Cannot install Malwarebytes in safe mode -- XP

Inactive
By SlowDownHill
Apr 10, 2012
  1. Hi, my Toshiba Tecra M5 laptop is playing up; recently installed McAfee Enterprise after Sophos ran out (which didn't discover the Met Police virus). Ran ME and found 14 trojans (mainly Exploit types) and deleted these. I've run Stinger and found nothing; but I can only install MalBytes after ignoring a Code 5 error (cannot rename file) and skipping that step which is not recommended. Will Malwarebytes work properly in this mode? If I start SafeMode it cycles through and only presents the option to start in normal mode - cannot start with Command Prompt, Network or other option.

    Questions:
    1) is it better to insert the Toshiba Restore Default disk rather than try to eliminate any virus/trojan? - I use the laptop for online purchases/email. By doing this will it remove all traces of the problem/virus/trojan?

    2) Or is it safe to remove virus/trojan (if possible) and how? Everytime I try to run Rkill or Gmer it crashes or refuses to recognise it?

    As a new member I hopefully haven't broken any rules?

    Grateful for suggestions
    Regards
    SlowDownHill
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    1. It depends on the infection. If you're infected with a rootkit using restoration disk won't help as in that case hard drive has to be formatted. Restoration disk won't format the drive.

    2. Complete as many steps as you can.
  3. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Results from 5 steps!

    Hi,
    I tried going through the 5 steps; managed to get Malwarebytes installed but only after ignoring the Code 5 error; it didn't display 'show reults' but the log is posted below:
    =================================================================
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.10.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    user :: YOUR-EDBA3D365E [administrator]

    10/04/2012 23:47:36
    mbam-log-2012-04-10 (23-47-36).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208907
    Time elapsed: 3 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    =================================================================
    Turned off McAfee and Firewall for both GMER and DSS;

    GMER caused my PC to blue screen twice; Windows error code is below:
    =================================================================
    Error signature:

    BCCode : 19 BCP1 : 00000020 BCP2 : 88ED8410 BCP3 : 88ED8C38
    BCP4 : 1B050004 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

    Technical Information:
    C:\DOCUME~1\user\LOCALS~1\Temp\WERd29f.dir00\Mini041112-01.dmp
    C:\DOCUME~1\user\LOCALS~1\Temp\WERd29f.dir00\sysdata.xml
    =================================================================
    I tried to run DDS; it loaded and ran a line of script (?) then froze as did my PC.
    Had to kill PC via on/off button but re-started okay - still cannot access safe mode.

    I'm starting to think a complete reformat is needed - but if so would I still be able to use the recovery disk to access the Toshiba software for this laptop?

    I still have the disks for XP os and Office.
    Cheers

    SlowDownHill.
  4. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    What about DDS logs?
  5. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    DDS still won't run

    Hi Broni,

    I've re-run the DDS file with the network, Firewall and McAfee anti-virus switched off and left it for well over 5 minutes. It did the same as last time, started running and placed a single line of characters then stopped. I waited for the logs to appear as suggested in the opening screen but nothing happened. The only way I could get the cursor back was again to use the on/off button and kill the machine.

    I'm begining to think the only way is to completely re-formatted the machine - which would provide peace of mind I guess. If I re-format the H/D what do I need to re-install Win XP or 7 - a bootable file presumably - its been some years since I last did this!
    Cheers
    SDH
  6. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Kaspersky - TDSS report

    Hi, This worked and reported nothing found; report is as below:

