also @ TechSpot: OCZ Vertex 450 SSD Review

Computer crashing

Discussion in 'Virus and Malware Removal' started by di229, May 22, 2012.

Post New Reply
Page 2 of 3

  1. Broni Malware Annihilator Posts: 39,379   +177

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, May 22, 2012
    #21

  2. di229 Newcomer, in training Posts: 75

    9:16:42.0488 4048 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    19:16:43.0939 4048 ============================================================
    19:16:43.0939 4048 Current date / time: 2012/05/22 19:16:43.0939
    19:16:43.0939 4048 SystemInfo:
    19:16:43.0939 4048
    19:16:43.0939 4048 OS Version: 6.0.6002 ServicePack: 2.0
    19:16:43.0939 4048 Product type: Workstation
    19:16:43.0939 4048 ComputerName: DI-PC
    19:16:43.0939 4048 UserName: DI
    19:16:43.0939 4048 Windows directory: C:\Windows
    19:16:43.0939 4048 System windows directory: C:\Windows
    19:16:43.0939 4048 Running under WOW64
    19:16:43.0939 4048 Processor architecture: Intel x64
    19:16:43.0939 4048 Number of processors: 2
    19:16:43.0939 4048 Page size: 0x1000
    19:16:43.0939 4048 Boot type: Normal boot
    19:16:43.0939 4048 ============================================================
    19:16:44.0688 4048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:16:44.0719 4048 ============================================================
    19:16:44.0719 4048 \Device\Harddisk0\DR0:
    19:16:44.0734 4048 MBR partitions:
    19:16:44.0734 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C3D800
    19:16:44.0734 4048 ============================================================
    19:16:44.0797 4048 C: <-> \Device\Harddisk0\DR0\Partition0
    19:16:44.0797 4048 ============================================================
    19:16:44.0797 4048 Initialize success
    19:16:44.0797 4048 ============================================================
    19:16:49.0867 5868 ============================================================
    19:16:49.0867 5868 Scan started
    19:16:49.0867 5868 Mode: Manual;
    19:16:49.0867 5868 ============================================================
    19:16:51.0115 5868 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    19:16:51.0130 5868 ACPI - ok
    19:16:51.0286 5868 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:16:51.0286 5868 AdobeARMservice - ok
    19:16:51.0505 5868 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:16:51.0520 5868 AdobeFlashPlayerUpdateSvc - ok
    19:16:51.0645 5868 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    19:16:51.0645 5868 adp94xx - ok
    19:16:51.0708 5868 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    19:16:51.0708 5868 adpahci - ok
    19:16:51.0754 5868 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    19:16:51.0754 5868 adpu160m - ok
    19:16:51.0801 5868 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    19:16:51.0801 5868 adpu320 - ok
    19:16:51.0879 5868 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
    19:16:51.0895 5868 AeLookupSvc - ok
    19:16:51.0988 5868 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
    19:16:52.0004 5868 AFD - ok
    19:16:52.0113 5868 AGCoreService (ead9c3ab25a3159abd7b05dcac607a61) C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
    19:16:52.0113 5868 AGCoreService - ok
    19:16:52.0176 5868 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
    19:16:52.0176 5868 AgereModemAudio - ok
    19:16:52.0394 5868 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
    19:16:52.0456 5868 AgereSoftModem - ok
    19:16:52.0534 5868 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    19:16:52.0534 5868 agp440 - ok
    19:16:52.0566 5868 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    19:16:52.0566 5868 aic78xx - ok
    19:16:52.0612 5868 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
    19:16:52.0612 5868 ALG - ok
    19:16:52.0675 5868 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    19:16:52.0675 5868 aliide - ok
    19:16:52.0768 5868 AMD External Events Utility (9a5495edebe7d6b3f7e9a86ebe5ea248) C:\Windows\system32\atiesrxx.exe
    19:16:52.0768 5868 AMD External Events Utility - ok
    19:16:52.0831 5868 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    19:16:52.0831 5868 amdide - ok
    19:16:52.0878 5868 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    19:16:52.0878 5868 AmdK8 - ok
    19:16:52.0956 5868 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
    19:16:52.0956 5868 Appinfo - ok
    19:16:53.0096 5868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:16:53.0096 5868 Apple Mobile Device - ok
    19:16:53.0127 5868 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    19:16:53.0127 5868 arc - ok
    19:16:53.0174 5868 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    19:16:53.0190 5868 arcsas - ok
    19:16:53.0330 5868 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:16:53.0330 5868 aspnet_state - ok
    19:16:53.0377 5868 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:16:53.0377 5868 AsyncMac - ok
    19:16:53.0424 5868 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    19:16:53.0424 5868 atapi - ok
    19:16:54.0079 5868 atikmdag (a08339ae90972e268b9622c668f450e8) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:16:54.0235 5868 atikmdag - ok
    19:16:54.0453 5868 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    19:16:54.0453 5868 AudioEndpointBuilder - ok
    19:16:54.0469 5868 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    19:16:54.0469 5868 AudioSrv - ok
    19:16:55.0062 5868 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    19:16:55.0186 5868 AVGIDSAgent - ok
    19:16:55.0405 5868 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    19:16:55.0405 5868 AVGIDSDriver - ok
    19:16:55.0420 5868 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    19:16:55.0420 5868 AVGIDSFilter - ok
    19:16:55.0436 5868 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
    19:16:55.0436 5868 AVGIDSHA - ok
    19:16:55.0498 5868 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
    19:16:55.0498 5868 Avgldx64 - ok
    19:16:55.0561 5868 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
    19:16:55.0561 5868 Avgmfx64 - ok
    19:16:55.0608 5868 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
    19:16:55.0623 5868 Avgrkx64 - ok
    19:16:55.0670 5868 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
    19:16:55.0686 5868 Avgtdia - ok
    19:16:55.0795 5868 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    19:16:55.0795 5868 avgwd - ok
    19:16:55.0873 5868 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
    19:16:55.0873 5868 BFE - ok
    19:16:56.0044 5868 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
    19:16:56.0060 5868 BITS - ok
    19:16:56.0122 5868 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    19:16:56.0122 5868 blbdrive - ok
    19:16:56.0232 5868 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    19:16:56.0247 5868 Bonjour Service - ok
    19:16:56.0278 5868 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    19:16:56.0294 5868 bowser - ok
    19:16:56.0341 5868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    19:16:56.0356 5868 BrFiltLo - ok
    19:16:56.0356 5868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    19:16:56.0372 5868 BrFiltUp - ok
    19:16:56.0434 5868 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
    19:16:56.0434 5868 Browser - ok
    19:16:56.0481 5868 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    19:16:56.0481 5868 Brserid - ok
    19:16:56.0528 5868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    19:16:56.0528 5868 BrSerWdm - ok
    19:16:56.0559 5868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    19:16:56.0559 5868 BrUsbMdm - ok
    19:16:56.0575 5868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    19:16:56.0575 5868 BrUsbSer - ok
    19:16:56.0637 5868 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    19:16:56.0637 5868 BTHMODEM - ok
    19:16:56.0700 5868 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    19:16:56.0700 5868 cdfs - ok
    19:16:56.0762 5868 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    19:16:56.0762 5868 cdrom - ok
    19:16:56.0824 5868 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    19:16:56.0824 5868 CertPropSvc - ok
    19:16:56.0871 5868 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    19:16:56.0871 5868 circlass - ok
    19:16:56.0934 5868 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    19:16:56.0934 5868 CLFS - ok
    19:16:57.0074 5868 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:16:57.0090 5868 clr_optimization_v2.0.50727_32 - ok
    19:16:57.0121 5868 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:16:57.0136 5868 clr_optimization_v2.0.50727_64 - ok
    19:16:57.0246 5868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:16:57.0246 5868 clr_optimization_v4.0.30319_32 - ok
    19:16:57.0292 5868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:16:57.0308 5868 clr_optimization_v4.0.30319_64 - ok
    19:16:57.0370 5868 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:16:57.0370 5868 CmBatt - ok
    19:16:57.0386 5868 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    19:16:57.0386 5868 cmdide - ok
    19:16:57.0417 5868 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    19:16:57.0417 5868 Compbatt - ok
    19:16:57.0417 5868 COMSysApp - ok
    19:16:57.0526 5868 ConfigFree Gadget Service (b9d3d216c66e0cd37478f5e5778aa35b) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    19:16:57.0526 5868 ConfigFree Gadget Service - ok
    19:16:57.0542 5868 ConfigFree Service (c508b28b9da7563634a2a2b2eef4395d) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    19:16:57.0542 5868 ConfigFree Service - ok
    19:16:57.0573 5868 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    19:16:57.0573 5868 crcdisk - ok
    19:16:57.0651 5868 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
    19:16:57.0651 5868 CryptSvc - ok
    19:16:57.0776 5868 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    19:16:57.0792 5868 DcomLaunch - ok
