tunna

Members

View Profile See their activity

Posts
79
Joined
June 20, 2012
Last visited
July 19, 2014

Tech Info

System: windows_vista_home_2

tunna's Achievements

Newbie (1/14)

Reputation

cgGL.dll missing?

tunna posted a topic in Tech Support & Discussions Forum

Hi guys, My friend tried to send me a copy of Photoshop and I've downloaded but not managed to install yet. It keeps coming up with an error about cg.dll. I went onto http://www.dll-files.com/ and downloaded their fixer which says I have loads of issues on my computer, I don't know if it's a scam. It then said I have a cgGL.dll missing and I still can't install Photoshop. Is there something wrong with my computer or was there something wrong with my computer? Thanks, Zoe
- July 15, 2014
- 1 reply
best antivirus software

tunna replied to tunna's topic in Tech Support & Discussions Forum

Thanks might give emsisoft a go- not used that one :)
- July 15, 2014
- 4 replies
best antivirus software

tunna posted a topic in Tech Support & Discussions Forum

Hi everyone, I recently bought a new laptop with McAfee free trial already installed on it. I would like to know which anti-virus is the best for Windows 8.1. Thanks in advance for any suggestions you guys make :) Zoe
- July 12, 2014
- 4 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

Latest OTL report Hi Starbuck, This is the latest OTL report: All processes killed ========== OTL ========== Service USBAAPL stopped successfully! Service USBAAPL deleted successfully! File System32\Drivers\usbaapl.sys File not found not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys File not found not found. Service hwdatacard stopped successfully! Service hwdatacard deleted successfully! File system32\DRIVERS\ewusbmdm.sys File not found not found. Service huawei_enumerator stopped successfully! Service huawei_enumerator deleted successfully! File system32\DRIVERS\ew_jubusenum.sys File not found not found. Service ewusbnet stopped successfully! Service ewusbnet deleted successfully! File system32\DRIVERS\ewusbnet.sys File not found not found. Service ew_usbenumfilter stopped successfully! Service ew_usbenumfilter deleted successfully! File system32\DRIVERS\ew_usbenumfilter.sys File not found not found. Service ew_hwusbdev stopped successfully! Service ew_hwusbdev deleted successfully! File system32\DRIVERS\ew_hwusbdev.sys File not found not found. Service BTWUSB stopped successfully! Service BTWUSB deleted successfully! File System32\Drivers\btwusb.sys File not found not found. Service BTWDNDIS stopped successfully! Service BTWDNDIS deleted successfully! File system32\DRIVERS\btwdndis.sys File not found not found. Service BTKRNL stopped successfully! Service BTKRNL deleted successfully! File system32\DRIVERS\btkrnl.sys File not found not found. Service BTDriver stopped successfully! Service BTDriver deleted successfully! File system32\DRIVERS\btport.sys File not found not found. Service btaudio stopped successfully! Service btaudio deleted successfully! File system32\drivers\btaudio.sys File not found not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys File not found not found. Folder C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions\509b6907adaf9@509b 6907adb32.com\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2373DCCA-3CBF-6F56-E670-73A03640A780}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373DCCA-3CBF-6F56-E670-73A03640A780}\ deleted successfully. C:\ProgramData\Vaudix\509b6907adc88.ocx moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully. C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload &with BitComet\ deleted successfully. C:\Program Files\BitComet\BitComet.exe moved successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all video with BitComet\ deleted successfully. File C:\Program Files\BitComet\BitComet.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&D&ownload all with BitComet\ deleted successfully. File C:\Program Files\BitComet\BitComet.exe not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Send To &Bluetooth\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found. File C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\vaudix\sprote~1.dll deleted successfully. c:\Program Files\VaudiX\sprotector.dll moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\ not found. File D:\setup.exe AUTORUN=1 not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b892d43c-ff66-11e0-971c-001d60f3d03e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b892d43c-ff66-11e0-971c-001d60f3d03e}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b892d55a-ff66-11e0-971c-001e101f4da1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b892d55a-ff66-11e0-971c-001e101f4da1}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. File D:\AutoRun.exe not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^CPU^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk\ deleted successfully. C:\Windows\pss\Antimalware Doctor.lnk.Startup moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Ccoyologiw\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Update\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\HotKeysCmds\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\IgfxTray\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Messenger (Yahoo!)\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msav\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msnmsgr\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NDSTray.exe\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Persistence\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\positionversusfix70700.exe\ deleted successfully. C:\Windows\Tasks\VaudiXUpdaterTask{F37B798E-3E73-4807-B2F2-F1CF966D338E}.job moved successfully. C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully. C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully. C:\ProgramData\Spybot - Search & Destroy folder moved successfully. C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully. ========== FILES ========== c:\Program Files\VaudiX folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\CPU\Downloads\cmd.bat deleted successfully. C:\Users\CPU\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: CPU ->Temp folder emptied: 57428224 bytes ->Temporary Internet Files folder emptied: 232381804 bytes ->Java cache emptied: 13638303 bytes ->FireFox cache emptied: 72564904 bytes ->Flash cache emptied: 218449 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 129378770 bytes RecycleBin emptied: 280840072 bytes Total Files Cleaned = 750.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 01092013_215546 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Thanks for taking me through the whole thing. I haven't noticed my computer running differently just because I've literally just gone through the process but I have noticed that certain words on pages are still turning into links for ads. I'm not quite sure why that is. Also, when I was removing my older versions of Java, I saw that I had several versions of Microsoft Visual C ++, should I uninstall some of those as well? Thanks again, Zoe
- January 9, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

Hi Starbuck, Before I continue with my OTL scan, I thought I'd just double check something with you. My windows defender is already turned off. When I try to open it, it comes up with a message saying my computer won't be protected anymore because the program is turned off. Zoe
- January 9, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