    09:10:09.0890 2584 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    09:10:10.0062 2584 ============================================================
    09:10:10.0062 2584 Current date / time: 2012/04/13 09:10:10.0062
    09:10:10.0062 2584 SystemInfo:
    09:10:10.0062 2584
    09:10:10.0062 2584 OS Version: 5.1.2600 ServicePack: 3.0
    09:10:10.0062 2584 Product type: Workstation
    09:10:10.0062 2584 ComputerName: YOUR-EDBA3D365E
    09:10:10.0062 2584 UserName: user
    09:10:10.0062 2584 Windows directory: C:\WINDOWS
    09:10:10.0062 2584 System windows directory: C:\WINDOWS
    09:10:10.0062 2584 Processor architecture: Intel x86
    09:10:10.0062 2584 Number of processors: 1
    09:10:10.0062 2584 Page size: 0x1000
    09:10:10.0062 2584 Boot type: Normal boot
    09:10:10.0062 2584 ============================================================
    09:10:11.0750 2584 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:10:11.0765 2584 \Device\Harddisk0\DR0:
    09:10:11.0765 2584 MBR used
    09:10:11.0765 2584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
    09:10:12.0171 2584 Initialize success
    09:10:12.0171 2584 ============================================================
    09:10:15.0656 4896 ============================================================
    09:10:15.0656 4896 Scan started
    09:10:15.0656 4896 Mode: Manual;
    09:10:15.0656 4896 ============================================================
    09:10:16.0593 4896 Abiosdsk - ok
    09:10:16.0625 4896 abp480n5 - ok
    09:10:16.0671 4896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:10:16.0671 4896 ACPI - ok
    09:10:16.0703 4896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:10:16.0703 4896 ACPIEC - ok
    09:10:16.0843 4896 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    09:10:16.0843 4896 AdobeFlashPlayerUpdateSvc - ok
    09:10:16.0875 4896 adpu160m - ok
    09:10:16.0906 4896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    09:10:16.0906 4896 aec - ok
    09:10:17.0046 4896 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    09:10:17.0046 4896 AegisP - ok
    09:10:17.0093 4896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    09:10:17.0093 4896 AFD - ok
    09:10:17.0171 4896 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    09:10:17.0203 4896 AgereSoftModem - ok
    09:10:17.0312 4896 Aha154x - ok
    09:10:17.0343 4896 aic78u2 - ok
    09:10:17.0359 4896 aic78xx - ok
    09:10:17.0406 4896 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    09:10:17.0406 4896 Alerter - ok
    09:10:17.0453 4896 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    09:10:17.0453 4896 ALG - ok
    09:10:17.0468 4896 AliIde - ok
    09:10:17.0484 4896 amsint - ok
    09:10:17.0515 4896 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    09:10:17.0515 4896 ApfiltrService - ok
    09:10:17.0609 4896 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    09:10:17.0609 4896 AppMgmt - ok
    09:10:17.0671 4896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    09:10:17.0671 4896 Arp1394 - ok
    09:10:17.0796 4896 asc - ok
    09:10:17.0828 4896 asc3350p - ok
    09:10:17.0843 4896 asc3550 - ok
    09:10:18.0015 4896 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    09:10:18.0062 4896 aspnet_state - ok
    09:10:18.0203 4896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:10:18.0203 4896 AsyncMac - ok
    09:10:18.0234 4896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:10:18.0234 4896 atapi - ok
    09:10:18.0265 4896 Atdisk - ok
    09:10:18.0296 4896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:10:18.0296 4896 Atmarpc - ok
    09:10:18.0343 4896 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    09:10:18.0343 4896 AudioSrv - ok
    09:10:18.0375 4896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:10:18.0375 4896 audstub - ok
    09:10:18.0406 4896 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
    09:10:18.0406 4896 BANTExt - ok
    09:10:18.0562 4896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    09:10:18.0562 4896 Beep - ok
    09:10:18.0609 4896 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    09:10:18.0781 4896 BITS - ok
    09:10:18.0906 4896 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    09:10:18.0921 4896 Browser - ok
    09:10:18.0968 4896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:10:18.0968 4896 cbidf2k - ok
    09:10:18.0984 4896 cd20xrnt - ok
    09:10:19.0015 4896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:10:19.0015 4896 Cdaudio - ok
    09:10:19.0062 4896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    09:10:19.0062 4896 Cdfs - ok
    09:10:19.0109 4896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:10:19.0109 4896 Cdrom - ok
    09:10:19.0203 4896 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    09:10:19.0203 4896 CFSvcs - ok
    09:10:19.0328 4896 Changer - ok
    09:10:19.0359 4896 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    09:10:19.0359 4896 CiSvc - ok
    09:10:19.0390 4896 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    09:10:19.0390 4896 ClipSrv - ok
    09:10:19.0500 4896 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    09:10:19.0593 4896 clr_optimization_v2.0.50727_32 - ok
    09:10:19.0796 4896 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    09:10:19.0796 4896 CmBatt - ok
    09:10:19.0812 4896 CmdIde - ok
    09:10:19.0859 4896 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    09:10:19.0859 4896 Compbatt - ok
    09:10:19.0875 4896 COMSysApp - ok
    09:10:19.0906 4896 Cpqarray - ok
    09:10:19.0953 4896 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    09:10:19.0953 4896 CryptSvc - ok
    09:10:20.0000 4896 cusrvc (b9cd0af2587bd36b480465a66b566124) C:\WINDOWS\system32\cusrvc.exe
    09:10:20.0000 4896 cusrvc - ok
    09:10:20.0015 4896 dac2w2k - ok
    09:10:20.0046 4896 dac960nt - ok
    09:10:20.0093 4896 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    09:10:20.0109 4896 DcomLaunch - ok
    09:10:20.0218 4896 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    09:10:20.0218 4896 Dhcp - ok
    09:10:20.0296 4896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    09:10:20.0296 4896 Disk - ok
    09:10:20.0328 4896 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    09:10:20.0328 4896 DLABOIOM - ok
    09:10:20.0359 4896 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    09:10:20.0359 4896 DLACDBHM - ok
    09:10:20.0406 4896 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
    09:10:20.0406 4896 DLADResN - ok
    09:10:20.0437 4896 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    09:10:20.0437 4896 DLAIFS_M - ok
    09:10:20.0468 4896 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    09:10:20.0500 4896 DLAOPIOM - ok
    09:10:20.0906 4896 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    09:10:20.0906 4896 DLAPoolM - ok
    09:10:20.0921 4896 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    09:10:20.0937 4896 DLARTL_N - ok
    09:10:20.0984 4896 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    09:10:20.0984 4896 DLAUDFAM - ok
    09:10:21.0015 4896 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    09:10:21.0015 4896 DLAUDF_M - ok
    09:10:21.0031 4896 dmadmin - ok
    09:10:21.0125 4896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    09:10:21.0140 4896 dmboot - ok
    09:10:21.0250 4896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    09:10:21.0250 4896 dmio - ok
    09:10:21.0296 4896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    09:10:21.0296 4896 dmload - ok
    09:10:21.0343 4896 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    09:10:21.0359 4896 dmserver - ok
    09:10:21.0421 4896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    09:10:21.0421 4896 DMusic - ok
    09:10:21.0468 4896 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    09:10:21.0468 4896 Dnscache - ok
    09:10:21.0593 4896 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    09:10:21.0593 4896 Dot3svc - ok
    09:10:21.0625 4896 dpti2o - ok
    09:10:21.0656 4896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    09:10:21.0656 4896 drmkaud - ok
    09:10:21.0703 4896 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    09:10:21.0703 4896 DRVMCDB - ok
    09:10:21.0796 4896 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    09:10:21.0796 4896 DRVNDDM - ok
    09:10:21.0843 4896 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    09:10:21.0843 4896 e1express - ok
    09:10:21.0968 4896 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    09:10:21.0968 4896 EapHost - ok
    09:10:22.0015 4896 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    09:10:22.0015 4896 ERSvc - ok
    09:10:22.0046 4896 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    09:10:22.0046 4896 Eventlog - ok
    09:10:22.0109 4896 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    09:10:22.0109 4896 EventSystem - ok
    09:10:22.0218 4896 EvtEng (56ded3ade453272e6a0ad582d945d1a4) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    09:10:22.0218 4896 EvtEng - ok
    09:10:22.0375 4896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    09:10:22.0375 4896 Fastfat - ok
    09:10:22.0437 4896 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    09:10:22.0453 4896 FastUserSwitchingCompatibility - ok
    09:10:22.0484 4896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    09:10:22.0484 4896 Fdc - ok