    19:16:57.0838 5868 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    19:16:57.0838 5868 DfsC - ok
    19:16:58.0306 5868 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
    19:16:58.0384 5868 DFSR - ok
    19:16:58.0650 5868 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
    19:16:58.0650 5868 Dhcp - ok
    19:16:58.0728 5868 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    19:16:58.0728 5868 disk - ok
    19:16:58.0790 5868 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
    19:16:58.0790 5868 Dnscache - ok
    19:16:58.0837 5868 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
    19:16:58.0837 5868 dot3svc - ok
    19:16:58.0946 5868 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
    19:16:58.0946 5868 Dot4 - ok
    19:16:58.0993 5868 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    19:16:58.0993 5868 Dot4Print - ok
    19:16:59.0024 5868 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
    19:16:59.0040 5868 dot4usb - ok
    19:16:59.0102 5868 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
    19:16:59.0118 5868 DPS - ok
    19:16:59.0164 5868 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    19:16:59.0164 5868 drmkaud - ok
    19:16:59.0274 5868 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    19:16:59.0289 5868 DXGKrnl - ok
    19:16:59.0352 5868 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    19:16:59.0352 5868 E1G60 - ok
    19:16:59.0398 5868 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
    19:16:59.0398 5868 EapHost - ok
    19:16:59.0445 5868 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    19:16:59.0445 5868 Ecache - ok
    19:16:59.0554 5868 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
    19:16:59.0570 5868 ehRecvr - ok
    19:16:59.0586 5868 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
    19:16:59.0586 5868 ehSched - ok
    19:16:59.0648 5868 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
    19:16:59.0648 5868 ehstart - ok
    19:16:59.0726 5868 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    19:16:59.0742 5868 elxstor - ok
    19:16:59.0804 5868 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
    19:16:59.0804 5868 EMDMgmt - ok
    19:16:59.0851 5868 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    19:16:59.0851 5868 ErrDev - ok
    19:16:59.0960 5868 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
    19:16:59.0960 5868 EventSystem - ok
    19:17:00.0397 5868 EvtEng (7cd2f2c63693ef90b73f5362a52cae26) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    19:17:00.0444 5868 EvtEng - ok
    19:17:00.0693 5868 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    19:17:00.0709 5868 exfat - ok
    19:17:00.0787 5868 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    19:17:00.0802 5868 fastfat - ok
    19:17:00.0896 5868 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    19:17:00.0896 5868 fdc - ok
    19:17:00.0943 5868 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
    19:17:00.0943 5868 fdPHost - ok
    19:17:00.0958 5868 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
    19:17:00.0974 5868 FDResPub - ok
    19:17:01.0021 5868 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    19:17:01.0021 5868 FileInfo - ok
    19:17:01.0052 5868 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    19:17:01.0052 5868 Filetrace - ok
    19:17:01.0083 5868 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:17:01.0083 5868 flpydisk - ok
    19:17:01.0130 5868 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    19:17:01.0130 5868 FltMgr - ok
    19:17:01.0395 5868 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
    19:17:01.0442 5868 FontCache - ok
    19:17:01.0551 5868 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:17:01.0567 5868 FontCache3.0.0.0 - ok
    19:17:01.0660 5868 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
    19:17:01.0660 5868 Fs_Rec - ok
    19:17:01.0723 5868 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
    19:17:01.0754 5868 FwLnk - ok
    19:17:01.0785 5868 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    19:17:01.0785 5868 gagp30kx - ok
    19:17:01.0941 5868 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    19:17:01.0957 5868 GamesAppService - ok
    19:17:02.0004 5868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:17:02.0035 5868 GEARAspiWDM - ok
    19:17:02.0160 5868 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
    19:17:02.0175 5868 gpsvc - ok
    19:17:02.0284 5868 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
    19:17:02.0300 5868 HdAudAddService - ok
    19:17:02.0394 5868 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:17:02.0409 5868 HDAudBus - ok
    19:17:02.0440 5868 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    19:17:02.0440 5868 HidBth - ok
    19:17:02.0503 5868 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    19:17:02.0503 5868 HidIr - ok
    19:17:02.0550 5868 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
    19:17:02.0550 5868 hidserv - ok
    19:17:02.0581 5868 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    19:17:02.0581 5868 HidUsb - ok
    19:17:02.0643 5868 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
    19:17:02.0643 5868 hkmsvc - ok
    19:17:02.0706 5868 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    19:17:02.0721 5868 HpCISSs - ok
    19:17:02.0877 5868 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    19:17:02.0893 5868 hpqcxs08 - ok
    19:17:02.0908 5868 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    19:17:02.0908 5868 hpqddsvc - ok
    19:17:03.0018 5868 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    19:17:03.0033 5868 HTTP - ok
    19:17:03.0064 5868 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    19:17:03.0064 5868 i2omp - ok
    19:17:03.0111 5868 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:17:03.0127 5868 i8042prt - ok
    19:17:03.0205 5868 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    19:17:03.0205 5868 iaStor - ok
    19:17:03.0252 5868 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    19:17:03.0252 5868 iaStorV - ok
    19:17:03.0392 5868 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    19:17:03.0408 5868 IDriverT - ok
    19:17:03.0610 5868 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:17:03.0626 5868 idsvc - ok
    19:17:03.0766 5868 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    19:17:03.0766 5868 iirsp - ok
    19:17:03.0844 5868 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
    19:17:03.0860 5868 IKEEXT - ok
    19:17:03.0891 5868 IntcAzAudAddService - ok
    19:17:03.0922 5868 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    19:17:03.0922 5868 intelide - ok
    19:17:03.0954 5868 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    19:17:03.0954 5868 intelppm - ok
    19:17:04.0016 5868 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
    19:17:04.0016 5868 IPBusEnum - ok
    19:17:04.0047 5868 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:17:04.0063 5868 IpFilterDriver - ok
    19:17:04.0110 5868 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
    19:17:04.0125 5868 iphlpsvc - ok
    19:17:04.0125 5868 IpInIp - ok
    19:17:04.0172 5868 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    19:17:04.0172 5868 IPMIDRV - ok
    19:17:04.0172 5868 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    19:17:04.0188 5868 IPNAT - ok
    19:17:04.0359 5868 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    19:17:04.0375 5868 iPod Service - ok
    19:17:04.0390 5868 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    19:17:04.0390 5868 IRENUM - ok
    19:17:04.0453 5868 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    19:17:04.0453 5868 isapnp - ok
    19:17:04.0515 5868 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:17:04.0515 5868 iScsiPrt - ok
    19:17:04.0531 5868 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    19:17:04.0546 5868 iteatapi - ok
    19:17:04.0562 5868 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    19:17:04.0562 5868 iteraid - ok
    19:17:04.0593 5868 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:17:04.0593 5868 kbdclass - ok
    19:17:04.0609 5868 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:17:04.0609 5868 kbdhid - ok
    19:17:04.0656 5868 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:04.0656 5868 KeyIso - ok
    19:17:04.0687 5868 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
    19:17:04.0702 5868 KR10I64 - ok
    19:17:04.0734 5868 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
    19:17:04.0734 5868 KR10N64 - ok
    19:17:04.0812 5868 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
    19:17:04.0827 5868 KSecDD - ok
    19:17:04.0858 5868 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    19:17:04.0858 5868 ksthunk - ok
    19:17:04.0936 5868 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
    19:17:04.0952 5868 KtmRm - ok
    19:17:05.0014 5868 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
    19:17:05.0014 5868 LanmanServer - ok
    19:17:05.0092 5868 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
    19:17:05.0108 5868 LanmanWorkstation - ok
    19:17:05.0124 5868 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    19:17:05.0124 5868 lltdio - ok
    19:17:05.0170 5868 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
    19:17:05.0186 5868 lltdsvc - ok
    19:17:05.0202 5868 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
    19:17:05.0202 5868 lmhosts - ok
    19:17:05.0248 5868 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    19:17:05.0248 5868 LSI_FC - ok
    19:17:05.0295 5868 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    19:17:05.0295 5868 LSI_SAS - ok
    19:17:05.0311 5868 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    19:17:05.0311 5868 LSI_SCSI - ok
    19:17:05.0326 5868 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    19:17:05.0342 5868 luafv - ok
    19:17:05.0389 5868 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    19:17:05.0389 5868 MBAMProtector - ok
    19:17:05.0514 5868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-
    di229, May 22, 2012
    #22