New OTL report and extras report OTL logfile created on: 08/01/2013 16:40:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CPU\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.51 Gb Available Physical Memory | 25.82% Memory free 4.21 Gb Paging File | 2.66 Gb Available in Paging File | 63.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.66 Gb Total Space | 17.97 Gb Free Space | 32.29% Space Free | Partition Type: NTFS Drive E: | 54.66 Gb Total Space | 45.24 Gb Free Space | 82.77% Space Free | Partition Type: NTFS Computer Name: CPU-PC | User Name: CPU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\CPU\Downloads\tdsskiller.exe (Kaspersky Lab ZAO) PRC - C:\Users\CPU\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - c:\Program Files\VaudiX\sprotector.dll () MOD - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found DRV - (BTKRNL) -- system32\DRIVERS\btkrnl.sys File not found DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found DRV - (btaudio) -- system32\drivers\btaudio.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MpKsl089325cd) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EDCFFE2-17B8-45F2-A22E-ED16B9701714}\MpKsl089325cd.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{D96EB0C2-F2EA-4463-89AC-2ABF5099D00A}: "URL" = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "bbc.co.uk/news" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..browser.startup.homepage: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 08:57:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{902B92A4-1D6F-49E1-B455-BF015611F40E}: C:\Users\CPU\AppData\Local\{902B92A4-1D6F-49E1-B455-BF015611F40E} [2010/10/27 23:36:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 08:57:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/05 18:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Extensions [2013/01/08 16:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2012/11/24 02:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions [2012/11/08 08:16:16 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions\509b6907adaf9@509b6907adb32.com [2012/11/24 02:45:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/27 03:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/15 08:57:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/25 02:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/12 05:17:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Vaudix Class) - {2373DCCA-3CBF-6F56-E670-73A03640A780} - C:\ProgramData\Vaudix\509b6907adc88.ocx () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429736A6-96EC-4A29-AAEC-464D05281BBB}: DhcpNameServer = 192.168.250.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4B98F0-C88D-44A7-B50A-F2E1524A64BF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~1\vaudix\sprote~1.dll) - c:\Program Files\VaudiX\sprotector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\CPU\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\CPU\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\Shell - "" = AutoRun O33 - MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1 O33 - MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\Shell - "" = AutoRun O33 - MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\Shell - "" = AutoRun O33 - MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Users^CPU^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk - - File not found MsConfig - StartUpReg: Ccoyologiw - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: Google Update - hkey= - key= - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found MsConfig - StartUpReg: msav - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - File not found MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: positionversusfix70700.exe - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: snpstd - hkey= - key= - C:\Windows\vsnpstd.exe () MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/06 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\CPU\AppData\Roaming\Malwarebytes [2013/01/06 23:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/06 23:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/06 23:55:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/01/06 23:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/05 02:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/05 01:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012/12/21 03:02:53 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 03:02:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/13 03:46:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/13 03:46:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/13 03:46:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/13 03:46:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/13 03:46:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/13 03:46:17 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/13 03:46:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/13 03:45:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/12 07:02:38 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 07:02:18 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 07:02:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/12 07:01:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2 C:\Users\CPU\Desktop\*.tmp files -> C:\Users\CPU\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/08 16:59:01 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6BFDBFA-AA81-4D3E-85FE-53A5053AF420}.job [2013/01/08 16:33:01 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/08 16:33:01 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/08 16:30:52 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{F37B798E-3E73-4807-B2F2-F1CF966D338E}.job [2013/01/08 16:27:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/08 16:27:31 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/08 16:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/06 23:57:32 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 11:24:37 | 000,399,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/16 13:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 10:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Users\CPU\Desktop\*.tmp files -> C:\Users\CPU\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/06 23:57:32 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/30 04:35:45 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012/05/30 04:35:43 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010/11/11 09:04:50 | 000,000,680 | ---- | C] () -- C:\Users\CPU\AppData\Local\d3d9caps.dat [2010/10/27 23:46:58 | 000,000,006 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\start [2010/10/27 23:45:46 | 000,000,006 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\completescan [2010/10/27 23:36:31 | 000,000,010 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\install [2010/05/09 23:30:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/17 07:33:58 | 000,166,400 | ---- | C] () -- C:\Users\CPU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2013/01/08 16:24:39 | 000,005,549 | ---- | M] () -- C:\AdwCleaner[s2].txt [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007/08/21 06:23:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2013/01/08 16:26:23 | 2452,070,400 | -HS- | M] () -- C:\pagefile.sys [2007/08/21 07:59:05 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log [2007/08/21 08:06:21 | 000,000,086 | ---- | M] () -- C:\setup.log [2012/05/30 05:21:58 | 000,981,996 | ---- | M] () -- C:\SPSS.log [2007/09/03 11:48:29 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT [2013/01/08 16:47:44 | 000,133,524 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_08.01.2013_16.34.07_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2007/08/21 06:23:09 | 006,602,752 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007/08/21 06:23:07 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007/08/21 06:23:09 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007/08/21 06:23:19 | 015,556,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007/08/21 06:23:21 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2009/11/10 18:11:32 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/12/15 08:56:53 | 000,890,048 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/12/15 08:57:47 | 000,916,960 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/04 03:08:20 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/14 02:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < End of report > OTL Extras logfile created on: 08/01/2013 16:40:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CPU\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.51 Gb Available Physical Memory | 25.82% Memory free 4.21 Gb Paging File | 2.66 Gb Available in Paging File | 63.17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.66 Gb Total Space | 17.97 Gb Free Space | 32.29% Space Free | Partition Type: NTFS Drive E: | 54.66 Gb Total Space | 45.24 Gb Free Space | 82.77% Space Free | Partition Type: NTFS Computer Name: CPU-PC | User Name: CPU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{9B2CF56B-2DB9-47F8-87C8-64BB21244419}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{A48C9693-FD01-4C90-ADFA-6500B6AA5C4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DEBCAFF9-23FD-4AD4-A56D-11EA03CB8EC9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028EF371-0265-4A09-AE39-6F7A8F45C05B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{09BC4902-930B-475C-A525-E3E50BDE49E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{0B7CCC31-7406-403E-BD21-7BBCEFDD86F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D8A72DB-0C3D-4C5C-86A5-3C005BED3352}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{1092315C-9F13-454F-AA69-083B775ADEE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{141C127D-6DFB-4293-94EF-F79A454A9C1F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{1A4F9985-E41D-43B0-B3CD-4A08FA3B5320}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1AF93331-ABFC-42E3-8D80-F1838BB3C1C0}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{218B8FF1-858D-4650-A6EC-0A2EF1D4E1D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{25663858-A6CD-46C1-A10F-4799881240B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{26F3B639-A51B-4F3F-BACB-B8586AE05780}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{3704FF5B-109E-465D-870B-4DE0A5F34FCE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{3BBB84A9-DD9E-49F0-834C-75485E709593}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4B844881-3DCD-45F9-911F-29EBC03DDDC6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{4C27A6DB-A393-4C15-90F6-76F554ED6380}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{627F93AA-D9A2-4C34-BBAE-EC19A670B820}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{68348C8D-39B8-496C-8838-C78BF8A71734}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AB259BCB-68D2-4C81-8112-234C0B7CC13E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{AF13CAA0-64BA-4EDC-A882-409E497F387C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CA1E8C1C-7F2A-40C5-BB68-311005705199}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D2D0A65A-554C-4084-A250-D34AA2BD1854}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{D9140913-9E87-49B5-9778-E08D1E9A1C89}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{E5DF7825-A23A-4EB0-9E4D-9319CA5F560F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{E78CEE60-2DB5-4920-9969-FCE7A9D7E6C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{EE417E97-B345-485C-8990-C2CC2CA6887F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{F2F9E7D8-3E28-4234-BC58-EE3182AE15FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{1E83B647-3680-44D1-8B5B-CBD5B6085788}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | "TCP Query User{4DD508C9-C7FC-4446-9DB7-DE9EAC4C58F0}C:\program files\spss\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spss\paswstat.exe | "TCP Query User{72B8521D-71EF-43DE-91D0-B3861A7A523D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{A4149E20-7273-4DC4-8494-BF36EDB794FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CF9FB807-5510-4CBB-A976-C21A00C46056}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{695A9D08-5B19-40B7-8360-EE84012A0F7C}C:\program files\spss\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spss\paswstat.exe | "UDP Query User{7CCCC0D8-5445-45AF-B69B-D710E16DE210}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{8AB7CB95-6518-4C59-9EB9-6482670E26A4}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{A4088133-037E-4417-91E6-C96843D8A8AE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{CF525121-074D-4E59-9696-0C4F5E8121ED}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{681002C6-5019-81A2-7871-A43754F71E56}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML P****r "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0AA6E81-33D6-5A32-B8D9-7BF42B494C77}" = VaudiX "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0 "BitComet" = BitComet 1.15 "DD202" = DD202 "DivX Setup.divx.com" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OU SPSS data for DD202" = OU SPSS data for DD202 "SP_8187691c" = "Speccy" = Speccy "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "VaudiX" = "VLC media player" = VLC media player 1.0.1 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = WinRAR 4.01 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24/05/2011 09:01:34 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:35 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:35 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:35 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:36 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:36 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:36 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:37 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:37 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 09:01:37 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = [ System Events ] Error - 05/01/2013 15:14:51 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/01/2013 15:14:51 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/01/2013 15:30:17 | Computer Name = CPU-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3150.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 05/01/2013 15:48:32 | Computer Name = CPU-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.3 for the Network Card with network address 0016441EFB1C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08/01/2013 12:28:12 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08/01/2013 12:28:12 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08/01/2013 12:28:12 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Hi Starbuck, Thanks for explaining that to me :)
- January 8, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

OTL report will be posted when the scan is done :)
- January 8, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