    09:10:22.0578 4896 FdRedir (33353a0f2f29daaf862cf1ffdec9b00e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    09:10:22.0578 4896 FdRedir - ok
    09:10:22.0593 4896 FileDisk2 (cfdaa412167a87093a00d330e373f5db) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    09:10:22.0593 4896 FileDisk2 - ok
    09:10:22.0796 4896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    09:10:22.0796 4896 Fips - ok
    09:10:22.0859 4896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    09:10:22.0859 4896 Flpydisk - ok
    09:10:22.0890 4896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    09:10:22.0906 4896 FltMgr - ok
    09:10:23.0015 4896 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    09:10:23.0015 4896 FontCache3.0.0.0 - ok
    09:10:23.0109 4896 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    09:10:23.0109 4896 FsUsbExDisk - ok
    09:10:23.0156 4896 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\WINDOWS\system32\FsUsbExService.Exe
    09:10:23.0171 4896 FsUsbExService - ok
    09:10:23.0218 4896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:10:23.0218 4896 Fs_Rec - ok
    09:10:23.0265 4896 FTD2XX (07a83a2e070357075c2056810c67c9e4) C:\WINDOWS\system32\Drivers\FTD2XX.sys
    09:10:23.0265 4896 FTD2XX - ok
    09:10:23.0312 4896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:10:23.0312 4896 Ftdisk - ok
    09:10:23.0343 4896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:10:23.0359 4896 Gpc - ok
    09:10:23.0484 4896 gupdate1c9df0e91b80624 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    09:10:23.0484 4896 gupdate1c9df0e91b80624 - ok
    09:10:23.0484 4896 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    09:10:23.0500 4896 gupdatem - ok
    09:10:23.0531 4896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    09:10:23.0531 4896 gusvc - ok
    09:10:23.0687 4896 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
    09:10:23.0703 4896 Hardlock - ok
    09:10:23.0796 4896 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
    09:10:23.0796 4896 Haspnt - ok
    09:10:23.0843 4896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    09:10:23.0859 4896 HDAudBus - ok
    09:10:23.0937 4896 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    09:10:23.0953 4896 helpsvc - ok
    09:10:24.0000 4896 HidServ - ok
    09:10:24.0078 4896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:10:24.0078 4896 HidUsb - ok
    09:10:24.0125 4896 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    09:10:24.0125 4896 hkmsvc - ok
    09:10:24.0218 4896 hpdj - ok
    09:10:24.0281 4896 hpn - ok
    09:10:24.0343 4896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    09:10:24.0343 4896 HTTP - ok
    09:10:24.0421 4896 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    09:10:24.0453 4896 HTTPFilter - ok
    09:10:24.0500 4896 i2omgmt - ok
    09:10:24.0515 4896 i2omp - ok
    09:10:24.0562 4896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:10:24.0562 4896 i8042prt - ok
    09:10:24.0687 4896 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    09:10:24.0718 4896 ialm - ok
    09:10:24.0859 4896 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    09:10:24.0859 4896 IDriverT - ok
    09:10:24.0984 4896 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    09:10:25.0000 4896 idsvc - ok
    09:10:25.0140 4896 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    09:10:25.0140 4896 IFXTPM - ok
    09:10:25.0187 4896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:10:25.0187 4896 Imapi - ok
    09:10:25.0234 4896 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    09:10:25.0234 4896 ImapiService - ok
    09:10:25.0265 4896 ini910u - ok
    09:10:25.0296 4896 IntelIde - ok
    09:10:25.0328 4896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:10:25.0328 4896 intelppm - ok
    09:10:25.0375 4896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    09:10:25.0375 4896 Ip6Fw - ok
    09:10:25.0562 4896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    09:10:25.0562 4896 IpFilterDriver - ok
    09:10:25.0687 4896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:10:25.0687 4896 IpInIp - ok
    09:10:25.0718 4896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:10:25.0734 4896 IpNat - ok
    09:10:25.0796 4896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:10:25.0796 4896 IPSec - ok
    09:10:25.0828 4896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:10:25.0828 4896 IRENUM - ok
    09:10:25.0875 4896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:10:25.0875 4896 isapnp - ok
    09:10:25.0890 4896 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    09:10:25.0906 4896 Iviaspi - ok
    09:10:25.0953 4896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:10:25.0953 4896 Kbdclass - ok
    09:10:25.0984 4896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    09:10:25.0984 4896 kbdhid - ok
    09:10:26.0109 4896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    09:10:26.0109 4896 kmixer - ok
    09:10:26.0171 4896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    09:10:26.0171 4896 KSecDD - ok
    09:10:26.0218 4896 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    09:10:26.0218 4896 lanmanserver - ok
    09:10:26.0281 4896 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    09:10:26.0312 4896 lanmanworkstation - ok
    09:10:26.0437 4896 lbrtfdc - ok
    09:10:26.0484 4896 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    09:10:26.0484 4896 LmHosts - ok
    09:10:26.0640 4896 McAfeeFramework (062d80f13d762f7bc2f38430d60f5048) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    09:10:26.0640 4896 McAfeeFramework - ok
    09:10:26.0765 4896 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    09:10:26.0765 4896 McComponentHostService - ok
    09:10:26.0921 4896 McShield (50182e471b44c7a0f63b46e2def08b0f) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    09:10:26.0921 4896 McShield - ok
    09:10:27.0125 4896 McTaskManager (b15bb3aef59158b4e1dda5328c842713) C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    09:10:27.0125 4896 McTaskManager - ok
    09:10:27.0203 4896 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    09:10:27.0203 4896 MDM - ok
    09:10:27.0328 4896 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    09:10:27.0328 4896 Messenger - ok
    09:10:27.0437 4896 mfeapfk (c0d975d64c1af8057f2d75b1297a6979) C:\WINDOWS\system32\drivers\mfeapfk.sys
    09:10:27.0437 4896 mfeapfk - ok
    09:10:27.0484 4896 mfeavfk (c169326049a8a03d5f905b34f5a65f8c) C:\WINDOWS\system32\drivers\mfeavfk.sys
    09:10:27.0484 4896 mfeavfk - ok
    09:10:27.0500 4896 mfeavfk01 - ok
    09:10:27.0531 4896 mfebopk (50b0253b2484a306a20d8695c5ae5858) C:\WINDOWS\system32\drivers\mfebopk.sys
    09:10:27.0531 4896 mfebopk - ok
    09:10:27.0609 4896 mfehidk (37800fbb68d88e3c3e49bb9c97233e87) C:\WINDOWS\system32\drivers\mfehidk.sys
    09:10:27.0625 4896 mfehidk - ok
    09:10:27.0796 4896 mferkdet (47c91e229b129047f0138011ddf9f92f) C:\WINDOWS\system32\drivers\mferkdet.sys
    09:10:27.0796 4896 mferkdet - ok
    09:10:27.0859 4896 mfetdi2k (97ef4ca122ddda4781ff557e65dfb262) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    09:10:27.0859 4896 mfetdi2k - ok
    09:10:27.0890 4896 mfevtp (9f09caa8dc12fc1626f82a5c212f6f9c) C:\WINDOWS\system32\mfevtps.exe
    09:10:27.0890 4896 mfevtp - ok
    09:10:28.0234 4896 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    09:10:28.0250 4896 Microsoft Office Groove Audit Service - ok
    09:10:28.0390 4896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    09:10:28.0390 4896 mnmdd - ok
    09:10:28.0453 4896 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    09:10:28.0453 4896 mnmsrvc - ok
    09:10:28.0500 4896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    09:10:28.0500 4896 Modem - ok
    09:10:28.0515 4896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:10:28.0515 4896 Mouclass - ok
    09:10:28.0562 4896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:10:28.0562 4896 mouhid - ok
    09:10:28.0625 4896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    09:10:28.0625 4896 MountMgr - ok
    09:10:28.0734 4896 mraid35x - ok
    09:10:28.0812 4896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:10:28.0812 4896 MRxDAV - ok
    09:10:28.0890 4896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:10:28.0890 4896 MRxSmb - ok
    09:10:28.0937 4896 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    09:10:28.0937 4896 MSDTC - ok
    09:10:28.0984 4896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    09:10:28.0984 4896 Msfs - ok
    09:10:29.0078 4896 MSIServer - ok
    09:10:29.0125 4896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:10:29.0140 4896 MSKSSRV - ok
    09:10:29.0156 4896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:10:29.0171 4896 MSPCLOCK - ok
    09:10:29.0187 4896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    09:10:29.0187 4896 MSPQM - ok
    09:10:29.0218 4896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:10:29.0218 4896 mssmbios - ok
    09:10:29.0265 4896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    09:10:29.0265 4896 Mup - ok
    09:10:29.0328 4896 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    09:10:29.0343 4896 napagent - ok
    09:10:29.0484 4896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    09:10:29.0500 4896 NDIS - ok
    09:10:29.0546 4896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:10:29.0546 4896 NdisTapi - ok
    09:10:29.0578 4896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:10:29.0578 4896 Ndisuio - ok