  3. di229 Newcomer, in training Posts: 75

    19:17:05.0514 5868 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:17:05.0514 5868 MBAMService - ok
    19:17:05.0560 5868 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
    19:17:05.0560 5868 Mcx2Svc - ok
    19:17:05.0623 5868 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    19:17:05.0638 5868 megasas - ok
    19:17:05.0716 5868 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    19:17:05.0732 5868 MegaSR - ok
    19:17:05.0763 5868 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    19:17:05.0763 5868 MMCSS - ok
    19:17:05.0779 5868 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    19:17:05.0779 5868 Modem - ok
    19:17:05.0826 5868 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    19:17:05.0826 5868 monitor - ok
    19:17:05.0841 5868 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    19:17:05.0841 5868 mouclass - ok
    19:17:05.0888 5868 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    19:17:05.0888 5868 mouhid - ok
    19:17:05.0919 5868 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    19:17:05.0919 5868 MountMgr - ok
    19:17:05.0966 5868 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    19:17:05.0982 5868 mpio - ok
    19:17:06.0013 5868 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    19:17:06.0013 5868 mpsdrv - ok
    19:17:06.0106 5868 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
    19:17:06.0122 5868 MpsSvc - ok
    19:17:06.0138 5868 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    19:17:06.0138 5868 Mraid35x - ok
    19:17:06.0184 5868 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    19:17:06.0184 5868 MRxDAV - ok
    19:17:06.0247 5868 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:17:06.0247 5868 mrxsmb - ok
    19:17:06.0278 5868 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:17:06.0294 5868 mrxsmb10 - ok
    19:17:06.0294 5868 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:17:06.0309 5868 mrxsmb20 - ok
    19:17:06.0325 5868 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
    19:17:06.0325 5868 msahci - ok
    19:17:06.0356 5868 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    19:17:06.0372 5868 msdsm - ok
    19:17:06.0418 5868 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
    19:17:06.0418 5868 MSDTC - ok
    19:17:06.0450 5868 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    19:17:06.0450 5868 Msfs - ok
    19:17:06.0512 5868 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    19:17:06.0512 5868 msisadrv - ok
    19:17:06.0559 5868 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
    19:17:06.0559 5868 MSiSCSI - ok
    19:17:06.0559 5868 msiserver - ok
    19:17:06.0606 5868 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    19:17:06.0606 5868 MSKSSRV - ok
    19:17:06.0637 5868 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:17:06.0637 5868 MSPCLOCK - ok
    19:17:06.0637 5868 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    19:17:06.0637 5868 MSPQM - ok
    19:17:06.0715 5868 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    19:17:06.0715 5868 MsRPC - ok
    19:17:06.0730 5868 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:17:06.0746 5868 mssmbios - ok
    19:17:06.0840 5868 MSSQL$SQLEXPRESS - ok
    19:17:06.0855 5868 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    19:17:06.0855 5868 MSSQLServerADHelper - ok
    19:17:06.0886 5868 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    19:17:06.0886 5868 MSTEE - ok
    19:17:07.0417 5868 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
    19:17:07.0510 5868 msvsmon90 - ok
    19:17:07.0729 5868 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    19:17:07.0729 5868 Mup - ok
    19:17:07.0791 5868 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
    19:17:07.0807 5868 napagent - ok
    19:17:07.0869 5868 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    19:17:07.0885 5868 NativeWifiP - ok
    19:17:08.0041 5868 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    19:17:08.0056 5868 NDIS - ok
    19:17:08.0103 5868 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:17:08.0103 5868 NdisTapi - ok
    19:17:08.0150 5868 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:17:08.0166 5868 Ndisuio - ok
    19:17:08.0228 5868 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:17:08.0228 5868 NdisWan - ok
    19:17:08.0259 5868 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    19:17:08.0275 5868 NDProxy - ok
    19:17:08.0337 5868 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    19:17:08.0353 5868 Net Driver HPZ12 - ok
    19:17:08.0384 5868 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    19:17:08.0400 5868 NetBIOS - ok
    19:17:08.0462 5868 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    19:17:08.0478 5868 netbt - ok
    19:17:08.0493 5868 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:08.0509 5868 Netlogon - ok
    19:17:08.0556 5868 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
    19:17:08.0571 5868 Netman - ok
    19:17:08.0696 5868 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0696 5868 NetMsmqActivator - ok
    19:17:08.0712 5868 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0712 5868 NetPipeActivator - ok
    19:17:08.0758 5868 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
    19:17:08.0774 5868 netprofm - ok
    19:17:08.0774 5868 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0774 5868 NetTcpActivator - ok
    19:17:08.0790 5868 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:17:08.0790 5868 NetTcpPortSharing - ok
    19:17:09.0351 5868 NETw5v64 (263796d4f50df61c0c7ca86f746b5767) C:\Windows\system32\DRIVERS\NETw5v64.sys
    19:17:09.0507 5868 NETw5v64 - ok
    19:17:09.0679 5868 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    19:17:09.0679 5868 nfrd960 - ok
    19:17:09.0741 5868 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
    19:17:09.0741 5868 NlaSvc - ok
    19:17:09.0788 5868 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    19:17:09.0788 5868 Npfs - ok
    19:17:09.0804 5868 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
    19:17:09.0804 5868 nsi - ok
    19:17:09.0819 5868 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    19:17:09.0819 5868 nsiproxy - ok
    19:17:09.0991 5868 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    19:17:10.0022 5868 Ntfs - ok
    19:17:10.0194 5868 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    19:17:10.0209 5868 Null - ok
    19:17:10.0240 5868 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    19:17:10.0240 5868 nvraid - ok
    19:17:10.0256 5868 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    19:17:10.0256 5868 nvstor - ok
    19:17:10.0287 5868 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    19:17:10.0287 5868 nv_agp - ok
    19:17:10.0287 5868 NwlnkFlt - ok
    19:17:10.0303 5868 NwlnkFwd - ok
    19:17:10.0474 5868 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:17:10.0474 5868 odserv - ok
    19:17:10.0537 5868 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:17:10.0552 5868 ohci1394 - ok
    19:17:10.0615 5868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:17:10.0630 5868 ose - ok
    19:17:10.0755 5868 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:10.0771 5868 p2pimsvc - ok
    19:17:10.0786 5868 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:10.0802 5868 p2psvc - ok
    19:17:10.0849 5868 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    19:17:10.0849 5868 Parport - ok
    19:17:10.0880 5868 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
    19:17:10.0880 5868 partmgr - ok
    19:17:10.0927 5868 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
    19:17:10.0927 5868 PcaSvc - ok
    19:17:10.0974 5868 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    19:17:10.0974 5868 pci - ok
    19:17:11.0005 5868 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
    19:17:11.0020 5868 pciide - ok
    19:17:11.0067 5868 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    19:17:11.0083 5868 pcmcia - ok
    19:17:11.0161 5868 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    19:17:11.0176 5868 PEAUTH - ok
    19:17:11.0254 5868 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
    19:17:11.0270 5868 PerfHost - ok
    19:17:11.0457 5868 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
    19:17:11.0488 5868 pla - ok
    19:17:11.0551 5868 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
    19:17:11.0551 5868 PlugPlay - ok
    19:17:11.0613 5868 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    19:17:11.0613 5868 Pml Driver HPZ12 - ok
    19:17:11.0769 5868 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:11.0785 5868 PNRPAutoReg - ok
    19:17:11.0785 5868 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    19:17:11.0800 5868 PNRPsvc - ok
    19:17:11.0878 5868 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
    19:17:11.0894 5868 PolicyAgent - ok
    19:17:11.0972 5868 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    19:17:11.0972 5868 PptpMiniport - ok
    19:17:12.0019 5868 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    19:17:12.0019 5868 Processor - ok
    19:17:12.0066 5868 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
    19:17:12.0066 5868 ProfSvc - ok
    19:17:12.0112 5868 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:12.0112 5868 ProtectedStorage - ok
    19:17:12.0159 5868 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    19:17:12.0159 5868 PSched - ok
    19:17:12.0222 5868 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    19:17:12.0222 5868 PSI - ok
    19:17:12.0268 5868 PSMounter (0d05974c497cd7ed3eae687fcd23def4) C:\Windows\system32\drivers\psmounter.sys
    19:17:12.0268 5868 PSMounter - ok
    19:17:12.0409 5868 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    19:17:12.0424 5868 ql2300 - ok
    19:17:12.0471 5868 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    19:17:12.0471 5868 ql40xx - ok
    19:17:12.0534 5868 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
    di229, May 22, 2012
    #23