TDSS Log 16:34:07.0889 3964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:34:08.0357 3964 ============================================================ 16:34:08.0357 3964 Current date / time: 2013/01/08 16:34:08.0357 16:34:08.0357 3964 SystemInfo: 16:34:08.0357 3964 16:34:08.0357 3964 OS Version: 6.0.6002 ServicePack: 2.0 16:34:08.0357 3964 Product type: Workstation 16:34:08.0357 3964 ComputerName: CPU-PC 16:34:08.0357 3964 UserName: CPU 16:34:08.0357 3964 Windows directory: C:\Windows 16:34:08.0357 3964 System windows directory: C:\Windows 16:34:08.0357 3964 Processor architecture: Intel x86 16:34:08.0357 3964 Number of processors: 1 16:34:08.0357 3964 Page size: 0x1000 16:34:08.0357 3964 Boot type: Normal boot 16:34:08.0357 3964 ============================================================ 16:34:12.0600 3964 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:34:12.0600 3964 ============================================================ 16:34:12.0600 3964 \Device\Harddisk0\DR0: 16:34:12.0600 3964 MBR partitions: 16:34:12.0600 3964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x6F54000 16:34:12.0600 3964 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7242800, BlocksNum 0x6D51800 16:34:12.0600 3964 ============================================================ 16:34:12.0631 3964 C: <-> \Device\Harddisk0\DR0\Partition1 16:34:12.0678 3964 E: <-> \Device\Harddisk0\DR0\Partition2 16:34:12.0678 3964 ============================================================ 16:34:12.0678 3964 Initialize success 16:34:12.0678 3964 ============================================================ 16:34:46.0327 2496 ============================================================ 16:34:46.0327 2496 Scan started 16:34:46.0327 2496 Mode: Manual; 16:34:46.0327 2496 ============================================================ 16:34:46.0998 2496 ================ Scan system memory ======================== 16:34:46.0998 2496 System memory - ok 16:34:47.0014 2496 ================ Scan services ============================= 16:34:47.0451 2496 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 16:34:47.0466 2496 ACPI - ok 16:34:47.0607 2496 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 16:34:47.0607 2496 AdobeARMservice - ok 16:34:47.0700 2496 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:34:47.0716 2496 adp94xx - ok 16:34:47.0763 2496 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:34:47.0778 2496 adpahci - ok 16:34:47.0825 2496 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 16:34:47.0825 2496 adpu160m - ok 16:34:47.0856 2496 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:34:47.0872 2496 adpu320 - ok 16:34:47.0950 2496 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:34:47.0950 2496 AeLookupSvc - ok 16:34:48.0012 2496 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 16:34:48.0043 2496 AFD - ok 16:34:48.0106 2496 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 16:34:48.0106 2496 AgereModemAudio - ok 16:34:48.0324 2496 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 16:34:48.0371 2496 AgereSoftModem - ok 16:34:48.0418 2496 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:34:48.0433 2496 agp440 - ok 16:34:48.0511 2496 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:34:48.0527 2496 aic78xx - ok 16:34:48.0589 2496 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 16:34:48.0589 2496 ALG - ok 16:34:48.0636 2496 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 16:34:48.0652 2496 aliide - ok 16:34:48.0714 2496 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:34:48.0730 2496 amdagp - ok 16:34:48.0777 2496 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 16:34:48.0777 2496 amdide - ok 16:34:48.0839 2496 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 16:34:48.0855 2496 AmdK7 - ok 16:34:48.0901 2496 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:34:48.0901 2496 AmdK8 - ok 16:34:48.0979 2496 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 16:34:48.0979 2496 Appinfo - ok 16:34:49.0026 2496 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 16:34:49.0042 2496 arc - ok 16:34:49.0089 2496 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:34:49.0089 2496 arcsas - ok 16:34:49.0151 2496 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:34:49.0151 2496 AsyncMac - ok 16:34:49.0213 2496 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 16:34:49.0213 2496 atapi - ok 16:34:49.0307 2496 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:34:49.0323 2496 AudioEndpointBuilder - ok 16:34:49.0369 2496 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:34:49.0369 2496 Audiosrv - ok 16:34:49.0463 2496 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 16:34:49.0479 2496 Beep - ok 16:34:49.0572 2496 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 16:34:49.0588 2496 BFE - ok 16:34:49.0775 2496 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 16:34:49.0806 2496 BITS - ok 16:34:49.0853 2496 blbdrive - ok 16:34:49.0947 2496 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:34:49.0947 2496 bowser - ok 16:34:50.0056 2496 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 16:34:50.0056 2496 BrFiltLo - ok 16:34:50.0149 2496 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 16:34:50.0149 2496 BrFiltUp - ok 16:34:50.0227 2496 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 16:34:50.0259 2496 Browser - ok 16:34:50.0368 2496 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 16:34:50.0368 2496 Brserid - ok 16:34:50.0477 2496 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 16:34:50.0477 2496 BrSerWdm - ok 16:34:50.0571 2496 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 16:34:50.0571 2496 BrUsbMdm - ok 16:34:50.0633 2496 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 16:34:50.0649 2496 BrUsbSer - ok 16:34:50.0851 2496 btaudio - ok 16:34:50.0914 2496 BTDriver - ok 16:34:50.0976 2496 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:34:50.0976 2496 BTHMODEM - ok 16:34:51.0101 2496 BTKRNL - ok 16:34:51.0148 2496 BTWDNDIS - ok 16:34:51.0210 2496 BTWUSB - ok 16:34:51.0273 2496 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:34:51.0288 2496 cdfs - ok 16:34:51.0413 2496 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:34:51.0413 2496 cdrom - ok 16:34:51.0491 2496 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 16:34:51.0522 2496 CertPropSvc - ok 16:34:51.0631 2496 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 16:34:51.0631 2496 CFSvcs - ok 16:34:51.0694 2496 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 16:34:51.0694 2496 circlass - ok 16:34:51.0756 2496 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 16:34:51.0772 2496 CLFS - ok 16:34:51.0881 2496 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:34:51.0897 2496 clr_optimization_v2.0.50727_32 - ok 16:34:51.0959 2496 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:34:51.0959 2496 CmBatt - ok 16:34:52.0021 2496 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:34:52.0021 2496 cmdide - ok 16:34:52.0115 2496 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:34:52.0115 2496 Compbatt - ok 16:34:52.0177 2496 COMSysApp - ok 16:34:52.0240 2496 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:34:52.0240 2496 crcdisk - ok 16:34:52.0333 2496 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 16:34:52.0333 2496 Crusoe - ok 16:34:52.0489 2496 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:34:52.0489 2496 CryptSvc - ok 16:34:52.0630 2496 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:34:52.0645 2496 DcomLaunch - ok 16:34:52.0723 2496 Scan interrupted by user! 16:34:52.0723 2496 ================ Scan global =============================== 16:34:52.0723 2496 Scan interrupted by user! 16:34:52.0723 2496 ================ Scan MBR ================================== 16:34:52.0723 2496 Scan interrupted by user! 16:34:52.0723 2496 ================ Scan VBR ================================== 16:34:52.0723 2496 Scan interrupted by user! 16:34:52.0723 2496 ============================================================ 16:34:52.0723 2496 Scan finished 16:34:52.0723 2496 ============================================================ 16:34:52.0864 0584 Detected object count: 0 16:34:52.0864 0584 Actual detected object count: 0 16:35:07.0871 3684 ============================================================ 16:35:07.0871 3684 Scan started 16:35:07.0871 3684 Mode: Manual; 16:35:07.0871 3684 ============================================================ 16:35:08.0339 3684 ================ Scan system memory ======================== 16:35:08.0339 3684 System memory - ok 16:35:08.0355 3684 ================ Scan services ============================= 16:35:08.0729 3684 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 16:35:08.0729 3684 ACPI - ok 16:35:08.0885 3684 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 16:35:08.0885 3684 AdobeARMservice - ok 16:35:08.0979 3684 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:35:08.0979 3684 adp94xx - ok 16:35:09.0041 3684 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:35:09.0057 3684 adpahci - ok 16:35:09.0103 3684 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 16:35:09.0119 3684 adpu160m - ok 16:35:09.0181 3684 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:35:09.0197 3684 adpu320 - ok 16:35:09.0291 3684 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:35:09.0291 3684 AeLookupSvc - ok 16:35:09.0369 3684 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 16:35:09.0369 3684 AFD - ok 16:35:09.0415 3684 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 16:35:09.0415 3684 AgereModemAudio - ok 16:35:09.0696 3684 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 16:35:09.0727 3684 AgereSoftModem - ok 16:35:09.0805 3684 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:35:09.0805 3684 agp440 - ok 16:35:09.0852 3684 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:35:09.0868 3684 aic78xx - ok 16:35:09.0946 3684 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 16:35:09.0946 3684 ALG - ok 16:35:10.0024 3684 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 16:35:10.0024 3684 aliide - ok 16:35:10.0086 3684 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:35:10.0086 3684 amdagp - ok 16:35:10.0149 3684 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 16:35:10.0149 3684 amdide - ok 16:35:10.0242 3684 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 16:35:10.0242 3684 AmdK7 - ok 16:35:10.0320 3684 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:35:10.0320 3684 AmdK8 - ok 16:35:10.0398 3684 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 16:35:10.0398 3684 Appinfo - ok 16:35:10.0585 3684 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 16:35:10.0585 3684 arc - ok 16:35:10.0632 3684 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:35:10.0648 3684 arcsas - ok 16:35:10.0741 3684 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:35:10.0741 3684 AsyncMac - ok 16:35:10.0866 3684 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 16:35:10.0882 3684 atapi - ok 16:35:10.0991 3684 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:35:11.0007 3684 AudioEndpointBuilder - ok 16:35:11.0053 3684 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:35:11.0069 3684 Audiosrv - ok 16:35:11.0178 3684 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 16:35:11.0178 3684 Beep - ok 16:35:11.0303 3684 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 16:35:11.0303 3684 BFE - ok 16:35:11.0521 3684 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 16:35:11.0537 3684 BITS - ok 16:35:11.0584 3684 blbdrive - ok 16:35:11.0646 3684 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:35:11.0646 3684 bowser - ok 16:35:11.0740 3684 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 16:35:11.0740 3684 BrFiltLo - ok 16:35:11.0833 3684 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 16:35:11.0833 3684 BrFiltUp - ok 16:35:11.0927 3684 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 16:35:11.0927 3684 Browser - ok 16:35:11.0974 3684 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 16:35:11.0974 3684 Brserid - ok 16:35:12.0052 3684 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 16:35:12.0052 3684 BrSerWdm - ok 16:35:12.0145 3684 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 16:35:12.0145 3684 BrUsbMdm - ok 16:35:12.0192 3684 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 16:35:12.0192 3684 BrUsbSer - ok 16:35:12.0239 3684 btaudio - ok 16:35:12.0286 3684 BTDriver - ok 16:35:12.0348 3684 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:35:12.0348 3684 BTHMODEM - ok 16:35:12.0395 3684 BTKRNL - ok 16:35:12.0426 3684 BTWDNDIS - ok 16:35:12.0473 3684 BTWUSB - ok 16:35:12.0551 3684 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:35:12.0551 3684 cdfs - ok 16:35:12.0629 3684 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:35:12.0629 3684 cdrom - ok 16:35:12.0723 3684 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 16:35:12.0723 3684 CertPropSvc - ok 16:35:12.0832 3684 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 16:35:12.0847 3684 CFSvcs - ok 16:35:12.0894 3684 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 16:35:12.0894 3684 circlass - ok 16:35:13.0003 3684 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 16:35:13.0003 3684 CLFS - ok 16:35:13.0175 3684 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:35:13.0175 3684 clr_optimization_v2.0.50727_32 - ok 16:35:13.0237 3684 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:35:13.0237 3684 CmBatt - ok 16:35:13.0315 3684 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:35:13.0315 3684 cmdide - ok 16:35:13.0409 3684 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:35:13.0409 3684 Compbatt - ok 16:35:13.0440 3684 COMSysApp - ok 16:35:13.0487 3684 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:35:13.0503 3684 crcdisk - ok 16:35:13.0549 3684 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 16:35:13.0549 3684 Crusoe - ok 16:35:13.0674 3684 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:35:13.0674 3684 CryptSvc - ok 16:35:13.0861 3684 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:35:13.0893 3684 DcomLaunch - ok 16:35:14.0002 3684 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:35:14.0002 3684 DfsC - ok 16:35:14.0345 3684 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 16:35:14.0704 3684 DFSR - ok 16:35:14.0844 3684 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 16:35:14.0844 3684 Dhcp - ok 16:35:14.0922 3684 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 16:35:14.0922 3684 disk - ok 16:35:15.0000 3684 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:35:15.0016 3684 Dnscache - ok 16:35:15.0125 3684 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:35:15.0125 3684 dot3svc - ok 16:35:15.0203 3684 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 16:35:15.0203 3684 DPS - ok 16:35:15.0281 3684 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:35:15.0281 3684 drmkaud - ok 16:35:15.0390 3684 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:35:15.0406 3684 DXGKrnl - ok 16:35:15.0499 3684 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 16:35:15.0499 3684 E1G60 - ok 16:35:15.0562 3684 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 16:35:15.0562 3684 EapHost - ok 16:35:15.0671 3684 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 16:35:15.0671 3684 Ecache - ok 16:35:15.0827 3684 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:35:15.0843 3684 ehRecvr - ok 16:35:15.0936 3684 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 16:35:15.0936 3684 ehSched - ok 16:35:15.0999 3684 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 16:35:15.0999 3684 ehstart - ok 16:35:16.0123 3684 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:35:16.0139 3684 elxstor - ok 16:35:16.0279 3684 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 16:35:16.0295 3684 EMDMgmt - ok 16:35:16.0435 3684 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 16:35:16.0451 3684 EventSystem - ok 16:35:16.0529 3684 ewusbnet - ok 16:35:16.0576 3684 ew_hwusbdev - ok 16:35:16.0638 3684 ew_usbenumfilter - ok 16:35:16.0716 3684 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 16:35:16.0763 