    09:10:29.0609 4896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:10:29.0609 4896 NdisWan - ok
    09:10:29.0656 4896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    09:10:29.0656 4896 NDProxy - ok
    09:10:29.0812 4896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:10:29.0812 4896 NetBIOS - ok
    09:10:29.0890 4896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:10:29.0890 4896 NetBT - ok
    09:10:29.0937 4896 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    09:10:29.0937 4896 NetDDE - ok
    09:10:29.0953 4896 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    09:10:29.0953 4896 NetDDEdsdm - ok
    09:10:29.0984 4896 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    09:10:30.0000 4896 Netdevio - ok
    09:10:30.0015 4896 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    09:10:30.0015 4896 Netlogon - ok
    09:10:30.0062 4896 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    09:10:30.0062 4896 Netman - ok
    09:10:30.0187 4896 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    09:10:30.0187 4896 NetTcpPortSharing - ok
    09:10:30.0328 4896 NetwareWorkstation (47775e88ee6bdea803bb0edcb6612e4f) C:\WINDOWS\system32\NetWare\nwfs.sys
    09:10:30.0343 4896 NetwareWorkstation - ok
    09:10:30.0421 4896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    09:10:30.0421 4896 NIC1394 - ok
    09:10:30.0500 4896 NICM (c501404558ea82e8a875de6331f0748d) C:\WINDOWS\system32\drivers\nicm.sys
    09:10:30.0500 4896 NICM - ok
    09:10:30.0562 4896 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    09:10:30.0562 4896 Nla - ok
    09:10:30.0625 4896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    09:10:30.0625 4896 Npfs - ok
    09:10:30.0703 4896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    09:10:30.0718 4896 Ntfs - ok
    09:10:30.0796 4896 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    09:10:30.0796 4896 NtLmSsp - ok
    09:10:30.0906 4896 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    09:10:30.0921 4896 NtmsSvc - ok
    09:10:31.0046 4896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    09:10:31.0046 4896 Null - ok
    09:10:31.0109 4896 NWDHCP (a4b071419e0ea596ffb3da89c1f04e61) C:\WINDOWS\system32\NetWare\nwdhcp.sys
    09:10:31.0109 4896 NWDHCP - ok
    09:10:31.0171 4896 NWDNS (5fe8761fe5fa3761f778fb8d7c0a6763) C:\WINDOWS\system32\NetWare\nwdns.sys
    09:10:31.0171 4896 NWDNS - ok
    09:10:31.0218 4896 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys
    09:10:31.0218 4896 NWHOST - ok
    09:10:31.0250 4896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:10:31.0250 4896 NwlnkFlt - ok
    09:10:31.0296 4896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:10:31.0296 4896 NwlnkFwd - ok
    09:10:31.0359 4896 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
    09:10:31.0359 4896 NWSAP - ok
    09:10:31.0406 4896 NWSIPX32 (0c19ea7bf54f23ef37d8a14c61f64891) C:\WINDOWS\system32\NetWare\nwsipx32.sys
    09:10:31.0406 4896 NWSIPX32 - ok
    09:10:31.0453 4896 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys
    09:10:31.0453 4896 NWSLP - ok
    09:10:31.0484 4896 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys
    09:10:31.0500 4896 NWSNS - ok
    09:10:31.0687 4896 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    09:10:31.0703 4896 odserv - ok
    09:10:31.0859 4896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    09:10:31.0859 4896 ohci1394 - ok
    09:10:32.0062 4896 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:10:32.0062 4896 ose - ok
    09:10:32.0125 4896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    09:10:32.0125 4896 Parport - ok
    09:10:32.0265 4896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    09:10:32.0265 4896 PartMgr - ok
    09:10:32.0312 4896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    09:10:32.0312 4896 ParVdm - ok
    09:10:32.0375 4896 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    09:10:32.0375 4896 pccsmcfd - ok
    09:10:32.0421 4896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    09:10:32.0421 4896 PCI - ok
    09:10:32.0468 4896 PCIDump - ok
    09:10:32.0500 4896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:10:32.0500 4896 PCIIde - ok
    09:10:32.0640 4896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    09:10:32.0656 4896 Pcmcia - ok
    09:10:32.0671 4896 PDCOMP - ok
    09:10:32.0687 4896 PDFRAME - ok
    09:10:32.0718 4896 PDRELI - ok
    09:10:32.0750 4896 PDRFRAME - ok
    09:10:32.0765 4896 perc2 - ok
    09:10:32.0796 4896 perc2hib - ok
    09:10:32.0890 4896 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    09:10:32.0890 4896 Pfc - ok
    09:10:32.0953 4896 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    09:10:32.0953 4896 PlugPlay - ok
    09:10:33.0031 4896 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    09:10:33.0031 4896 PolicyAgent - ok
    09:10:33.0140 4896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:10:33.0156 4896 PptpMiniport - ok
    09:10:33.0171 4896 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    09:10:33.0171 4896 ProtectedStorage - ok
    09:10:33.0218 4896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    09:10:33.0218 4896 PSched - ok
    09:10:33.0265 4896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:10:33.0265 4896 Ptilink - ok
    09:10:33.0296 4896 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    09:10:33.0296 4896 PxHelp20 - ok
    09:10:33.0328 4896 ql1080 - ok
    09:10:33.0359 4896 Ql10wnt - ok
    09:10:33.0375 4896 ql12160 - ok
    09:10:33.0390 4896 ql1240 - ok
    09:10:33.0421 4896 ql1280 - ok
    09:10:33.0453 4896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:10:33.0453 4896 RasAcd - ok
    09:10:33.0484 4896 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    09:10:33.0484 4896 RasAuto - ok
    09:10:33.0625 4896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:10:33.0625 4896 Rasl2tp - ok
    09:10:33.0687 4896 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    09:10:33.0687 4896 RasMan - ok
    09:10:33.0718 4896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:10:33.0734 4896 RasPppoe - ok
    09:10:33.0812 4896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:10:33.0812 4896 Raspti - ok
    09:10:33.0875 4896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:10:33.0875 4896 Rdbss - ok
    09:10:34.0015 4896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:10:34.0015 4896 RDPCDD - ok
    09:10:34.0078 4896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:10:34.0078 4896 rdpdr - ok
    09:10:34.0140 4896 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    09:10:34.0140 4896 RDPWD - ok
    09:10:34.0187 4896 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    09:10:34.0187 4896 RDSessMgr - ok
    09:10:34.0265 4896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:10:34.0265 4896 redbook - ok
    09:10:34.0390 4896 RegSrvc (1b2857ef12d79a9f9adba14b0637cbf8) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    09:10:34.0390 4896 RegSrvc - ok
    09:10:34.0468 4896 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    09:10:34.0484 4896 RemoteAccess - ok
    09:10:34.0562 4896 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    09:10:34.0562 4896 RemoteRegistry - ok
    09:10:34.0687 4896 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys
    09:10:34.0687 4896 RESMGR - ok
    09:10:34.0859 4896 RichVideo (b216b03852df788c7e2afdf6c6e8a9b0) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    09:10:34.0875 4896 RichVideo - ok
    09:10:34.0984 4896 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    09:10:34.0984 4896 RpcLocator - ok
    09:10:35.0078 4896 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    09:10:35.0078 4896 RpcSs - ok
    09:10:35.0125 4896 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    09:10:35.0125 4896 RSVP - ok
    09:10:35.0453 4896 S24EventMonitor (6c5155cc0e805c7be6028bff7ac14524) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    09:10:35.0468 4896 S24EventMonitor - ok
    09:10:35.0718 4896 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    09:10:35.0718 4896 s24trans - ok
    09:10:35.0812 4896 SafDskNT (b002949486a5186471803e4ddfa42502) C:\WINDOWS\system32\drivers\SAFDSKNT.SYS
    09:10:35.0828 4896 SafDskNT - ok
    09:10:35.0859 4896 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    09:10:35.0859 4896 SamSs - ok
    09:10:35.0906 4896 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    09:10:35.0921 4896 SCardSvr - ok
    09:10:35.0968 4896 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    09:10:35.0968 4896 Schedule - ok
    09:10:36.0125 4896 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    09:10:36.0125 4896 sdbus - ok
    09:10:36.0171 4896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:10:36.0171 4896 Secdrv - ok
    09:10:36.0203 4896 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    09:10:36.0203 4896 seclogon - ok
    09:10:36.0234 4896 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    09:10:36.0234 4896 SENS - ok
    09:10:36.0296 4896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:10:36.0296 4896 serenum - ok
    09:10:36.0328 4896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    09:10:36.0328 4896 Serial - ok
    09:10:36.0453 4896 ServiceLayer (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    09:10:36.0468 4896 ServiceLayer - ok
    09:10:36.0640 4896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:10:36.0640 4896 Sfloppy - ok