  4. di229 Newcomer, in training Posts: 75

    19:17:12.0534 5868 QWAVE - ok
    19:17:12.0549 5868 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    19:17:12.0549 5868 QWAVEdrv - ok
    19:17:12.0596 5868 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    19:17:12.0596 5868 RasAcd - ok
    19:17:12.0658 5868 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
    19:17:12.0658 5868 RasAuto - ok
    19:17:12.0705 5868 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:17:12.0705 5868 Rasl2tp - ok
    19:17:12.0768 5868 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
    19:17:12.0783 5868 RasMan - ok
    19:17:12.0814 5868 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:17:12.0814 5868 RasPppoe - ok
    19:17:12.0861 5868 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    19:17:12.0861 5868 RasSstp - ok
    19:17:12.0924 5868 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    19:17:12.0924 5868 rdbss - ok
    19:17:12.0955 5868 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:17:12.0955 5868 RDPCDD - ok
    19:17:13.0002 5868 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    19:17:13.0017 5868 rdpdr - ok
    19:17:13.0017 5868 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    19:17:13.0017 5868 RDPENCDD - ok
    19:17:13.0064 5868 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
    19:17:13.0080 5868 RDPWD - ok
    19:17:13.0204 5868 ReflectService.exe (52428feadfd814dfd224227c6f9b7529) C:\Program Files\Macrium\Reflect\ReflectService.exe
    19:17:13.0220 5868 ReflectService.exe - ok
    19:17:13.0329 5868 RegSrvc (7a917120a62bcf2883fdd5c352447556) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    19:17:13.0360 5868 RegSrvc - ok
    19:17:13.0485 5868 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
    19:17:13.0485 5868 RemoteAccess - ok
    19:17:13.0548 5868 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
    19:17:13.0548 5868 RemoteRegistry - ok
    19:17:13.0657 5868 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
    19:17:13.0657 5868 rimmptsk - ok
    19:17:13.0657 5868 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
    19:17:13.0657 5868 rimsptsk - ok
    19:17:13.0672 5868 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    19:17:13.0688 5868 rismxdp - ok
    19:17:13.0688 5868 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
    19:17:13.0688 5868 RpcLocator - ok
    19:17:13.0797 5868 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    19:17:13.0797 5868 RpcSs - ok
    19:17:13.0828 5868 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    19:17:13.0828 5868 rspndr - ok
    19:17:13.0860 5868 RTHDMIAzAudService - ok
    19:17:13.0938 5868 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
    19:17:13.0938 5868 RTL8169 - ok
    19:17:13.0984 5868 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    19:17:13.0984 5868 SamSs - ok
    19:17:14.0016 5868 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    19:17:14.0016 5868 sbp2port - ok
    19:17:14.0234 5868 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    19:17:14.0234 5868 SBSDWSCService - ok
    19:17:14.0281 5868 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
    19:17:14.0281 5868 SCardSvr - ok
    19:17:14.0406 5868 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
    19:17:14.0437 5868 Schedule - ok
    19:17:14.0468 5868 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    19:17:14.0468 5868 SCPolicySvc - ok
    19:17:14.0546 5868 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
    19:17:14.0562 5868 sdbus - ok
    19:17:14.0593 5868 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
    19:17:14.0593 5868 SDRSVC - ok
    19:17:14.0624 5868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    19:17:14.0624 5868 secdrv - ok
    19:17:14.0655 5868 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
    19:17:14.0655 5868 seclogon - ok
    19:17:14.0952 5868 Secunia PSI Agent (64d9cac9c60ee8c2d7aeb33d6503d8bc) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    19:17:14.0967 5868 Secunia PSI Agent - ok
    19:17:15.0108 5868 Secunia Update Agent (791729c12f58d65489645624bef6e5f5) C:\Program Files (x86)\Secunia\PSI\sua.exe
    19:17:15.0123 5868 Secunia Update Agent - ok
    19:17:15.0264 5868 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
    19:17:15.0264 5868 SENS - ok
    19:17:15.0342 5868 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    19:17:15.0342 5868 Serenum - ok
    19:17:15.0373 5868 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    19:17:15.0373 5868 Serial - ok
    19:17:15.0404 5868 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    19:17:15.0404 5868 sermouse - ok
    19:17:15.0451 5868 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
    19:17:15.0451 5868 SessionEnv - ok
    19:17:15.0466 5868 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    19:17:15.0466 5868 sffdisk - ok
    19:17:15.0482 5868 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    19:17:15.0482 5868 sffp_mmc - ok
    19:17:15.0498 5868 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    19:17:15.0513 5868 sffp_sd - ok
    19:17:15.0513 5868 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    19:17:15.0513 5868 sfloppy - ok
    19:17:15.0560 5868 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
    19:17:15.0576 5868 SharedAccess - ok
    19:17:15.0654 5868 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
    19:17:15.0669 5868 ShellHWDetection - ok
    19:17:15.0716 5868 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    19:17:15.0716 5868 SiSRaid2 - ok
    19:17:15.0747 5868 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    19:17:15.0747 5868 SiSRaid4 - ok
    19:17:15.0872 5868 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:17:15.0872 5868 SkypeUpdate - ok
    19:17:16.0168 5868 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
    19:17:16.0215 5868 slsvc - ok
    19:17:16.0371 5868 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
    19:17:16.0371 5868 SLUINotify - ok
    19:17:16.0480 5868 SmartFaceVWatchSrv (79ed2d6dec26e0fefb93ea21f09e6a51) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    19:17:16.0480 5868 SmartFaceVWatchSrv - ok
    19:17:16.0558 5868 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    19:17:16.0558 5868 Smb - ok
    19:17:16.0590 5868 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
    19:17:16.0590 5868 SNMPTRAP - ok
    19:17:16.0636 5868 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    19:17:16.0636 5868 spldr - ok
    19:17:16.0699 5868 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
    19:17:16.0714 5868 Spooler - ok
    19:17:16.0855 5868 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    19:17:16.0870 5868 SQLBrowser - ok
    19:17:16.0933 5868 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    19:17:16.0948 5868 SQLWriter - ok
    19:17:17.0011 5868 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    19:17:17.0026 5868 srv - ok
    19:17:17.0058 5868 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    19:17:17.0058 5868 srv2 - ok
    19:17:17.0073 5868 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    19:17:17.0089 5868 srvnet - ok
    19:17:17.0136 5868 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
    19:17:17.0136 5868 SSDPSRV - ok
    19:17:17.0198 5868 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
    19:17:17.0198 5868 SstpSvc - ok
    19:17:17.0307 5868 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
    19:17:17.0323 5868 stisvc - ok
    19:17:17.0338 5868 SWDUMon (399b848e5bd5f1bf16636b836319e5c5) C:\Windows\system32\DRIVERS\SWDUMon.sys
    19:17:17.0338 5868 SWDUMon - ok
    19:17:17.0370 5868 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    19:17:17.0370 5868 swenum - ok
    19:17:17.0432 5868 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
    19:17:17.0448 5868 swprv - ok
    19:17:17.0479 5868 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    19:17:17.0479 5868 Symc8xx - ok
    19:17:17.0494 5868 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    19:17:17.0494 5868 Sym_hi - ok
    19:17:17.0526 5868 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    19:17:17.0526 5868 Sym_u3 - ok
    19:17:17.0619 5868 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
    19:17:17.0619 5868 SynTP - ok
    19:17:17.0760 5868 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
    19:17:17.0775 5868 SysMain - ok
    19:17:17.0822 5868 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
    19:17:17.0822 5868 TabletInputService - ok
    19:17:17.0884 5868 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
    19:17:17.0900 5868 TapiSrv - ok
    19:17:17.0916 5868 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
    19:17:17.0916 5868 TBS - ok
    19:17:18.0181 5868 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
    19:17:18.0196 5868 Tcpip - ok
    19:17:18.0493 5868 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
    19:17:18.0508 5868 Tcpip6 - ok
    19:17:18.0664 5868 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    19:17:18.0664 5868 tcpipreg - ok
    19:17:18.0696 5868 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    19:17:18.0696 5868 tdcmdpst - ok
    19:17:18.0742 5868 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    19:17:18.0742 5868 TDPIPE - ok
    19:17:18.0742 5868 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    19:17:18.0742 5868 TDTCP - ok
    19:17:18.0820 5868 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    19:17:18.0820 5868 tdx - ok
    19:17:18.0852 5868 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    19:17:18.0852 5868 TermDD - ok
    19:17:18.0945 5868 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
    19:17:18.0961 5868 TermService - ok
    19:17:19.0039 5868 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
    19:17:19.0039 5868 Themes - ok
    19:17:19.0070 5868 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    19:17:19.0070 5868 THREADORDER - ok
    19:17:19.0164 5868 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    19:17:19.0164 5868 TMachInfo - ok