3684 exfat - ok 16:35:16.0903 3684 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:35:16.0903 3684 fastfat - ok 16:35:16.0981 3684 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:35:16.0981 3684 fdc - ok 16:35:17.0044 3684 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 16:35:17.0059 3684 fdPHost - ok 16:35:17.0122 3684 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 16:35:17.0122 3684 FDResPub - ok 16:35:17.0247 3684 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:35:17.0247 3684 FileInfo - ok 16:35:17.0543 3684 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:35:17.0543 3684 Filetrace - ok 16:35:17.0605 3684 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:35:17.0605 3684 flpydisk - ok 16:35:17.0715 3684 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:35:17.0715 3684 FltMgr - ok 16:35:18.0042 3684 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 16:35:18.0136 3684 FontCache - ok 16:35:18.0276 3684 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:35:18.0292 3684 FontCache3.0.0.0 - ok 16:35:18.0370 3684 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:35:18.0370 3684 Fs_Rec - ok 16:35:18.0432 3684 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:35:18.0448 3684 gagp30kx - ok 16:35:18.0495 3684 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:35:18.0510 3684 GEARAspiWDM - ok 16:35:18.0744 3684 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 16:35:18.0760 3684 gpsvc - ok 16:35:18.0838 3684 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:35:18.0838 3684 HdAudAddService - ok 16:35:19.0041 3684 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:35:19.0072 3684 HDAudBus - ok 16:35:19.0119 3684 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:35:19.0134 3684 HidBth - ok 16:35:19.0197 3684 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 16:35:19.0197 3684 HidIr - ok 16:35:19.0290 3684 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 16:35:19.0290 3684 hidserv - ok 16:35:19.0353 3684 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:35:19.0353 3684 HidUsb - ok 16:35:19.0415 3684 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:35:19.0415 3684 hkmsvc - ok 16:35:19.0477 3684 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 16:35:19.0477 3684 HpCISSs - ok 16:35:19.0633 3684 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:35:19.0649 3684 HTTP - ok 16:35:19.0696 3684 huawei_enumerator - ok 16:35:19.0743 3684 hwdatacard - ok 16:35:19.0805 3684 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 16:35:19.0805 3684 i2omp - ok 16:35:19.0883 3684 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:35:19.0883 3684 i8042prt - ok 16:35:20.0008 3684 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:35:20.0008 3684 iaStor - ok 16:35:20.0070 3684 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 16:35:20.0148 3684 iaStorV - ok 16:35:20.0351 3684 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:35:20.0413 3684 idsvc - ok 16:35:20.0819 3684 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 16:35:21.0334 3684 igfx - ok 16:35:21.0459 3684 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:35:21.0490 3684 iirsp - ok 16:35:21.0583 3684 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 16:35:21.0630 3684 IKEEXT - ok 16:35:22.0005 3684 [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 16:35:22.0504 3684 IntcAzAudAddService - ok 16:35:22.0566 3684 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 16:35:22.0566 3684 intelide - ok 16:35:22.0644 3684 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:35:22.0644 3684 intelppm - ok 16:35:22.0691 3684 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:35:22.0691 3684 IPBusEnum - ok 16:35:22.0769 3684 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:35:22.0785 3684 IpFilterDriver - ok 16:35:22.0909 3684 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:35:22.0925 3684 iphlpsvc - ok 16:35:22.0956 3684 IpInIp - ok 16:35:23.0034 3684 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 16:35:23.0034 3684 IPMIDRV - ok 16:35:23.0112 3684 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 16:35:23.0112 3684 IPNAT - ok 16:35:23.0268 3684 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:35:23.0299 3684 iPod Service - ok 16:35:23.0377 3684 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:35:23.0393 3684 IRENUM - ok 16:35:23.0455 3684 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:35:23.0455 3684 isapnp - ok 16:35:23.0533 3684 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 16:35:23.0549 3684 iScsiPrt - ok 16:35:23.0627 3684 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 16:35:23.0643 3684 iteatapi - ok 16:35:23.0705 3684 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 16:35:23.0705 3684 iteraid - ok 16:35:23.0799 3684 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:35:23.0799 3684 kbdclass - ok 16:35:23.0861 3684 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 16:35:23.0877 3684 kbdhid - ok 16:35:23.0955 3684 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 16:35:23.0955 3684 KeyIso - ok 16:35:24.0064 3684 [ A383F2CEA0A8F4E76E71ABC869BD5748 ] KR10I C:\Windows\system32\drivers\kr10i.sys 16:35:24.0079 3684 KR10I - ok 16:35:24.0142 3684 [ 6E9922332386C2A49936B30B2B6FD298 ] KR10N C:\Windows\system32\drivers\kr10n.sys 16:35:24.0173 3684 KR10N - ok 16:35:24.0298 3684 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:35:24.0313 3684 KSecDD - ok 16:35:24.0454 3684 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 16:35:24.0485 3684 KtmRm - ok 16:35:24.0563 3684 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 16:35:24.0641 3684 LanmanServer - ok 16:35:24.0735 3684 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:35:24.0750 3684 LanmanWorkstation - ok 16:35:24.0828 3684 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:35:24.0828 3684 lltdio - ok 16:35:24.0969 3684 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:35:24.0984 3684 lltdsvc - ok 16:35:25.0078 3684 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:35:25.0093 3684 lmhosts - ok 16:35:25.0187 3684 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:35:25.0203 3684 LSI_FC - ok 16:35:25.0296 3684 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:35:25.0296 3684 LSI_SAS - ok 16:35:25.0359 3684 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:35:25.0359 3684 LSI_SCSI - ok 16:35:25.0421 3684 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 16:35:25.0437 3684 luafv - ok 16:35:25.0515 3684 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:35:25.0530 3684 Mcx2Svc - ok 16:35:25.0593 3684 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 16:35:25.0593 3684 megasas - ok 16:35:25.0780 3684 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 16:35:25.0780 3684 Microsoft Office Groove Audit Service - ok 16:35:25.0842 3684 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 16:35:25.0842 3684 MMCSS - ok 16:35:25.0936 3684 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 16:35:25.0936 3684 Modem - ok 16:35:26.0154 3684 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:35:26.0154 3684 monitor - ok 16:35:26.0232 3684 [ FE80C18BA448DDD76B7BEAD9EB203D37 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys 16:35:26.0248 3684 motmodem - ok 16:35:26.0279 3684 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:35:26.0310 3684 mouclass - ok 16:35:26.0388 3684 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:35:26.0388 3684 mouhid - ok 16:35:26.0451 3684 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 16:35:26.0451 3684 MountMgr - ok 16:35:26.0591 3684 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 16:35:26.0591 3684 MozillaMaintenance - ok 16:35:26.0716 3684 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 16:35:26.0731 3684 MpFilter - ok 16:35:26.0794 3684 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 16:35:26.0794 3684 mpio - ok 16:35:26.0981 3684 [ A69630D039C38018689190234F866D77 ] MpKsl089325cd C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EDCFFE2-17B8-45F2-A22E-ED16B9701714}\MpKsl089325cd.sys 16:35:26.0981 3684 MpKsl089325cd - ok 16:35:27.0043 3684 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:35:27.0043 3684 mpsdrv - ok 16:35:27.0199 3684 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 16:35:27.0231 3684 MpsSvc - ok 16:35:27.0324 3684 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 16:35:27.0324 3684 Mraid35x - ok 16:35:27.0402 3684 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:35:27.0402 3684 MRxDAV - ok 16:35:27.0465 3684 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:35:27.0480 3684 mrxsmb - ok 16:35:27.0558 3684 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:35:27.0574 3684 mrxsmb10 - ok 16:35:27.0636 3684 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:35:27.0652 3684 mrxsmb20 - ok 16:35:27.0730 3684 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 16:35:27.0730 3684 msahci - ok 16:35:27.0777 3684 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:35:27.0792 3684 msdsm - ok 16:35:27.0855 3684 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 16:35:27.0870 3684 MSDTC - ok 16:35:28.0042 3684 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:35:28.0042 3684 Msfs - ok 16:35:28.0120 3684 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:35:28.0135 3684 msisadrv - ok 16:35:28.0213 3684 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:35:28.0213 3684 MSiSCSI - ok 16:35:28.0260 3684 msiserver - ok 16:35:28.0307 3684 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:35:28.0307 3684 MSKSSRV - ok 16:35:28.0588 3684 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:35:28.0588 3684 MsMpSvc - ok 16:35:28.0650 3684 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:35:28.0650 3684 MSPCLOCK - ok 16:35:28.0728 3684 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:35:28.0728 3684 MSPQM - ok 16:35:28.0806 3684 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:35:28.0822 3684 MsRPC - ok 16:35:28.0915 3684 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:35:28.0915 3684 mssmbios - ok 16:35:28.0993 3684 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:35:28.0993 3684 MSTEE - ok 16:35:29.0071 3684 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys 16:35:29.0087 3684 MTsensor - ok 16:35:29.0149 3684 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 16:35:29.0149 3684 Mup - ok 16:35:29.0274 3684 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 16:35:29.0290 3684 napagent - ok 16:35:29.0399 3684 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:35:29.0399 3684 NativeWifiP - ok 16:35:29.0586 3684 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:35:29.0602 3684 NDIS - ok 16:35:29.0680 3684 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:35:29.0680 3684 NdisTapi - ok 16:35:29.0758 3684 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:35:29.0773 3684 Ndisuio - ok 16:35:29.0867 3684 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:35:29.0867 3684 NdisWan - ok 16:35:29.0929 3684 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:35:29.0929 3684 NDProxy - ok 16:35:29.0976 3684 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:35:29.0976 3684 NetBIOS - ok 16:35:30.0085 3684 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 16:35:30.0101 3684 netbt - ok 16:35:30.0163 3684 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 16:35:30.0163 3684 Netlogon - ok 16:35:30.0257 3684 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 16:35:30.0273 3684 Netman - ok 16:35:30.0460 3684 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 16:35:30.0475 3684 netprofm - ok 16:35:30.0569 3684 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:35:30.0585 3684 NetTcpPortSharing - ok 16:35:30.0663 3684 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:35:30.0725 3684 nfrd960 - ok 16:35:30.0787 3684 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:35:30.0787 3684 NisDrv - ok 16:35:30.0943 3684 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe 16:35:30.0959 3684 NisSrv - ok 16:35:31.0037 3684 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:35:31.0053 3684 NlaSvc - ok 16:35:31.0146 3684 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:35:31.0146 3684 Npfs - ok 16:35:31.0209 3684 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 16:35:31.0224 3684 nsi - ok 16:35:31.0302 3684 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:35:31.0302 3684 nsiproxy - ok 16:35:31.0536 3684 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:35:31.0583 3684 Ntfs - ok 16:35:31.0677 3684 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 16:35:31.0677 3684 ntrigdigi - ok 16:35:31.0723 3684 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 16:35:31.0723 3684 Null - ok 16:35:31.0786 3684 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:35:31.0786 3684 nvraid - ok 16:35:31.0848 3684 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:35:31.0848 3684 nvstor - ok 16:35:31.0942 3684 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:35:31.0942 3684 nv_agp - ok 16:35:31.0973 3684 NwlnkFlt - ok 16:35:32.0020 3684 NwlnkFwd - ok 16:35:32.0207 3684 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:35:32.0223 3684 odserv - ok 16:35:32.0269 3684 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:35:32.0285 3684 ohci1394 - ok 16:35:32.0379 3684 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:35:32.0394 3684 ose - ok 16:35:32.0566 3684 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 16:35:32.0597 3684 p2pimsvc - ok 16:35:32.0659 3684 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 16:35:32.0675 3684 p2psvc - ok 16:35:32.0769 3684 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 16:35:32.0784 3684 Parport - ok 16:35:32.0862 3684 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:35:32.0878 3684 partmgr - ok 16:35:32.0925 3684 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 16:35:32.0940 3684 Parvdm - ok 16:35:32.0987 3684 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 16:35:33.0003 3684 PcaSvc - ok 16:35:33.0096 3684 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 16:35:33.0096 3684 pci - ok 16:35:33.0190 3684 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys 16:35:33.0190 3684 pciide - ok 16:35:33.0299 3684 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:35:33.0315 3684 pcmcia - ok 16:35:33.0517 3684 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:35:33.0549 3684 PEAUTH - ok 16:35:33.0970 3684 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 16:35:34.0079 3684 pla - ok 16:35:34.0173 3684 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:35:34.0188 3684 PlugPlay - ok 16:35:34.0313 3684 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 16:35:34.0344 3684 PNRPAutoReg - ok 16:35:34.0407 3684 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 16:35:34.0422 3684 PNRPsvc - ok 16:35:34.0609 3684 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:35:34.0625 3684 PolicyAgent - ok 16:35:34.0734 3684 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:35:34.0734 3684 PptpMiniport - ok 16:35:34.0843 3684 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 16:35:34.0843 3684 Processor - ok 16:35:34.0937 3684 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 16:35:34.0953 3684 ProfSvc - ok 16:35:35.0015 3684 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 16:35:35.0015 3684 ProtectedStorage - ok 16:35:35.0077 3684 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 16:35:35.0093 3684 PSched - ok 16:35:35.0389 3684 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:35:35.0499 3684 ql2300 - ok 16:35:35.0623 3684 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:35:35.0623 3684 ql40xx - ok 16:35:35.0764 3684 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 16:35:35.0779 3684 QWAVE - ok 16:35:35.0842 3684 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:35:35.0842 3684 QWAVEdrv - ok 16:35:35.0920 3684 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:35:35.0920 3684 RasAcd - ok 16:35:35.0998 3684 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 16:35:35.0998 3684 RasAuto - ok 16:35:36.0076 3684 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:35:36.0091 3684 Rasl2tp - ok 16:35:36.0169 