    09:10:36.0718 4896 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    09:10:36.0718 4896 SharedAccess - ok
    09:10:36.0781 4896 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    09:10:36.0796 4896 ShellHWDetection - ok
    09:10:36.0812 4896 Simbad - ok
    09:10:37.0203 4896 SMART Board Service (92190d70c94f705482aa945347c91c2b) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    09:10:37.0250 4896 SMART Board Service - ok
    09:10:37.0328 4896 SMART Display Controller - ok
    09:10:37.0484 4896 SMART SNMP Agent Service (de7cdaa210a537a7726a10b428daa150) C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
    09:10:37.0515 4896 SMART SNMP Agent Service - ok
    09:10:37.0562 4896 smihlp (1f10f9ae28ba69b465247d7b993cdb2b) C:\Program Files\Protector Suite QL\smihlp.sys
    09:10:37.0562 4896 smihlp - ok
    09:10:37.0671 4896 Sparrow - ok
    09:10:37.0718 4896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    09:10:37.0734 4896 splitter - ok
    09:10:37.0812 4896 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    09:10:37.0828 4896 Spooler - ok
    09:10:37.0875 4896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    09:10:37.0875 4896 sr - ok
    09:10:37.0921 4896 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    09:10:37.0921 4896 srservice - ok
    09:10:37.0984 4896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    09:10:37.0984 4896 Srv - ok
    09:10:38.0140 4896 SRVLOC (21d0242d37ab7b275261ed030adaaad5) C:\WINDOWS\system32\NetWare\srvloc.sys
    09:10:38.0140 4896 SRVLOC - ok
    09:10:38.0187 4896 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    09:10:38.0203 4896 SSDPSRV - ok
    09:10:38.0281 4896 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
    09:10:38.0281 4896 ss_bus - ok
    09:10:38.0328 4896 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
    09:10:38.0328 4896 ss_mdfl - ok
    09:10:38.0468 4896 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
    09:10:38.0468 4896 ss_mdm - ok
    09:10:38.0562 4896 STHDA (ba225dbe19060a8bece4cfbcdcc8b69d) C:\WINDOWS\system32\drivers\sthda.sys
    09:10:38.0578 4896 STHDA - ok
    09:10:38.0640 4896 STI2303X - ok
    09:10:38.0796 4896 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    09:10:38.0812 4896 stisvc - ok
    09:10:38.0890 4896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:10:38.0890 4896 swenum - ok
    09:10:38.0921 4896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    09:10:38.0921 4896 swmidi - ok
    09:10:38.0937 4896 SwPrv - ok
    09:10:38.0968 4896 symc810 - ok
    09:10:38.0984 4896 symc8xx - ok
    09:10:39.0078 4896 SYMIDSCO - ok
    09:10:39.0171 4896 sym_hi - ok
    09:10:39.0203 4896 sym_u3 - ok
    09:10:39.0234 4896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    09:10:39.0234 4896 sysaudio - ok
    09:10:39.0296 4896 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    09:10:39.0296 4896 SysmonLog - ok
    09:10:39.0390 4896 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    09:10:39.0390 4896 TapiSrv - ok
    09:10:39.0453 4896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:10:39.0453 4896 Tcpip - ok
    09:10:39.0578 4896 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
    09:10:39.0578 4896 TcUsb - ok
    09:10:39.0609 4896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:10:39.0609 4896 TDPIPE - ok
    09:10:39.0671 4896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    09:10:39.0687 4896 TDTCP - ok
    09:10:39.0796 4896 TEchoCan (4a80e7a7d65560aa26e10b4c0a77d87a) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
    09:10:39.0812 4896 TEchoCan - ok
    09:10:39.0906 4896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:10:39.0906 4896 TermDD - ok
    09:10:39.0984 4896 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    09:10:39.0984 4896 TermService - ok
    09:10:40.0046 4896 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    09:10:40.0046 4896 Themes - ok
    09:10:40.0156 4896 Thpdrv (9a932560e9246b0d370fb97789bc0fd4) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
    09:10:40.0156 4896 Thpdrv - ok
    09:10:40.0171 4896 Thpevm (51b3dfbe72ce64faf326c07ccbb5d632) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
    09:10:40.0171 4896 Thpevm - ok
    09:10:40.0265 4896 Thpsrv (9f06ffa1a13f07305e2bd287e8546c3a) C:\WINDOWS\system32\ThpSrv.exe
    09:10:40.0265 4896 Thpsrv - ok
    09:10:40.0312 4896 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    09:10:40.0312 4896 TlntSvr - ok
    09:10:40.0359 4896 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
    09:10:40.0359 4896 TMEI3E - ok
    09:10:40.0468 4896 Tmesbs (2077def531f152de63d55a766f1c1e3d) C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
    09:10:40.0468 4896 Tmesbs - ok
    09:10:40.0484 4896 Tmesrv (d8409bfbba59efe250b302cdb395f221) C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    09:10:40.0484 4896 Tmesrv - ok
    09:10:40.0562 4896 TosIde - ok
    09:10:40.0656 4896 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    09:10:40.0656 4896 tosrfec - ok
    09:10:40.0703 4896 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    09:10:40.0703 4896 TrkWks - ok
    09:10:40.0781 4896 TVALZ (ccf4f8f8240f7057bf864ef73e91dcbb) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
    09:10:40.0781 4896 TVALZ - ok
    09:10:40.0828 4896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    09:10:40.0828 4896 Udfs - ok
    09:10:40.0843 4896 ultra - ok
    09:10:40.0921 4896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    09:10:40.0921 4896 Update - ok
    09:10:41.0000 4896 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    09:10:41.0000 4896 upnphost - ok
    09:10:41.0093 4896 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    09:10:41.0093 4896 UPS - ok
    09:10:41.0171 4896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    09:10:41.0171 4896 usbccgp - ok
    09:10:41.0218 4896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:10:41.0234 4896 usbehci - ok
    09:10:41.0265 4896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:10:41.0265 4896 usbhub - ok
    09:10:41.0328 4896 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    09:10:41.0328 4896 usbprint - ok
    09:10:41.0421 4896 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:10:41.0421 4896 usbscan - ok
    09:10:41.0500 4896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:10:41.0500 4896 USBSTOR - ok
    09:10:41.0546 4896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:10:41.0546 4896 usbuhci - ok
    09:10:41.0609 4896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    09:10:41.0609 4896 VgaSave - ok
    09:10:41.0625 4896 ViaIde - ok
    09:10:41.0671 4896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    09:10:41.0671 4896 VolSnap - ok
    09:10:41.0812 4896 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    09:10:41.0812 4896 VSS - ok
    09:10:41.0890 4896 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    09:10:41.0906 4896 W32Time - ok
    09:10:42.0031 4896 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
    09:10:42.0062 4896 w39n51 - ok
    09:10:42.0140 4896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:10:42.0140 4896 Wanarp - ok
    09:10:42.0218 4896 WDICA - ok
    09:10:42.0250 4896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    09:10:42.0250 4896 wdmaud - ok
    09:10:42.0296 4896 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    09:10:42.0296 4896 WebClient - ok
    09:10:42.0390 4896 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    09:10:42.0390 4896 winmgmt - ok
    09:10:42.0484 4896 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    09:10:42.0500 4896 WmdmPmSN - ok
    09:10:42.0625 4896 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    09:10:42.0625 4896 Wmi - ok
    09:10:42.0687 4896 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    09:10:42.0687 4896 WmiApSrv - ok
    09:10:42.0843 4896 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    09:10:42.0890 4896 WMPNetworkSvc - ok
    09:10:43.0046 4896 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    09:10:43.0046 4896 WpdUsb - ok
    09:10:43.0109 4896 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    09:10:43.0109 4896 wscsvc - ok
    09:10:43.0140 4896 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    09:10:43.0171 4896 wuauserv - ok
    09:10:43.0203 4896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    09:10:43.0218 4896 WudfPf - ok
    09:10:43.0250 4896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    09:10:43.0250 4896 WudfRd - ok
    09:10:43.0343 4896 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    09:10:43.0359 4896 WudfSvc - ok
    09:10:43.0421 4896 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    09:10:43.0421 4896 WZCSVC - ok
    09:10:43.0468 4896 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    09:10:43.0625 4896 xmlprov - ok
    09:10:43.0671 4896 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    09:10:43.0859 4896 \Device\Harddisk0\DR0 - ok
    09:10:43.0859 4896 Boot (0x1200) (f91b47a10ab677fac7223a9bbce9a0ec) \Device\Harddisk0\DR0\Partition0
    09:10:43.0875 4896 \Device\Harddisk0\DR0\Partition0 - ok
    09:10:43.0875 4896 ============================================================
    09:10:43.0875 4896 Scan finished
    09:10:43.0875 4896 ============================================================
    09:10:43.0890 4776 Detected object count: 0
    09:10:43.0890 4776 Actual detected object count: 0




