7379

Additional info 2: 9f13c5a18e4409e2e73016d720f27f78

Additional info 3: 7379

Additional info 4: 9f13c5a18e4409e2e73016d720f27f78

I will continue now with Combofix. Hopefully that one works out.

FYI, after restarting the computer the Program Compatibility Assistant window popped up saying that the program igfxfg.exe might require administrator privileges and if it did not run correctly,one has to try as administrator. I have no idea whatthat is about,so I don't know if it is important to know. I figured it was just better to mention.

Share this post


Link to post
Share on other sites

Hi,

Regarding the Combofix run.....Is the Combofix window still open? If so, maybe give it 10 more minutes and if no progress, then restart the machine.

Shoulda had you make sure that no screensaver was activated (ON).

Once back in Windows, let's take a pause and look for C:\Combofix.txt

copy and paste here if you find it

If you do not find it, look in folder C:\Qoobox

and look for a file named similar to "Quarantined files"

if found, copy and paste the contents here

AND let's hold off (at this time) and NOT do (just yet) the ESET online scan.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.