3684 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 16:35:36.0185 3684 RasMan - ok 16:35:36.0279 3684 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:35:36.0279 3684 RasPppoe - ok 16:35:36.0372 3684 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:35:36.0372 3684 RasSstp - ok 16:35:36.0513 3684 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:35:36.0528 3684 rdbss - ok 16:35:36.0575 3684 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:35:36.0591 3684 RDPCDD - ok 16:35:36.0715 3684 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 16:35:36.0715 3684 rdpdr - ok 16:35:36.0981 3684 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:35:36.0981 3684 RDPENCDD - ok 16:35:37.0199 3684 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:35:37.0215 3684 RDPWD - ok 16:35:37.0277 3684 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:35:37.0293 3684 RemoteAccess - ok 16:35:37.0339 3684 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:35:37.0355 3684 RemoteRegistry - ok 16:35:37.0417 3684 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys 16:35:37.0417 3684 rimmptsk - ok 16:35:37.0464 3684 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 16:35:37.0464 3684 rimsptsk - ok 16:35:37.0527 3684 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys 16:35:37.0527 3684 rismxdp - ok 16:35:37.0589 3684 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 16:35:37.0589 3684 RpcLocator - ok 16:35:37.0698 3684 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 16:35:37.0714 3684 RpcSs - ok 16:35:37.0776 3684 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:35:37.0792 3684 rspndr - ok 16:35:37.0995 3684 [ 166911EADA13CD34DD8F8C667707BE94 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 16:35:38.0057 3684 RTL8023xp - ok 16:35:38.0182 3684 [ 7FE5089EB5F624899DE08C30DB4377FC ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys 16:35:38.0213 3684 RTL8187B - ok 16:35:38.0260 3684 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 16:35:38.0260 3684 SamSs - ok 16:35:38.0338 3684 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:35:38.0353 3684 sbp2port - ok 16:35:38.0619 3684 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:35:38.0634 3684 SCardSvr - ok 16:35:38.0806 3684 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 16:35:39.0773 3684 Schedule - ok 16:35:39.0960 3684 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:35:39.0960 3684 SCPolicySvc - ok 16:35:40.0335 3684 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 16:35:40.0584 3684 sdbus - ok 16:35:40.0787 3684 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:35:40.0803 3684 SDRSVC - ok 16:35:41.0099 3684 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:35:41.0115 3684 secdrv - ok 16:35:41.0224 3684 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 16:35:41.0286 3684 seclogon - ok 16:35:41.0489 3684 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 16:35:41.0489 3684 SENS - ok 16:35:41.0551 3684 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 16:35:41.0551 3684 Serenum - ok 16:35:41.0785 3684 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 16:35:41.0879 3684 Serial - ok 16:35:42.0082 3684 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:35:42.0082 3684 sermouse - ok 16:35:42.0472 3684 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 16:35:42.0487 3684 SessionEnv - ok 16:35:42.0597 3684 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:35:42.0643 3684 sffdisk - ok 16:35:42.0799 3684 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:35:42.0846 3684 sffp_mmc - ok 16:35:43.0143 3684 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:35:43.0189 3684 sffp_sd - ok 16:35:43.0486 3684 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:35:43.0548 3684 sfloppy - ok 16:35:43.0860 3684 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:35:43.0954 3684 SharedAccess - ok 16:35:44.0422 3684 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:35:45.0405 3684 ShellHWDetection - ok 16:35:45.0639 3684 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:35:45.0654 3684 sisagp - ok 16:35:45.0701 3684 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 16:35:45.0701 3684 SiSRaid2 - ok 16:35:46.0434 3684 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:35:46.0871 3684 SiSRaid4 - ok 16:35:48.0431 3684 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 16:35:48.0993 3684 SkypeUpdate - ok 16:35:50.0001 3684 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 16:35:53.0461 3684 slsvc - ok 16:35:53.0761 3684 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 16:35:53.0821 3684 SLUINotify - ok 16:35:54.0321 3684 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:35:57.0041 3684 Smb - ok 16:35:57.0311 3684 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:35:57.0811 3684 SNMPTRAP - ok 16:35:58.0091 3684 [ D08D19EE68CB88AB1BC5DA3081505847 ] snpstd C:\Windows\system32\DRIVERS\snpstd.sys 16:35:58.0111 3684 snpstd - ok 16:35:58.0931 3684 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 16:35:59.0051 3684 spldr - ok 16:35:59.0341 3684 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 16:35:59.0871 3684 Spooler - ok 16:36:00.0301 3684 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:36:00.0531 3684 srv - ok 16:36:00.0681 3684 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:36:00.0681 3684 srv2 - ok 16:36:00.0751 3684 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:36:00.0761 3684 srvnet - ok 16:36:00.0831 3684 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:36:00.0971 3684 SSDPSRV - ok 16:36:01.0498 3684 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:36:01.0747 3684 SstpSvc - ok 16:36:01.0888 3684 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 16:36:01.0903 3684 stisvc - ok 16:36:01.0950 3684 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:36:01.0950 3684 swenum - ok 16:36:02.0028 3684 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 16:36:02.0044 3684 swprv - ok 16:36:02.0122 3684 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 16:36:02.0122 3684 Symc8xx - ok 16:36:02.0184 3684 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 16:36:02.0200 3684 Sym_hi - ok 16:36:02.0262 3684 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 16:36:02.0403 3684 Sym_u3 - ok 16:36:02.0590 3684 [ BAA29028E7DB52837198465C5C53A2F0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 16:36:02.0605 3684 SynTP - ok 16:36:03.0198 3684 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 16:36:03.0853 3684 SysMain - ok 16:36:04.0103 3684 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:36:05.0211 3684 TabletInputService - ok 16:36:05.0335 3684 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:36:05.0460 3684 TapiSrv - ok 16:36:05.0585 3684 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 16:36:05.0632 3684 TBS - ok 16:36:06.0877 3684 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:36:06.0908 3684 Tcpip - ok 16:36:06.0971 3684 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 16:36:07.0002 3684 Tcpip6 - ok 16:36:07.0095 3684 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:36:07.0095 3684 tcpipreg - ok 16:36:07.0251 3684 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 16:36:07.0251 3684 tdcmdpst - ok 16:36:07.0298 3684 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:36:07.0298 3684 TDPIPE - ok 16:36:07.0501 3684 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:36:07.0501 3684 TDTCP - ok 16:36:07.0563 3684 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:36:07.0579 3684 tdx - ok 16:36:07.0641 3684 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:36:07.0641 3684 TermDD - ok 16:36:07.0719 3684 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 16:36:07.0735 3684 TermService - ok 16:36:07.0782 3684 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 16:36:07.0797 3684 Themes - ok 16:36:07.0885 3684 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 16:36:07.0895 3684 THREADORDER - ok 16:36:08.0155 3684 [ 8F840D5AB73E0C8A5A1A14CB022EFAB3 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 16:36:09.0575 3684 TNaviSrv - ok 16:36:09.0835 3684 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe 16:36:10.0275 3684 TODDSrv - ok 16:36:10.0425 3684 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys 16:36:10.0555 3684 tos_sps32 - ok 16:36:10.0625 3684 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 16:36:10.0635 3684 TrkWks - ok 16:36:11.0135 3684 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:36:11.0145 3684 TrustedInstaller - ok 16:36:11.0245 3684 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:36:11.0245 3684 tssecsrv - ok 16:36:11.0305 3684 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 16:36:11.0325 3684 tunmp - ok 16:36:11.0655 3684 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:36:11.0715 3684 tunnel - ok 16:36:11.0845 3684 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:36:11.0845 3684 uagp35 - ok 16:36:12.0085 3684 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:36:12.0095 3684 udfs - ok 16:36:12.0705 3684 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:36:12.0725 3684 UI0Detect - ok 16:36:13.0265 3684 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:36:13.0265 3684 uliagpkx - ok 16:36:13.0515 3684 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 16:36:13.0535 3684 uliahci - ok 16:36:13.0605 3684 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 16:36:13.0615 3684 UlSata - ok 16:36:13.0695 3684 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 16:36:13.0705 3684 ulsata2 - ok 16:36:13.0825 3684 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:36:13.0825 3684 umbus - ok 16:36:14.0075 3684 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 16:36:14.0095 3684 upnphost - ok 16:36:14.0215 3684 USBAAPL - ok 16:36:14.0445 3684 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:36:14.0445 3684 usbccgp - ok 16:36:14.0555 3684 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:36:14.0645 3684 usbcir - ok 16:36:14.0911 3684 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:36:15.0223 3684 usbehci - ok 16:36:15.0457 3684 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:36:15.0784 3684 usbhub - ok 16:36:15.0987 3684 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:36:16.0252 3684 usbohci - ok 16:36:16.0627 3684 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 16:36:16.0845 3684 usbprint - ok 16:36:17.0375 3684 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:36:17.0765 3684 USBSTOR - ok 16:36:18.0249 3684 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:36:18.0374 3684 usbuhci - ok 16:36:18.0499 3684 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 16:36:18.0639 3684 UxSms - ok 16:36:18.0873 3684 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 16:36:19.0060 3684 vds - ok 16:36:19.0185 3684 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:36:19.0232 3684 vga - ok 16:36:19.0357 3684 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 16:36:19.0497 3684 VgaSave - ok 16:36:19.0575 3684 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:36:19.0700 3684 viaagp - ok 16:36:19.0926 3684 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 16:36:20.0035 3684 ViaC7 - ok 16:36:20.0129 3684 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 16:36:20.0425 3684 viaide - ok 16:36:20.0597 3684 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:36:20.0613 3684 volmgr - ok 16:36:20.0893 3684 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:36:21.0361 3684 volmgrx - ok 16:36:21.0486 3684 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:36:21.0564 3684 volsnap - ok 16:36:21.0627 3684 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:36:21.0658 3684 vsmraid - ok 16:36:21.0783 3684 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 16:36:21.0876 3684 VSS - ok 16:36:22.0001 3684 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 16:36:22.0063 3684 W32Time - ok 16:36:22.0204 3684 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:36:22.0360 3684 WacomPen - ok 16:36:22.0500 3684 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 16:36:22.0516 3684 Wanarp - ok 16:36:22.0547 3684 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:36:22.0547 3684 Wanarpv6 - ok 16:36:22.0984 3684 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:36:23.0015 3684 wcncsvc - ok 16:36:23.0218 3684 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:36:23.0218 3684 WcsPlugInService - ok 16:36:23.0577 3684 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 16:36:23.0577 3684 Wd - ok 16:36:23.0748 3684 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:36:23.0779 3684 Wdf01000 - ok 16:36:23.0842 3684 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:36:24.0045 3684 WdiServiceHost - ok 16:36:24.0435 3684 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:36:24.0450 3684 WdiSystemHost - ok 16:36:25.0839 3684 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 16:36:26.0229 3684 WebClient - ok 16:36:26.0385 3684 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:36:26.0447 3684 Wecsvc - ok 16:36:26.0587 3684 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:36:26.0603 3684 wercplsupport - ok 16:36:27.0118 3684 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 16:36:27.0664 3684 WerSvc - ok 16:36:28.0116 3684 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 16:36:29.0551 3684 WinDefend - ok 16:36:29.0598 3684 WinHttpAutoProxySvc - ok 16:36:34.0981 3684 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:36:35.0035 3684 Winmgmt - ok 16:36:35.0622 3684 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 16:36:35.0700 3684 WinRM - ok 16:36:36.0182 3684 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:36:36.0233 3684 Wlansvc - ok 16:36:36.0560 3684 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:36:36.0566 3684 WmiAcpi - ok 16:36:36.0941 3684 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:36:36.0951 3684 wmiApSrv - ok 16:36:37.0357 3684 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:36:37.0403 3684 WMPNetworkSvc - ok 16:36:37.0582 3684 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:36:37.0631 3684 WPCSvc - ok 16:36:37.0864 3684 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:36:37.0880 3684 WPDBusEnum - ok 16:36:38.0129 3684 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 16:36:38.0129 3684 WpdUsb - ok 16:36:38.0207 3684 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:36:38.0223 3684 ws2ifsl - ok 16:36:38.0332 3684 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 16:36:38.0348 3684 wscsvc - ok 16:36:38.0410 3684 WSearch - ok 16:36:39.0533 3684 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 16:36:39.0658 3684 wuauserv - ok 16:36:39.0767 3684 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:36:39.0767 3684 WUDFRd - ok 16:36:39.0923 3684 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:36:39.0923 3684 wudfsvc - ok 16:36:40.0110 3684 ================ Scan global =============================== 16:36:40.0266 3684 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 16:36:40.0438 3684 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 16:36:40.0500 3684 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 16:36:40.0688 3684 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 16:36:40.0703 3684 [Global] - ok 16:36:40.0719 3684 ================ Scan MBR ================================== 16:36:40.0750 3684 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 16:36:42.0170 3684 \Device\Harddisk0\DR0 - ok 16:36:42.0185 3684 ================ Scan VBR ================================== 16:36:42.0216 3684 [ BD4571AAF671973EA75014CF99209642 ] \Device\Harddisk0\DR0\Partition1 16:36:42.0216 3684 \Device\Harddisk0\DR0\Partition1 - ok 16:36:42.0388 3684 [ 0DDD10D3258529F5C1BE6D6E3DAB7CC3 ] \Device\Harddisk0\DR0\Partition2 16:36:42.0404 3684 \Device\Harddisk0\DR0\Partition2 - ok 16:36:42.0466 3684 ============================================================ 16:36:42.0466 3684 Scan finished 16:36:42.0466 3684 ============================================================ 16:36:42.0528 1300 Detected object count: 0 16:36:42.0528 1300 Actual detected object count: 0
- January 8, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