    Thanks for pursing this,

    SlowDownHill
  8. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===========================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  9. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    aswMBR & Bootkit Remover

    Hi Broni, managed to run both programs (results posted below) but when using the Bootkit Remover and 'Right Clicking' to 'Select All' the 'CTRL+C' & 'CTRL+V' wouldn't work - tried over 5 times so resorted to copying into Notepad longhand - hope that's okay?
    --------------------------------------------------------------------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-13 22:50:46
    -----------------------------
    22:50:46.390 OS Version: Windows 5.1.2600 Service Pack 3
    22:50:46.390 Number of processors: 1 586 0xE08
    22:50:46.421 ComputerName: YOUR-EDBA3D365E UserName: user
    22:50:47.750 Initialize success
    22:53:40.687 AVAST engine defs: 12041301
    22:53:50.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    22:53:50.640 Disk 0 Vendor: TOSHIBA_MK4032GSX AS211M Size: 38154MB BusType: 3
    22:53:50.656 Disk 0 MBR read successfully
    22:53:50.656 Disk 0 MBR scan
    22:53:50.703 Disk 0 Windows XP default MBR code
    22:53:50.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
    22:53:50.718 Disk 0 scanning sectors +78140160
    22:53:50.796 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:54:18.062 Service scanning
    22:54:55.828 Modules scanning
    22:55:09.640 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
    22:55:34.046 Disk 0 trace - called modules:
    22:55:34.062 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
    22:55:34.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a98bab8]
    22:55:34.421 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\THPDRV[0x8a978908]
    22:55:34.421 5 thpdrv.sys[f766971d] -> nt!IofCallDriver -> \Device\0000008b[0x8a9707d8]
    22:55:34.437 7 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a96f940]
    22:55:34.859 AVAST engine scan C:\WINDOWS
    22:55:46.750 AVAST engine scan C:\WINDOWS\system32
    22:59:56.296 AVAST engine scan C:\WINDOWS\system32\drivers
    23:00:30.671 AVAST engine scan C:\Documents and Settings\user
    23:07:23.718 AVAST engine scan C:\Documents and Settings\All Users
    23:14:04.515 Scan finished successfully
    23:14:37.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\Anti-Virus\MBR.dat"
    23:14:37.578 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\Anti-Virus\aswMBR-SDH.txt"

    --------------------------------------------------------------------------------------------------------
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Servcie Pack 3 (build 2600)

    Sysytem Volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000'00007e00
    Boot sector MD5 is: 6def5ffcbcdhdb4082f1015625e597bd

    Size Device Name MBR Status
    -----------------------------------------------
    37GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;
    Press any key to quit...

    --------------------------------------------------------------------------------------------------------
    Cheers
    SDH
  10. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  11. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Stuffed!

    Hi,
    Downloaded and ran ComboFix; it tried to install the MS Recovery Console but I got an error message that there was an interuption and Extract.3exe was a problem; having accepted the options to continue it then reported the Console had been successfully installed? It appeared to run, lots of H/D activity but then ceased to do or report anything. Ran it several times (and left for 20 mnites) with the same result - tried to run in Safe Mode but still cannot access any of the 3 Safe Mode options - just continues to cycle through and revert back to the only option of 'Normal Mode'.

    Looking grim - Recovery Disk is looking an attractive option?
    Cheers
    SDH
     
  12. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    OTL?

    Just checking before downloading this file: my web provider (TalkTalk) has denied access to it warning that it contains a virus; I've went direct to OTL home page and found the download and again was denied access. I can disable the TalkTalk virus check but wanted to check with yourselves first before doing so to ensure I'm not doing more damage?
    Cheers
    SDH
  14. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    OTL update

    Hi, managed to download a different named version (OTL.scr) - I assume I can use this file as previously instructed? Apologies for being a Doh brain!
    Cheers

    SDH
  15. Broni

    Broni Malware Annihilator Posts: 46,132   +251

    Yes, go ahead
  16. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Hi, not sure I've done exactly as requested but I've pasted in the results below over many replies - the results for:
    1) Full OTL Scan
    2) Full OTL Scan Extras
    3) Quick Scan + All Users + Custom Script
    ---------------------------------------------------------
    OTL logfile created on: 15/04/2012 21:10:34 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\user\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.49 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.99% Memory free
    3.08 Gb Paging File | 2.58 Gb Available in Paging File | 83.82% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 9.21 Gb Free Space | 24.72% Space Free | Partition Type: NTFS