    19:17:19.0242 5868 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    19:17:19.0242 5868 TNaviSrv - ok
    19:17:19.0320 5868 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
    19:17:19.0320 5868 TODDSrv - ok
    19:17:19.0413 5868 TosCoSrv (e17a81e6ad0e89630a3b0f2ed5cbbdf5) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    19:17:19.0413 5868 TosCoSrv - ok
    19:17:19.0491 5868 TOSHIBA Bluetooth Service (4e5a8546709591d31ba086ca2a69cecd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    19:17:19.0507 5868 TOSHIBA Bluetooth Service - ok
    19:17:19.0554 5868 TOSHIBA SMART Log Service (19d979b9f6373a7cb17ebb7594feb819) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    19:17:19.0569 5868 TOSHIBA SMART Log Service - ok
    19:17:19.0647 5868 Tosrfcom - ok
    19:17:19.0663 5868 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
    19:17:19.0663 5868 tosrfec - ok
    19:17:19.0741 5868 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
    19:17:19.0741 5868 tos_sps64 - ok
    19:17:19.0803 5868 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
    19:17:19.0803 5868 TrkWks - ok
    19:17:19.0866 5868 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
    19:17:19.0866 5868 TrustedInstaller - ok
    19:17:19.0881 5868 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:17:19.0897 5868 tssecsrv - ok
    19:17:19.0928 5868 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    19:17:19.0944 5868 tunmp - ok
    19:17:19.0975 5868 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    19:17:19.0975 5868 tunnel - ok
    19:17:20.0022 5868 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    19:17:20.0022 5868 TVALZ - ok
    19:17:20.0053 5868 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    19:17:20.0053 5868 uagp35 - ok
    19:17:20.0115 5868 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    19:17:20.0115 5868 udfs - ok
    19:17:20.0178 5868 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
    19:17:20.0178 5868 UI0Detect - ok
    19:17:20.0349 5868 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    19:17:20.0349 5868 UleadBurningHelper - ok
    19:17:20.0380 5868 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    19:17:20.0380 5868 uliagpkx - ok
    19:17:20.0427 5868 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    19:17:20.0427 5868 uliahci - ok
    19:17:20.0474 5868 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    19:17:20.0474 5868 UlSata - ok
    19:17:20.0505 5868 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    19:17:20.0521 5868 ulsata2 - ok
    19:17:20.0536 5868 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    19:17:20.0536 5868 umbus - ok
    19:17:20.0583 5868 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
    19:17:20.0599 5868 upnphost - ok
    19:17:20.0646 5868 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
    19:17:20.0646 5868 usbbus - ok
    19:17:20.0708 5868 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:17:20.0708 5868 usbccgp - ok
    19:17:20.0755 5868 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    19:17:20.0755 5868 usbcir - ok
    19:17:20.0833 5868 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
    19:17:20.0833 5868 UsbDiag - ok
    19:17:20.0880 5868 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    19:17:20.0880 5868 usbehci - ok
    19:17:20.0926 5868 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    19:17:20.0926 5868 usbhub - ok
    19:17:20.0942 5868 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
    19:17:20.0942 5868 USBModem - ok
    19:17:20.0989 5868 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    19:17:20.0989 5868 usbohci - ok
    19:17:21.0020 5868 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    19:17:21.0036 5868 usbprint - ok
    19:17:21.0098 5868 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    19:17:21.0098 5868 usbscan - ok
    19:17:21.0129 5868 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:17:21.0129 5868 USBSTOR - ok
    19:17:21.0160 5868 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:17:21.0160 5868 usbuhci - ok
    19:17:21.0238 5868 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
    19:17:21.0238 5868 usbvideo - ok
    19:17:21.0270 5868 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    19:17:21.0270 5868 UVCFTR - ok
    19:17:21.0316 5868 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
    19:17:21.0316 5868 UxSms - ok
    19:17:21.0394 5868 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
    19:17:21.0410 5868 vds - ok
    19:17:21.0426 5868 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:17:21.0426 5868 vga - ok
    19:17:21.0441 5868 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    19:17:21.0441 5868 VgaSave - ok
    19:17:21.0441 5868 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    19:17:21.0457 5868 viaide - ok
    19:17:21.0488 5868 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    19:17:21.0488 5868 volmgr - ok
    19:17:21.0566 5868 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    19:17:21.0566 5868 volmgrx - ok
    19:17:21.0644 5868 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    19:17:21.0644 5868 volsnap - ok
    19:17:21.0706 5868 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    19:17:21.0706 5868 vsmraid - ok
    19:17:21.0894 5868 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
    19:17:21.0925 5868 VSS - ok
    19:17:22.0096 5868 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
    19:17:22.0112 5868 W32Time - ok
    19:17:22.0190 5868 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    19:17:22.0190 5868 WacomPen - ok
    19:17:22.0268 5868 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:22.0268 5868 Wanarp - ok
    19:17:22.0268 5868 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    19:17:22.0268 5868 Wanarpv6 - ok
    19:17:22.0362 5868 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
    19:17:22.0377 5868 wcncsvc - ok
    19:17:22.0408 5868 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
    19:17:22.0408 5868 WcsPlugInService - ok
    19:17:22.0440 5868 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    19:17:22.0440 5868 Wd - ok
    19:17:22.0564 5868 Wdf01000 (8d6811e168f047b674d6aa2daccfa180) C:\Windows\system32\drivers\Wdf01000.sys
    19:17:22.0564 5868 Wdf01000 - ok
    19:17:22.0611 5868 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    19:17:22.0611 5868 WdiServiceHost - ok
    19:17:22.0611 5868 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    19:17:22.0611 5868 WdiSystemHost - ok
    19:17:22.0674 5868 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
    19:17:22.0674 5868 WebClient - ok
    19:17:22.0752 5868 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
    19:17:22.0752 5868 Wecsvc - ok
    19:17:22.0767 5868 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
    19:17:22.0767 5868 wercplsupport - ok
    19:17:22.0814 5868 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
    19:17:22.0814 5868 WerSvc - ok
    19:17:22.0861 5868 WinDefend - ok
    19:17:22.0876 5868 WinHttpAutoProxySvc - ok
    19:17:22.0954 5868 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
    19:17:22.0970 5868 Winmgmt - ok
    19:17:23.0204 5868 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
    19:17:23.0251 5868 WinRM - ok
    19:17:23.0454 5868 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
    19:17:23.0469 5868 WinUSB - ok
    19:17:23.0563 5868 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
    19:17:23.0578 5868 Wlansvc - ok
    19:17:23.0594 5868 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
    19:17:23.0610 5868 WmiAcpi - ok
    19:17:23.0688 5868 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
    19:17:23.0688 5868 wmiApSrv - ok
    19:17:23.0734 5868 WMPNetworkSvc - ok
    19:17:23.0844 5868 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
    19:17:23.0859 5868 WMZuneComm - ok
    19:17:23.0890 5868 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
    19:17:23.0906 5868 WPCSvc - ok
    19:17:23.0953 5868 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
    19:17:23.0953 5868 WPDBusEnum - ok
    19:17:23.0984 5868 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    19:17:24.0000 5868 WpdUsb - ok
    19:17:24.0218 5868 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:17:24.0234 5868 WPFFontCache_v0400 - ok
    19:17:24.0280 5868 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    19:17:24.0280 5868 ws2ifsl - ok
    19:17:24.0327 5868 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
    19:17:24.0343 5868 wscsvc - ok
    19:17:24.0343 5868 WSearch - ok
    19:17:24.0624 5868 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
    19:17:24.0670 5868 wuauserv - ok
    19:17:24.0873 5868 WudfPf (ebd12de99c553f41f6a3b29d89978ac8) C:\Windows\system32\drivers\WudfPf.sys
    19:17:24.0873 5868 WudfPf - ok
    19:17:24.0967 5868 WUDFRd (85e41d1fb0e40a0ab06e5039d70268d4) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:17:24.0967 5868 WUDFRd - ok
    19:17:24.0982 5868 wudfsvc (ade1f9afab86d966747629309d59d51a) C:\Windows\System32\WUDFSvc.dll
    19:17:24.0982 5868 wudfsvc - ok
    19:17:25.0123 5868 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:17:25.0138 5868 YahooAUService - ok
    19:17:26.0028 5868 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
    19:17:26.0246 5868 ZuneNetworkSvc - ok
    19:17:26.0371 5868 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
    19:17:26.0386 5868 ZuneWlanCfgSvc - ok
    19:17:26.0418 5868 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    19:17:27.0042 5868 \Device\Harddisk0\DR0 - ok
    19:17:27.0042 5868 Boot (0x1200) (b6defcfca5c910474d589ea02c040259) \Device\Harddisk0\DR0\Partition0
    19:17:27.0042 5868 \Device\Harddisk0\DR0\Partition0 - ok
    19:17:27.0057 5868 ============================================================
    19:17:27.0057 5868 Scan finished
    19:17:27.0057 5868 ============================================================
    19:17:27.0073 7204 Detected object count: 0
    19:17:27.0073 7204 Actual detected object count: 0
    di229, May 22, 2012
    #24