Adw Cleaner Log # AdwCleaner v2.105 - Logfile created 01/08/2013 at 16:24:17 # Updated 08/01/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : CPU - CPU-PC # Boot Mode : Normal # Running from : C:\Users\CPU\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\ProgramData\Premium Folder Deleted : C:\Program Files\1ClickDownload Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Program Files\Yontoo Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\CPU\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload Key Deleted : HKCU\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\Software\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("extensions.509b6907adba5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); ************************* AdwCleaner[s2].txt - [5420 octets] - [08/01/2013 16:24:17] ########## EOF - C:\AdwCleaner[s2].txt - [5480 octets] ##########
- January 8, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

Hi Starbuck, Thanks for getting back to me. That's weird because I haven't downloaded anything in over a year! I only stream. I still have BitTorrent but I don't use it anymore at all. Should I uninstall to be on the safe side? Zoe
- January 7, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

OTL Extras logfile created on: 07/01/2013 16:32:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CPU\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.27% Memory free 4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.66 Gb Total Space | 17.29 Gb Free Space | 31.07% Space Free | Partition Type: NTFS Drive E: | 54.66 Gb Total Space | 45.24 Gb Free Space | 82.77% Space Free | Partition Type: NTFS Computer Name: CPU-PC | User Name: CPU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{9B2CF56B-2DB9-47F8-87C8-64BB21244419}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{A48C9693-FD01-4C90-ADFA-6500B6AA5C4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DEBCAFF9-23FD-4AD4-A56D-11EA03CB8EC9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028EF371-0265-4A09-AE39-6F7A8F45C05B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{09BC4902-930B-475C-A525-E3E50BDE49E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{0B7CCC31-7406-403E-BD21-7BBCEFDD86F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D8A72DB-0C3D-4C5C-86A5-3C005BED3352}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{1092315C-9F13-454F-AA69-083B775ADEE8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{141C127D-6DFB-4293-94EF-F79A454A9C1F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{1A4F9985-E41D-43B0-B3CD-4A08FA3B5320}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1AF93331-ABFC-42E3-8D80-F1838BB3C1C0}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{218B8FF1-858D-4650-A6EC-0A2EF1D4E1D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{25663858-A6CD-46C1-A10F-4799881240B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{26F3B639-A51B-4F3F-BACB-B8586AE05780}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{3704FF5B-109E-465D-870B-4DE0A5F34FCE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{3BBB84A9-DD9E-49F0-834C-75485E709593}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{4B844881-3DCD-45F9-911F-29EBC03DDDC6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{4C27A6DB-A393-4C15-90F6-76F554ED6380}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{627F93AA-D9A2-4C34-BBAE-EC19A670B820}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | "{68348C8D-39B8-496C-8838-C78BF8A71734}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{AB259BCB-68D2-4C81-8112-234C0B7CC13E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{AF13CAA0-64BA-4EDC-A882-409E497F387C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CA1E8C1C-7F2A-40C5-BB68-311005705199}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{D2D0A65A-554C-4084-A250-D34AA2BD1854}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{D9140913-9E87-49B5-9778-E08D1E9A1C89}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{E5DF7825-A23A-4EB0-9E4D-9319CA5F560F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{E78CEE60-2DB5-4920-9969-FCE7A9D7E6C4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{EE417E97-B345-485C-8990-C2CC2CA6887F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{F2F9E7D8-3E28-4234-BC58-EE3182AE15FD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{1E83B647-3680-44D1-8B5B-CBD5B6085788}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | "TCP Query User{4DD508C9-C7FC-4446-9DB7-DE9EAC4C58F0}C:\program files\spss\paswstat.exe" = protocol=6 | dir=in | app=c:\program files\spss\paswstat.exe | "TCP Query User{72B8521D-71EF-43DE-91D0-B3861A7A523D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{A4149E20-7273-4DC4-8494-BF36EDB794FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CF9FB807-5510-4CBB-A976-C21A00C46056}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{695A9D08-5B19-40B7-8360-EE84012A0F7C}C:\program files\spss\paswstat.exe" = protocol=17 | dir=in | app=c:\program files\spss\paswstat.exe | "UDP Query User{7CCCC0D8-5445-45AF-B69B-D710E16DE210}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{8AB7CB95-6518-4C59-9EB9-6482670E26A4}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{A4088133-037E-4417-91E6-C96843D8A8AE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{CF525121-074D-4E59-9696-0C4F5E8121ED}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "{681002C6-5019-81A2-7871-A43754F71E56}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER "{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0AA6E81-33D6-5A32-B8D9-7BF42B494C77}" = VaudiX "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer "1ClickDownload" = 1ClickDownloader "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 2.0 "BitComet" = BitComet 1.15 "DD202" = DD202 "DivX Setup.divx.com" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OU SPSS data for DD202" = OU SPSS data for DD202 "SP_8187691c" = "Speccy" = Speccy "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOSHIBA Software Modem" = TOSHIBA Software Modem "VaudiX" = "VLC media player" = VLC media player 1.0.1 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinRAR archiver" = WinRAR 4.01 (32-bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 24/05/2011 21:39:39 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:39 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:40 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:40 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:40 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:41 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:41 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:41 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:42 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = Error - 24/05/2011 21:39:42 | Computer Name = CPU-PC | Source = Bonjour Service | ID = 100 Description = [ System Events ] Error - 01/01/2013 16:56:28 | Computer Name = CPU-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.5 for the Network Card with network address 0016441EFB1C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 04/01/2013 19:55:14 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7011 Description = Error - 05/01/2013 15:14:51 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/01/2013 15:14:51 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/01/2013 15:14:51 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 05/01/2013 15:30:17 | Computer Name = CPU-PC | Source = Microsoft Antimalware | ID = 2001 Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3150.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 05/01/2013 15:48:32 | Computer Name = CPU-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.3 for the Network Card with network address 0016441EFB1C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/01/2013 12:17:28 | Computer Name = CPU-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
- January 7, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