    Computer Name: YOUR-EDBA3D365E | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/14 18:43:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
    PRC - [2012/04/10 09:24:11 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2012/03/20 22:32:03 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2011/02/23 22:14:22 | 003,016,048 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Aware.exe
    PRC - [2011/01/25 18:10:34 | 013,320,560 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
    PRC - [2011/01/25 18:09:44 | 006,665,072 | ---- | M] (SMART Technologies ULC) -- C:\Program Files\SMART Technologies\SMART Product Drivers\Marker.exe
    PRC - [2011/01/25 18:09:20 | 005,893,488 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
    PRC - [2011/01/12 17:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2011/01/12 17:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2011/01/12 17:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
    PRC - [2011/01/12 09:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2011/01/12 09:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2011/01/12 09:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
    PRC - [2010/11/28 18:14:10 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2008/12/13 18:15:26 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/11/22 22:10:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
    PRC - [2006/04/03 22:52:34 | 000,031,232 | R--- | M] (Mindjet) -- C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe
    PRC - [2006/03/06 16:31:00 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TME3\TMESRV31.EXE
    PRC - [2006/03/06 16:30:42 | 000,065,536 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TME3\TMESBS32.EXE
    PRC - [2005/12/21 12:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
    PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005/10/06 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/08/05 16:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe
    PRC - [2005/05/17 12:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
    PRC - [2005/05/12 11:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/05/11 11:01:24 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
    PRC - [2005/04/11 12:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    PRC - [2005/02/17 00:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2004/09/05 18:20:18 | 000,380,928 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
    PRC - [2003/07/28 14:43:44 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/01/25 18:15:40 | 000,571,248 | ---- | M] () -- C:\Program Files\SMART Technologies\SMART Product Drivers\ZipArchive.dll
    MOD - [2011/01/12 17:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
    MOD - [2007/06/21 10:09:04 | 000,245,843 | ---- | M] () -- C:\WINDOWS\system32\nwshlxnt.dll
    MOD - [2007/04/18 20:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
    MOD - [2007/04/18 20:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
    MOD - [2006/11/02 22:35:30 | 000,012,288 | ---- | M] () -- C:\Program Files\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
    MOD - [2006/03/03 13:53:02 | 000,110,592 | ---- | M] () -- C:\Program Files\Mindjet\MindManager 6\zlib.dll
    MOD - [2005/11/28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
    MOD - [2005/11/28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2005/11/28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2005/11/03 12:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
    MOD - [2004/09/05 18:20:38 | 000,008,192 | ---- | M] () -- C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\fm30xmf.dll
    MOD - [2004/07/30 17:05:24 | 000,121,660 | ---- | M] () -- C:\WINDOWS\system32\nls\ENGLISH\nwshlxnr.dll
    MOD - [2004/07/20 18:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
    ---------------------------------------------------------

    Rest to follow - struggling with character count!
    Cheers
    SDH
  17. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 2
    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe -- (SMART Display Controller)
    SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\hpdj.exe -- (hpdj)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/04/10 09:24:11 | 000,159,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2012/04/02 13:01:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/20 22:32:03 | 000,159,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2011/06/26 07:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
    SRV - [2011/01/25 18:13:16 | 001,678,704 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
    SRV - [2011/01/25 18:09:20 | 005,893,488 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe -- (SMART Board Service)
    SRV - [2011/01/12 17:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2011/01/12 09:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2008/12/13 18:15:26 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/11/11 10:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2006/08/11 15:51:04 | 000,028,672 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
    SRV - [2006/03/06 16:31:00 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
    SRV - [2006/03/06 16:30:42 | 000,065,536 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
    SRV - [2005/12/21 12:57:54 | 000,167,936 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
    SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys -- (SYMIDSCO)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\STI2303X.sys -- (STI2303X)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
  18. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 3
    DRV - [2012/04/14 13:53:31 | 000,032,072 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2012/04/10 09:24:11 | 000,475,704 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2012/04/10 09:24:11 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2012/03/20 22:32:05 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2012/03/20 22:32:04 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2012/03/20 22:32:04 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2012/03/20 22:32:03 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
    DRV - [2009/12/07 17:12:36 | 000,078,336 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SafDskNT.sys -- (SafDskNT)
    DRV - [2008/12/13 18:15:26 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/12/17 15:01:21 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2007/06/21 14:03:08 | 000,513,664 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
    DRV - [2007/05/02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2007/05/02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2007/05/02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2006/10/27 16:53:48 | 000,043,568 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
    DRV - [2006/09/28 12:59:50 | 000,034,639 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FTD2XX.sys -- (FTD2XX)
    DRV - [2006/09/25 09:54:54 | 000,160,209 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
    DRV - [2006/03/03 17:50:48 | 000,038,416 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
    DRV - [2006/02/24 12:01:52 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2006/02/24 12:01:38 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - [2006/02/24 11:34:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - [2005/12/26 18:59:42 | 000,595,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
    DRV - [2005/12/26 15:33:26 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
    DRV - [2005/12/13 01:32:54 | 001,083,576 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/12/05 09:55:30 | 001,428,096 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
    DRV - [2005/11/15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2005/10/27 16:15:14 | 000,039,731 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
    DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
    DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
    DRV - [2005/10/06 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/10/06 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/10/06 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/10/06 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/10/06 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/10/06 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/10/06 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/09/09 15:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
    DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/01/03 14:51:38 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
    DRV - [2004/12/28 00:31:50 | 000,016,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\thpdrv.sys -- (Thpdrv)
    DRV - [2004/11/13 13:24:52 | 000,006,144 | R--- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Thpevm.sys -- (Thpevm)
    DRV - [2004/06/16 12:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.SYS -- (TMEI3E)
    DRV - [2004/06/01 18:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
    DRV - [2004/05/09 04:38:00 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2003/09/19 02:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
    DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
  19. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 4
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/user/My%20Documents/WebWork/DEFAULT.HTM
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\SearchScopes,DefaultScope = {1973D003-3E90-4508-8A78-F9DD47B91101}
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\SearchScopes\{1973D003-3E90-4508-8A78-F9DD47B91101}: "URL" = http://www.google.com/search?q={sea...Index={startIndex?}&startPage={startPage}&rlz=
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\SearchScopes\{4115F6C8-CCFD-4406-8D72-F310A23028C4}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&mkt=en-us&FORM=OPNSCH
    IE - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "file:///C:/Documents%20and%20Settings/user/My%20Documents/WebWork/DEFAULT.HTM"
    FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
    FF - prefs.js..extensions.enabledItems: video.downloader.plugin@ffpimp.com:2.3.1
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.nottingham.ac.uk/finjan.pac"
    FF - prefs.js..network.proxy.type: 2
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/22 21:59:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2009/05/11 16:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
    [2012/01/30 19:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions
    [2010/07/10 20:35:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/04/22 22:06:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/01/30 19:57:55 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
    [2012/02/26 20:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\staged
    [2012/01/30 19:55:28 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\video.downloader.plugin@ffpimp.com
    [2010/12/26 11:54:58 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\extensions\YoutubeDownloader@PeterOlayev.com
    [2012/01/19 00:19:56 | 000,002,759 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\s0gxyngw.default\searchplugins\s-amazon-bymp-uk.xml
    [2011/04/22 21:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/18 18:57:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\8.0.552.237\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
  20. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 5
    O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120320213257.dll (McAfee, Inc.)
    O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [DpUtil] C:\Program Files\Toshiba\DualPointUtility\TEDTray.exe (TOSHIBA)
    O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe (Mindjet)
    O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean File not found
    O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [Update] C:\WINDOWS\system32\0.6163369190415083.exe File not found
    O4 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005..\Run: [pdfSaver3] C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.)
    O4 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe (SMART Technologies ULC)
    O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1713765733-1676542666-3049539374-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab (Reg Error: Key error.)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199892467250 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
  21. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 6