  5. Broni Malware Annihilator Posts: 39,379   +177

    That looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, May 22, 2012
    #25

  6. di229 Newcomer, in training Posts: 75

    Ok the computer ran Combofix all the way down to 52 then crashed, tried to run in safe mode and crashed tried to run in safe networking and crashed. so I let it cool and then started windows. I will wait for your replay, as do I run rkill and the reinstall Combofix as per your instruction.

    di229, May 22, 2012
    #26
     

  7. Broni Malware Annihilator Posts: 39,379   +177

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, May 23, 2012
    #27

  8. di229 Newcomer, in training Posts: 75

    OTL logfile created on: 5/23/2012 5:05:56 AM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\DI\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 57.96% Memory free
    8.18 Gb Paging File | 5.96 Gb Available in Paging File | 72.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.12 Gb Total Space | 174.26 Gb Free Space | 60.90% Space Free | Partition Type: NTFS

    Computer Name: DI-PC | User Name: DI | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/23 04:59:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DI\Desktop\OTL.exe
    PRC - [2012/05/21 14:19:34 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/05/06 06:13:35 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
    PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/03/30 04:26:16 | 001,295,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
    PRC - [2012/03/30 04:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe
    PRC - [2009/11/19 19:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/04/10 18:54:28 | 000,200,704 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/04/10 18:54:22 | 000,143,360 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    PRC - [2008/07/10 18:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
    PRC - [2008/07/10 18:57:30 | 000,634,880 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    PRC - [2008/06/27 19:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
    PRC - [2008/04/17 01:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    PRC - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    PRC - [1999/12/31 18:00:00 | 000,195,112 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/14 07:16:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/14 06:51:20 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/14 06:48:21 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/14 06:46:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/04/10 18:54:32 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/04/10 18:54:28 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvcPS.dll
    MOD - [2007/03/13 03:25:22 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
    MOD - [2007/03/13 03:25:22 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/26 14:12:45 | 000,301,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2008/04/30 21:20:42 | 001,371,136 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2008/04/30 20:42:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2008/04/24 19:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
    SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
    SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2007/11/07 10:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [1999/12/31 18:00:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [1999/12/31 18:00:00 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV - [2012/05/06 06:18:45 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/30 04:26:16 | 001,295,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/03/30 04:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files (x86)\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/04 15:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
    SRV - [2008/07/10 18:58:40 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
    SRV - [2008/06/27 19:46:06 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
    SRV - [2008/04/11 12:58:10 | 000,158,568 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2006/08/23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/23 04:54:55 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
    DRV:64bit: - [2012/04/26 14:12:52 | 000,057,496 | ---- | M] (Macrium Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psmounter.sys -- (PSMounter)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/12/16 08:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2008/08/14 11:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
    DRV:64bit: - [2008/06/26 17:24:18 | 000,020,520 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2008/02/21 11:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2006/11/19 23:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
    DRV:64bit: - [2006/11/09 00:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
    DRV:64bit: - [2006/11/09 00:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
    DRV:64bit: - [2006/10/23 17:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)
    DRV:64bit: - [1999/12/31 18:00:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [1999/12/31 18:00:00 | 005,430,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [1999/12/31 18:00:00 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{9806EEAE-543C-4C20-982B-5C9ACB1EE567}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage};
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=168&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt...1-d1fd-43b7-b6e2-f62705c3c918}&q={searchTerms}
    IE - HKLM\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=168&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/myweb...&n=77ece10c&psa=&st=sb&searchfor={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes,DefaultScope = {17EB9E41-2220-49B3-A86E-1519F6691654}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag.com/?appid=wsdt...1-d1fd-43b7-b6e2-f62705c3c918}&q={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=127767c40000000000000022faa9642c
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{17EB9E41-2220-49B3-A86E-1519F6691654}: "URL" = http://search.yahoo.com/search?p={s...i&type=W3i_DS,136,0_0,Search,20120208,0,0,0,0
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{47E70B16-857D-1F50-ADFB-8839257B41A4}: "URL" = http://www.bing.com/search?q={searc...&install_date=20111129&iesrc={referrer:source}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{5FA54433-962F-4DF4-A110-0DB3DB67710C}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{7A03BE54-3DA1-48A4-B259-08F6CFB3BE7A}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=E7F6AA55-45B3-4182-B28D-EF83E1B17B44
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=ef346a3a-6ae7-47f2-ba9c-27ca47f5cebd&query={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=168&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebsearch.com/myweb...&n=77ece10c&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{B2CABAEF-F27F-4A45-AEAB-B12803EC04D7}: "URL" = http://dictionary.cambridge.org/search/british/?source=gadgets&q={searchTerms}
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=YAjCY1Lpfs
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.RecipeHub_2j.com/Plugin: C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll (Recipe Hub)
    FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\DI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2012/05/13 13:23:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/22 23:00:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/20 18:34:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/20 18:33:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/22 23:00:34 | 000,000,000 | ---D | M]

    [2011/11/03 15:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DI\AppData\Roaming\Mozilla\Extensions
    di229, May 23, 2012
    #28

  9. di229 Newcomer, in training Posts: 75

    ========== Chrome ==========

    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=ieb&appid=168&systemid=406&sr=0&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = c:\users\di\appdata\local\google\chrome\application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = c:\users\di\appdata\local\google\chrome\application\16.0.912.63\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = c:\users\di\appdata\local\google\chrome\application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\DI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: TotalRecipeSearch Installer Plugin Stub (Enabled) = C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\DI\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\DI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\DI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
    CHR - Extension: We-Care Reminder Lite = C:\Users\DI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.3_0\

    O1 HOSTS File: ([2012/05/22 20:48:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
    O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - Startup: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-2386243348-3563518645-4014822516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12ECCC2B-9BAD-46F2-8D86-BE24BBED550F}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2D6C87D-EA0E-45B1-8478-444099EA34F7}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\DI\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\DI\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/23 04:59:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\DI\Desktop\OTL.exe
    [2012/05/22 20:48:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/22 20:26:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/22 20:26:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/22 20:26:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/22 20:26:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/22 20:26:02 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/05/22 20:25:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/22 20:25:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/05/22 20:16:20 | 004,502,181 | R--- | C] (Swearware) -- C:\Users\DI\Desktop\ComboFix.exe
    [2012/05/22 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\DI\Desktop\tdsskiller
    [2012/05/22 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\DI\Desktop\bootkit_remover
    [2012/05/22 15:16:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DI\Desktop\aswMBR.exe
    [2012/05/22 14:51:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\DI\Desktop\dds.scr
    [2012/05/21 20:19:07 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\DI\Desktop\tdsskiller.exe
    [2012/05/21 17:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2012/05/21 14:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2012/05/21 14:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2012/05/21 14:19:42 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/05/20 18:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/05/20 18:34:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2012/05/20 18:32:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2012/05/15 14:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2012/05/14 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\DI\AppData\Local\Secunia PSI (BETA)
    [2012/05/14 21:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
    [2012/05/14 15:37:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2012/05/13 17:07:05 | 000,000,000 | ---D | C] -- C:\7aba611563357b4421a651
    [2012/05/13 11:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/13 11:54:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/05/13 11:54:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/05/13 06:49:05 | 000,000,000 | ---D | C] -- C:\Users\DI\AppData\Roaming\Malwarebytes
    [2012/05/13 06:48:59 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
    [2012/05/13 06:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/12 03:26:13 | 000,000,000 | ---D | C] -- C:\d7dab029906388acfc022f2ab0bad73d
    [2012/05/08 05:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/05/08 05:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/05/08 05:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/05/08 05:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/05/01 22:09:12 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
    [2012/05/01 22:09:08 | 000,000,000 | ---D | C] -- C:\Windows\Windows Defender Offline
    [2012/05/01 19:12:25 | 000,000,000 | ---D | C] -- C:\sh4ldr
    [2012/05/01 19:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2012/04/30 17:57:01 | 000,000,000 | ---D | C] -- C:\Users\DI\AppData\Local\IAC
    [2012/04/30 14:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AML Products
    [2012/04/30 13:25:07 | 000,000,000 | ---D | C] -- C:\Users\DI\AppData\Local\DictionaryBoss
    [2012/04/30 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DictionaryBoss
    [2012/04/30 06:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Macrium(640)
    [2012/04/28 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WormBlaster Software ™
    [2012/04/28 13:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WormBlaster Software ™
    [2012/04/28 07:14:40 | 000,000,000 | ---D | C] -- C:\Users\DI\AppData\Roaming\CompuClever
    [2012/04/27 17:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics(687)
    [2012/04/27 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics(41)
    [2012/04/26 14:31:32 | 000,057,496 | ---- | C] (Macrium Software) -- C:\Windows\SysNative\drivers\psmounter.sys
    [2012/04/26 14:31:32 | 000,013,464 | ---- | C] (Paramount Software UK Ltd) -- C:\Windows\SysNative\drivers\PSVolAcc.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\DI\AppData\Local\*.tmp files -> C:\Users\DI\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/23 05:00:20 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
    [2012/05/23 04:59:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DI\Desktop\OTL.exe
    [2012/05/23 04:54:55 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
    [2012/05/23 04:53:35 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/23 04:53:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/23 04:53:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/22 21:30:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/22 20:48:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/05/22 20:18:14 | 004,502,181 | R--- | M] (Swearware) -- C:\Users\DI\Desktop\ComboFix.exe
    [2012/05/22 19:12:47 | 002,108,959 | ---- | M] () -- C:\Users\DI\Desktop\tdsskiller.zip
    [2012/05/22 18:00:01 | 000,802,019 | ---- | M] () -- C:\Users\DI\Desktop\ListParts64.exe
    [2012/05/22 17:59:40 | 000,304,867 | ---- | M] () -- C:\Users\DI\Desktop\ListParts.exe
    [2012/05/22 17:42:11 | 098,861,043 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/05/22 15:16:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DI\Desktop\aswMBR.exe
    [2012/05/22 15:15:10 | 000,044,607 | ---- | M] () -- C:\Users\DI\Desktop\bootkit_remover.zip
    [2012/05/22 14:51:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\DI\Desktop\dds.scr
    [2012/05/22 13:47:21 | 000,302,592 | ---- | M] () -- C:\Users\DI\Desktop\xg0jhhts.exe
    [2012/05/22 09:55:30 | 000,401,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/22 05:45:00 | 000,019,968 | ---- | M] () -- C:\Users\DI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/21 20:19:07 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DI\Desktop\tdsskiller.exe
    [2012/05/21 19:50:57 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\My Backup xml.job
    [2012/05/21 18:28:34 | 000,822,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/05/21 18:28:34 | 000,687,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/05/21 18:28:34 | 000,136,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/05/21 18:24:00 | 000,000,982 | ---- | M] () -- C:\Users\DI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
    [2012/05/21 14:21:06 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/05/21 14:19:42 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/05/21 13:38:09 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
    [2012/05/20 18:34:41 | 000,000,843 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/05/20 18:34:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2012/05/20 18:34:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/05/14 21:08:51 | 000,000,912 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012/05/14 20:47:17 | 001,012,656 | ---- | M] () -- C:\Users\DI\Desktop\iExplore.exe
    [2012/05/13 11:54:37 | 000,000,943 | ---- | M] () -- C:\Users\DI\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/05/13 11:54:37 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/02 19:52:37 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/04/26 14:13:00 | 000,013,464 | ---- | M] (Paramount Software UK Ltd) -- C:\Windows\SysNative\drivers\PSVolAcc.sys
    [2012/04/26 14:12:52 | 000,057,496 | ---- | M] (Macrium Software) -- C:\Windows\SysNative\drivers\psmounter.sys
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\DI\AppData\Local\*.tmp files -> C:\Users\DI\AppData\Local\*.tmp -> ]
    di229, May 23, 2012
    #29