OTL report OTL logfile created on: 07/01/2013 16:32:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CPU\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.27% Memory free 4.21 Gb Paging File | 3.14 Gb Available in Paging File | 74.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55.66 Gb Total Space | 17.29 Gb Free Space | 31.07% Space Free | Partition Type: NTFS Drive E: | 54.66 Gb Total Space | 45.24 Gb Free Space | 82.77% Space Free | Partition Type: NTFS Computer Name: CPU-PC | User Name: CPU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\CPU\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\ProgramData\Premium\VaudiX\VaudiX.exe () PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - c:\Program Files\VaudiX\sprotector.dll () MOD - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (ew_usbenumfilter) -- system32\DRIVERS\ew_usbenumfilter.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (BTWUSB) -- System32\Drivers\btwusb.sys File not found DRV - (BTWDNDIS) -- system32\DRIVERS\btwdndis.sys File not found DRV - (BTKRNL) -- system32\DRIVERS\btkrnl.sys File not found DRV - (BTDriver) -- system32\DRIVERS\btport.sys File not found DRV - (btaudio) -- system32\drivers\btaudio.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (snpstd) -- C:\Windows\System32\drivers\snpstd.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2CB06194-D376-4740-A5D9-114863B20950}&mid=002148ed3da16a936c6550bc9cbeb2d2-875789a875fa9b84748438c1f6c377b73c6872c7&lang=us&ds=AVG&pr=fr&d=2011-12-05 11:13:31&v=12.2.5.32&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{D96EB0C2-F2EA-4463-89AC-2ABF5099D00A}: "URL" = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultenginename,S: S", "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.1,S: S", "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.selectedEngine,S: S", "" FF - prefs.js..browser.startup.homepage: "bbc.co.uk/news" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - prefs.js..keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 08:57:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{902B92A4-1D6F-49E1-B455-BF015611F40E}: C:\Users\CPU\AppData\Local\{902B92A4-1D6F-49E1-B455-BF015611F40E} [2010/10/27 23:36:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/15 08:57:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/05 18:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Extensions [2012/07/02 00:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2012/07/02 00:18:42 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com [2012/11/24 02:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions [2012/11/08 08:16:16 | 000,000,000 | ---D | M] (Vaudix) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions\509b6907adaf9@509b6907adb32.com [2012/11/24 02:45:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\CPU\AppData\Roaming\Mozilla\Firefox\Profiles\n2v44rro.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/27 03:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/15 08:57:48 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/08/25 02:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/12 05:17:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Vaudix Class) - {2373DCCA-3CBF-6F56-E670-73A03640A780} - C:\ProgramData\Vaudix\509b6907adc88.ocx () O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe () O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429736A6-96EC-4A29-AAEC-464D05281BBB}: DhcpNameServer = 192.168.250.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4B98F0-C88D-44A7-B50A-F2E1524A64BF}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~1\vaudix\sprote~1.dll) - c:\Program Files\VaudiX\sprotector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\CPU\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\CPU\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\Shell - "" = AutoRun O33 - MountPoints2\{8bf0c75f-0ae3-11e1-a9b6-001d60f3d03e}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9e8d28a7-f67f-11de-b2ee-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1 O33 - MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\Shell - "" = AutoRun O33 - MountPoints2\{b892d43c-ff66-11e0-971c-001d60f3d03e}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\Shell - "" = AutoRun O33 - MountPoints2\{b892d55a-ff66-11e0-971c-001e101f4da1}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/06 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\CPU\AppData\Roaming\Malwarebytes [2013/01/06 23:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/06 23:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/06 23:55:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/01/06 23:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/05 02:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/05 01:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2012/12/21 03:02:53 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/21 03:02:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/13 03:46:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/12/13 03:46:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/12/13 03:46:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/12/13 03:46:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/12/13 03:46:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/12/13 03:46:17 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/12/13 03:46:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/12/13 03:45:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/12/12 07:02:38 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/12/12 07:02:18 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012/12/12 07:02:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2012/12/12 07:01:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2 C:\Users\CPU\Desktop\*.tmp files -> C:\Users\CPU\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/07 17:09:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6BFDBFA-AA81-4D3E-85FE-53A5053AF420}.job [2013/01/07 16:25:39 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/07 16:25:39 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/07 16:17:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/07 16:17:32 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/07 16:16:47 | 000,000,366 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{F37B798E-3E73-4807-B2F2-F1CF966D338E}.job [2013/01/07 16:16:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/06 23:57:32 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 11:24:37 | 000,399,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/16 13:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/16 10:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2 C:\Users\CPU\Desktop\*.tmp files -> C:\Users\CPU\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/06 23:57:32 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/30 04:35:45 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2012/05/30 04:35:43 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010/11/11 09:04:50 | 000,000,680 | ---- | C] () -- C:\Users\CPU\AppData\Local\d3d9caps.dat [2010/10/27 23:46:58 | 000,000,006 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\start [2010/10/27 23:45:46 | 000,000,006 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\completescan [2010/10/27 23:36:31 | 000,000,010 | ---- | C] () -- C:\Users\CPU\AppData\Roaming\install [2010/05/09 23:30:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/11/17 07:33:58 | 000,166,400 | ---- | C] () -- C:\Users\CPU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/07/04 22:13:48 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\Audacity [2010/12/06 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\AVG10 [2011/11/17 17:21:59 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\BITRIX SECURITY [2011/10/26 00:24:18 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\Camfrog [2012/03/05 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\Elluminate [2009/10/29 17:01:22 | 000,000,000 | ---D | M] -- C:\Users\CPU\AppData\Roaming\Toshiba ========== Purity Check ========== < End of report >
- January 7, 2013
- 18 replies
Possible infection