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012DFDF1-03B3-48F5-BA2B-3093F4F8DE19}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC6CC1BD-244A-44AF-AE6C-E05F2F38020B}: Domain = nottingham.ac.uk
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\TosBtNP: DllName - (TosBtNP.dll) - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
    O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B4870B70-F390-11d2-9FB9-F4ED725EA20D} - C:\WINDOWS\system32\NALEXPEX.DLL (Novell, Inc)
    O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/14 18:42:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
    [2012/04/14 13:33:11 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/04/14 13:23:20 | 004,462,472 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
    [2012/04/14 09:12:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/04/14 09:09:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/04/14 09:09:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/04/14 09:09:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/04/14 09:09:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/04/14 09:09:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/04/14 09:09:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/13 09:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Keele
    [2012/04/13 08:56:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2012/04/12 21:36:22 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
    [2012/04/10 09:23:35 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
    [2012/04/09 22:38:55 | 000,000,000 | ---D | C] -- C:\QUARANTINE
    [2012/04/02 13:01:31 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/01 21:10:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Blackberry
    [2012/03/20 22:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\McAfee
    [2012/03/20 22:32:58 | 000,074,848 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\MfeOtlkAddin.dll
    [2012/03/20 22:32:58 | 000,022,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\MFEOtlk.dll
    [2012/03/20 22:32:56 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2012/03/20 22:32:56 | 000,058,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2012/03/20 22:32:56 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2012/03/20 22:32:55 | 000,171,296 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2012/03/20 22:32:55 | 000,116,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2012/03/20 22:32:53 | 000,475,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2012/03/20 22:32:52 | 000,159,608 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2012/03/20 22:32:52 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2012/03/20 22:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2012/03/20 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2012/03/20 22:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/15 20:14:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/15 19:42:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2CB7542-C736-422E-A838-89C5B2899119}.job
    [2012/04/15 19:36:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/15 19:36:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/15 19:35:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
    [2012/04/15 19:35:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/15 19:35:10 | 2675,167,232 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/14 23:15:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/04/14 18:43:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.scr
    [2012/04/14 13:53:31 | 000,032,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/04/14 13:23:34 | 004,462,472 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
    [2012/04/14 09:14:42 | 000,000,342 | RHS- | M] () -- C:\boot.ini
    [2012/04/14 09:13:36 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012/04/12 21:36:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2012/04/12 09:22:18 | 000,464,086 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/04/12 09:22:18 | 000,080,648 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/04/12 09:13:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/04/10 13:30:23 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/10 09:24:11 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2012/04/10 09:24:11 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2012/04/10 09:24:11 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/04/02 13:01:31 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2012/04/02 13:01:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2012/03/27 18:11:55 | 000,002,693 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager Pro 6.lnk
    [2012/03/20 22:32:05 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2012/03/20 22:32:04 | 000,171,296 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2012/03/20 22:32:04 | 000,074,848 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\MfeOtlkAddin.dll
    [2012/03/20 22:32:04 | 000,058,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2012/03/20 22:32:04 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\MFEOtlk.dll
    [2012/03/20 22:32:04 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2012/03/20 22:32:03 | 000,116,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2012/03/20 13:37:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/17 11:33:05 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  22. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 7
    ========== Files Created - No Company Name ==========

    [2012/04/14 13:53:31 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
    [2012/04/14 09:14:42 | 000,000,226 | ---- | C] () -- C:\Boot.bak
    [2012/04/14 09:14:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/04/14 09:09:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/04/14 09:09:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/04/14 09:09:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/04/14 09:09:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/04/14 09:09:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/04/12 21:36:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
    [2012/04/12 21:36:24 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk
    [2012/04/12 21:36:22 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2012/04/02 13:01:40 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/03/17 11:33:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2012/02/18 13:56:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/27 20:52:32 | 000,021,698 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
    [2011/06/07 11:23:59 | 000,013,342 | -HS- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\oyg61q78sr0jqd
    [2011/06/07 11:23:59 | 000,013,342 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\oyg61q78sr0jqd
    [2011/04/10 19:16:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/08 21:33:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2010/07/08 21:33:18 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/11/30 16:22:15 | 000,000,226 | ---- | M] () -- C:\Boot.bak
    [2012/04/14 09:14:42 | 000,000,342 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/02/27 00:50:09 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2012/04/15 19:35:10 | 2675,167,232 | -HS- | M] () -- C:\hiberfil.sys
    [2006/03/21 11:52:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/03/21 11:52:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/11/25 21:58:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/04/15 19:35:03 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2011/02/27 10:07:44 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2010/12/24 00:26:10 | 000,005,862 | ---- | M] () -- C:\scramble.log
    [2012/04/13 09:20:08 | 000,093,616 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_13.04.2012_09.10.09_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/03/21 11:51:57 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/03/14 04:06:40 | 000,019,968 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BuEProNT.dll
    [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2004/12/08 16:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/03/21 11:43:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006/03/21 11:43:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006/03/21 11:43:41 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/11/25 22:10:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/11/30 16:23:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/03/21 12:14:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/14 13:23:34 | 004,462,472 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
    [2011/12/28 22:17:32 | 000,795,768 | ---- | M] (NCH Software) -- C:\Documents and Settings\user\Desktop\grsetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/15 21:15:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2004/08/04 14:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/04/15 19:36:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/04/15 21:14:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/15 19:35:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2012/04/15 19:42:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2CB7542-C736-422E-A838-89C5B2899119}.job
  23. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Part 8
    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2011/12/19 04:04:46 | 000,000,698 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/04/15 20:59:56 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\desktop.ini
    [2012/04/15 20:59:47 | 000,180,224 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/12/05 16:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1999/01/11 08:45:04 | 000,004,512 | ---- | M] () -- C:\WINDOWS\system\loginw31.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto >

    < Update\Results\Install|LastSuccessTime /rs >
    < End of report >
    ============================
    End of first OTL File.

    Cheers

    SDH
  24. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    OTL Extras File - Part 1

    OTL Extras logfile created on: 15/04/2012 21:10:34 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\user\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.49 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 78.99% Memory free
    3.08 Gb Paging File | 2.58 Gb Available in Paging File | 83.82% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 9.21 Gb Free Space | 24.72% Space Free | Partition Type: NTFS

    Computer Name: YOUR-EDBA3D365E | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1713765733-1676542666-3049539374-1005\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe:*:Enabled:SMART Display Controller Program
    "C:\WINDOWS\LMIE.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIE.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
    "C:\WINDOWS\LMID.tmp\lmi_rescue.exe" = C:\WINDOWS\LMID.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe:*:Enabled:SMART Web Server
    "C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)
    "C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)
    "C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe" = C:\Program Files\SMART Technologies\SMART Product Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service -- (SMART Technologies ULC)
    "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
    "{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
    "{0D41E834-DB3D-48A3-B57F-CEBAF974F221}" = Mindjet MindManager Pro 6
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1C8CE195-F105-44B4-9F59-4AA1ECF403E4}" = SMART Ideas 5
    "{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
    "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
  25. SlowDownHill

    SlowDownHill Newcomer, in training Topic Starter Posts: 28

    Extras - Part 2
    "{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Manuals
    "{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{4CE6C6E8-0DAD-4757-86ED-7FB4035BA98B}" = SMART Product Drivers
    "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{6314D540-E3C1-4F30-AEEB-4154C93375C3}" = HP Driver Diagnostics
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
    "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
    "{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{9550F8A6-3D21-4544-8B87-F9FE7E01B964}" = SMART Notebook
    "{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.8
    "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
    "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
    "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{DB5518BE-F40F-407A-B451-012625D4497B}" = hp deskjet 5600
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
    "{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
    "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.