  10. di229 Newcomer, in training Posts: 75

    ========== Files Created - No Company Name ==========

    [2012/05/22 20:26:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/22 20:26:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/22 20:26:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/22 20:26:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/22 20:26:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/22 19:12:17 | 002,108,959 | ---- | C] () -- C:\Users\DI\Desktop\tdsskiller.zip
    [2012/05/22 17:59:58 | 000,802,019 | ---- | C] () -- C:\Users\DI\Desktop\ListParts64.exe
    [2012/05/22 17:59:18 | 000,304,867 | ---- | C] () -- C:\Users\DI\Desktop\ListParts.exe
    [2012/05/22 17:42:11 | 098,861,043 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/05/22 15:15:10 | 000,044,607 | ---- | C] () -- C:\Users\DI\Desktop\bootkit_remover.zip
    [2012/05/22 13:47:21 | 000,302,592 | ---- | C] () -- C:\Users\DI\Desktop\xg0jhhts.exe
    [2012/05/22 09:54:40 | 000,401,536 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/05/21 14:21:06 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
    [2012/05/21 13:30:40 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
    [2012/05/20 18:34:41 | 000,000,843 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/05/20 18:34:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2012/05/20 18:34:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/05/14 21:08:51 | 000,000,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012/05/14 21:08:49 | 000,000,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2012/05/14 20:47:17 | 001,012,656 | ---- | C] () -- C:\Users\DI\Desktop\iExplore.exe
    [2012/05/13 11:54:37 | 000,000,943 | ---- | C] () -- C:\Users\DI\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/05/13 11:54:37 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/19 17:09:00 | 000,028,936 | ---- | C] () -- C:\Users\DI\AppData\Roaming\UserTile.png
    [2012/03/06 12:17:55 | 000,000,956 | ---- | C] () -- C:\ProgramData\repository.xml
    [2012/02/25 11:53:34 | 000,000,206 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/02/19 18:00:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
    [2011/11/28 11:50:38 | 000,129,886 | ---- | C] () -- C:\Windows\hppins21.dat
    [2011/11/28 11:50:17 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
    [2011/11/09 15:45:42 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
    [2011/11/09 15:45:38 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
    [2011/11/09 15:45:35 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
    [2011/11/09 15:45:35 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
    [2011/11/09 15:45:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
    [2011/11/09 15:45:35 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
    [2011/11/09 15:45:35 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
    [2011/11/09 15:45:35 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
    [2011/11/09 15:45:35 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
    [2011/11/09 15:45:35 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihcp.dll
    [2011/11/09 15:45:35 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
    [2011/11/09 15:45:35 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
    [2011/11/09 15:45:35 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
    [2011/11/09 15:45:34 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
    [2011/11/09 15:45:34 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
    [2011/11/09 15:45:34 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
    [2011/11/09 15:45:34 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
    [2011/11/09 15:45:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
    [2011/11/08 12:15:30 | 000,021,504 | ---- | C] () -- C:\Windows\SysWow64\WBCustomizer.dll
    [2011/10/26 17:13:12 | 000,000,680 | ---- | C] () -- C:\Users\DI\AppData\Local\d3d9caps.dat
    [2011/10/17 16:16:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/10/17 16:14:05 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/10/17 16:12:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/10/17 15:28:45 | 000,000,306 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/10/17 15:26:21 | 000,817,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/07 10:12:03 | 000,019,968 | ---- | C] () -- C:\Users\DI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/06 14:56:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/10/06 13:28:37 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
    [2011/10/06 13:02:44 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
    [2011/10/06 13:02:44 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
    [2011/10/06 13:02:44 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
    [2011/10/06 12:58:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/10/06 12:38:03 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat

    ========== LOP Check ==========

    [2011/10/07 13:32:45 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Auslogics
    [2012/02/09 19:56:17 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\AVG
    [2011/10/06 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\AVG2012
    [2012/04/28 07:14:40 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\CompuClever
    [2012/03/05 15:10:54 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\DriverCure
    [2012/04/10 18:47:49 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Garmin
    [2012/05/12 20:33:51 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Image Zone Express
    [2011/11/08 13:15:09 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Millennia
    [2012/04/11 22:02:15 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Mobipocket
    [2012/05/13 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\PeerNetworking
    [2012/05/13 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\PowerCinema
    [2012/05/12 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Printer Info Cache
    [2012/03/05 15:10:54 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\SpeedyPC Software
    [2012/05/13 10:12:34 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Stellarium
    [2011/10/17 16:08:44 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\TOSHIBA
    [2011/11/28 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Visan
    [2011/11/10 07:27:30 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\WeatherBug
    [2011/12/13 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\Webshots
    [2011/10/07 09:58:52 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\WinBatch
    [2011/11/01 08:32:33 | 000,000,000 | ---D | M] -- C:\Users\DI\AppData\Roaming\WinZip
    [2012/05/21 19:50:57 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\My Backup xml.job
    [2012/05/22 21:58:30 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/05/23 05:00:20 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/08/14 13:27:34 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/09 15:05:16 | 000,000,242 | ---- | M] () -- C:\CDFE.log
    [2012/02/19 17:43:08 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
    [2011/11/09 15:45:36 | 000,000,411 | ---- | M] () -- C:\lxci.log
    [2011/11/09 13:34:58 | 000,000,270 | ---- | M] () -- C:\lxcifire.000
    [2011/11/09 13:36:59 | 000,000,270 | ---- | M] () -- C:\lxcifire.001
    [2011/11/09 15:05:01 | 000,000,000 | ---- | M] () -- C:\lxcifire.csv
    [2011/11/09 13:35:51 | 000,001,103 | ---- | M] () -- C:\lxciinst.000
    [2011/11/09 13:37:22 | 000,000,139 | ---- | M] () -- C:\LXCIINST.001
    [2011/11/09 15:06:07 | 000,001,103 | ---- | M] () -- C:\LXCIINST.csv
    [2011/11/09 15:36:05 | 000,192,272 | ---- | M] () -- C:\lxciunst.csv
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/05/23 04:53:08 | 311,488,511 | -HS- | M] () -- C:\pagefile.sys
    [2012/05/21 17:10:03 | 000,000,403 | ---- | M] () -- C:\rkill.log
    [2012/05/21 20:20:48 | 000,126,938 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_21.05.2012_20.19.32_log.txt
    [2012/05/22 19:21:48 | 000,126,938 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_22.05.2012_19.16.42_log.txt
    [2012/02/19 18:01:04 | 000,001,491 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2006/11/02 09:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 09:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 09:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/10/18 09:37:48 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 21:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/07 07:03:54 | 000,000,443 | -HS- | M] () -- C:\Users\DI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/22 15:16:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DI\Desktop\aswMBR.exe
    [2012/05/22 20:18:14 | 004,502,181 | R--- | M] (Swearware) -- C:\Users\DI\Desktop\ComboFix.exe
    [2012/05/14 20:47:17 | 001,012,656 | ---- | M] () -- C:\Users\DI\Desktop\iExplore.exe
    [2012/05/22 17:59:40 | 000,304,867 | ---- | M] () -- C:\Users\DI\Desktop\ListParts.exe
    [2012/05/22 18:00:01 | 000,802,019 | ---- | M] () -- C:\Users\DI\Desktop\ListParts64.exe
    [2012/05/23 04:59:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\DI\Desktop\OTL.exe
    [2012/05/21 20:19:07 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\DI\Desktop\tdsskiller.exe
    [2012/05/22 13:47:21 | 000,302,592 | ---- | M] () -- C:\Users\DI\Desktop\xg0jhhts.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/23 05:17:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/21 19:50:57 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\My Backup xml.job
    [2012/05/23 04:53:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/05/22 21:58:30 | 000,032,594 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2012/05/23 05:00:20 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/05 16:28:05 | 000,000,402 | -HS- | M] () -- C:\Users\DI\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/28 12:32:02 | 000,000,898 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2012/03/06 12:17:55 | 000,000,956 | ---- | M] () -- C:\ProgramData\repository.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34
    < End of report >
    di229, May 23, 2012
    #30