tunna replied to tunna's topic in Tech Support & Discussions Forum

MBAM log Hi guys, Thanks for replying so quickly and sorry I didn't read that thread first! I've now ran MBAM and removed the items it found. So here's the log: Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 CPU :: CPU-PC [administrator] 07/01/2013 00:22:29 mbam-log-2013-01-07 (00-22-29).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 315467 Time elapsed: 6 hour(s), 49 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DsyHYAa_ (Adware.AdRotator) -> Quarantined and deleted successfully. HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{694b45fd-041f-ebb6-dd45-b19dbd17f23d} (Adware.AdRotator) -> Quarantined and deleted successfully. HKCR\CLSID\{694b45fd-041f-ebb6-dd45-b19dbd17f23d} (Adware.AdRotator) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{694B45FD-041F-EBB6-DD45-B19DBD17F23D} (Adware.AdRotator) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{694B45FD-041F-EBB6-DD45-B19DBD17F23D} (Adware.AdRotator) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://flvdirect.iamwired.net/) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\System32\DsyHYAa_.exe (Adware.AdRotator) -> Quarantined and deleted successfully. C:\Users\CPU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully. (end) I'm still getting the same problem with certain words turning into links for ads. I'm not sure how or when I got infected, I don't normally get these types of things. Just waiting for OTL to finish running now :) Thanks for the help again! Zoe
- January 7, 2013
- 18 replies
Possible infection

tunna posted a topic in Tech Support & Discussions Forum

Hi guys, it's me again! I hope everyone has had a great Christmas and New Year :) I think I've been infected by some sort of spyware? I've ran a scan and they've found and removed everything but the issue still hasn't gone away. Basically, I've recently discovered that when pages load, certain words are highlighted and when you hover your mouse over them, an ad appears (not in a new tab or window, just a small panel that disappears when you move your mouse away). I'm not sure if this is normal or not but it's never happened to me. Does anyone have any pointers?
- January 6, 2013
- 18 replies
Slow wireless internet

tunna replied to tunna's topic in Tech Support & Discussions Forum

I seemed to have got it wrong! We only have 20MB broadband and it's unlimited. We only have a netgear modem which is attached to the wall, there's no filter or any other box. The internet is driving me insane tonight! >.<
- October 8, 2012
- 9 replies

Sign In

tunna

Posts

Joined

Last visited

Tech Info

tunna's Achievements

Newbie (1/14)

Reputation

cgGL.dll missing?

best antivirus software

best antivirus software

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Possible infection

Slow wireless internet

Browse

Activity

Site Info