  11. di229 Newcomer, in training Posts: 75

    OTL Extras logfile created on: 5/23/2012 5:05:56 AM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\DI\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 57.96% Memory free
    8.18 Gb Paging File | 5.96 Gb Available in Paging File | 72.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.12 Gb Total Space | 174.26 Gb Free Space | 60.90% Space Free | Partition Type: NTFS

    Computer Name: DI-PC | User Name: DI | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2386243348-3563518645-4014822516-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 6D 46 2F BF B5 8D CC 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1
    di229, May 23, 2012
    #31

  12. di229 Newcomer, in training Posts: 75

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06AEE156-91C3-4A35-9DBD-DBFC3C475FA7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0BC6A396-9030-46B7-8286-287D5FF89B4E}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{0E3C1997-FCE0-46B6-9364-352BFA667FD0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{175C5518-FDF4-4AF4-91CA-FE2DF4BA08A1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{22E37E19-5274-45BB-94CA-24FF4D3C2B7F}" = rport=445 | protocol=6 | dir=out | app=system |
    "{259E1348-D686-413A-A3C9-D65E79F9A8B6}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{274F49A0-E2D1-4628-8C91-FC2288D74B4F}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{2CE4744F-9A5C-4AFC-A7DC-1FA849AD67F8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{312267FD-FFDC-408C-9F17-DB7C81FBD9E1}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{3123C9D0-B1E3-4586-838E-EA9C5E4CAB6F}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{377BFD8B-9A5D-4CDD-862D-04C05F50428D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{489612CE-836D-4EF1-9BD5-A75351492704}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{675AAC07-58A2-41B0-A3D4-080F2C2CAE1F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6A0BAEC0-F5EC-454B-8B4B-98D1811BA8CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6ADCAEDA-B4C5-4F3E-95BC-D6DBE443C168}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{74434222-F6E1-40CD-8D5C-B2724840FB13}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{7C531DD5-15E4-4ECB-855C-6BF3236AA7B6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{7CC25825-D738-4537-B2CD-8BE4BC7F006D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{7D7B6878-C5AB-4068-9B00-CADB25E203EC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{80427E40-92C6-49EF-AFFB-6B99D6646A50}" = rport=138 | protocol=17 | dir=out | app=system |
    "{83218822-EC51-439E-AB0C-63A31CA3AF6E}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{86F25A42-95E8-4431-9D43-4A1DD2516027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{99FD6C28-B5D4-4E77-9B65-3210F80C7F3E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{AD6ED646-85D3-43F3-BB40-F2F55C5BC6AE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{B07FF905-C829-4645-A1EC-DF6B3387C278}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{B08C1122-E718-4162-80CE-179C4235456D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B46E6F38-D98A-4932-80FF-89D87F63883E}" = lport=137 | protocol=17 | dir=in | app=system |
    "{B8D57C17-6200-433D-A64C-A51F5C84EDF3}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{B98CC6F9-C9D5-4F3C-9C5E-B378CD3D152F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
    "{C590C5EB-69F6-4CB5-B345-83E0C3C51619}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D5930029-CC1C-4F2A-99BD-51A4D70C7898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DF1D531F-73F7-400E-8498-251D08D203EC}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E60C475F-75AE-4701-B0F7-BC43373D575C}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{E69CB91E-BD3A-46EE-8AC5-6E63EA94882C}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
    "{EC862D1D-6405-4D0C-9558-657CE3364808}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EF12ECEA-C2B7-46F3-90BC-DF998C7FFC29}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
    "{EF882996-753A-4545-B7DA-2E38127633F7}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{F0075D17-9194-4316-82D3-CA6E094C0D18}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FE4C276C-1BD8-44A7-AAC7-CD7169963633}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13800B27-DBD7-43A3-A0AC-048EE118B47F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{19D7A60F-CAB7-4758-85F1-3F2417D2D484}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{257A7EC7-7518-49A6-9A98-9BB19A7AC445}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{291689AE-921F-4D5D-AE32-A9A392ED672B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{2A2409C2-4379-49F7-83A8-3E4435FA0FD0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2F830AD1-86F4-4A84-ABE7-107A81753CA0}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{30284ED3-CE3C-4730-B27A-27A28D78CD19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3077C6D3-B479-48AA-B717-AA2C001F62E1}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{325F4C54-CE1A-4D3C-B360-E7EF2FAC6DEB}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema for toshiba\powercinema.exe |
    "{38CDD514-82CC-4156-9DC9-2420AB39DAB0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{441DF9DE-F835-4E75-9C41-2C22C177D971}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{44F1A1F6-55B8-463D-A8B4-4BB5A013C479}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{457B1986-4385-44B4-92B7-4B115414711A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{57336271-4842-4FB8-AE9D-942570DE0CAE}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{615D8501-4582-4010-8A27-0D9FAEF8429D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{625E2204-BE81-47E6-B601-1DCFC3759A36}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{6A0E3509-A0FE-417A-88D0-D6EBB93EB21D}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{6ECC6D82-EAA7-4A6F-AFBF-E8115C0C85B8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{7B31C722-9247-476D-9990-0BE1FB8A783C}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{82CBC1B3-D829-4B28-BCEE-78FC405E2A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{8AA43BB1-3302-4529-9DCE-9455893340DD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
    "{928C012E-C1FB-4997-A6A4-EB41781E3CE4}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{976F6388-658E-44A0-A6AB-FA37D13B0CF4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{97D34CA1-C4D7-4391-8542-69C75160D519}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
    "{9885DCF5-F3FC-4E21-A2C9-08EEF61F10F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B040D71D-4A75-4E52-84AE-9FBBC266A6BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{B7B22687-5049-438E-9CDA-AEF789F278FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CB35280E-349E-4618-B8A1-C49CEEFCC793}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{CB50CFA8-ECF3-4FB5-B383-95DEF6A28288}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D0623483-87D8-4BF2-A78E-D50442A92AFE}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
    "{D71D873B-88EE-4889-A365-C84F1E46F271}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{D9656DEF-5BFA-4438-B32B-88C51BBAC862}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{DB09183C-112F-4DD0-94F1-59703A9103E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DBA16017-E378-44E3-BE2A-02F603A48F01}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{EC918657-B517-4806-845B-502CD98F339B}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
    "{EE5974D4-C5F4-438A-84C1-2A67C0CC3196}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "TCP Query User{12A40BF6-BBAC-4C12-A2F8-28693F9B7C95}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
    "TCP Query User{38F03E2A-CB5D-4682-8494-EA851DE3EEB0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{4B88B278-A7AB-41CE-9783-32381893962F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "TCP Query User{B087EC24-B97E-4F23-BF7F-E5043D5D2CD0}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "TCP Query User{EB8D0FF6-4666-46AB-986E-BA0CC4C3F067}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "TCP Query User{ECECD247-FA09-42FB-8EAB-5446AFE345B9}C:\windows\syswow64\explorer.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\explorer.exe |
    "TCP Query User{F1EF8456-CBD9-4354-9133-A13F499C2867}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{343E8EA0-CEDB-48BE-BD13-5D0CBA0812D9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{3A5E96BC-E550-449C-A7AD-080D1D8B8AD2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
    "UDP Query User{42AAF299-5139-4BAF-A29A-1FA50321FFD5}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
    "UDP Query User{6C7E4DE4-529A-4213-B477-7D39257ED22D}C:\windows\syswow64\explorer.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\explorer.exe |
    "UDP Query User{7D8FD57E-DD96-4C8E-B17E-4C06A072BD33}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{B4D43112-1958-42E8-AD8F-801B5EDAB0AE}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
    "UDP Query User{CCE1CB51-78D3-4948-90A8-A99B67B898BB}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
    "{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7AE5C776-8742-4874-B53B-941190171E6D}" = RegHunter
    "{81E5E4C5-ECD9-4E8E-9992-7B1636390454}" = Macrium Reflect Free Edition
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A3DA3F12-1B0A-F9AB-F10B-749A6729028F}" = ccc-utility64
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}" = AVG 2012
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{D3364347-0A05-CA85-1DAD-80A7A75BF677}" = ATI Catalyst Install Manager
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FA74243F-4291-4d0a-AF6C-56C69F1CF1D2}" = SF_CDB_ToolboxIni64
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "AVG" = AVG 2012
    "CCleaner" = CCleaner
    "D27D7E9318CFA89EDDE8D448B507A8EB725F5A52" = Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3)
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "Zune" = Zune
    di229, May 23, 2012
    #32

  13. di229 Newcomer, in training Posts: 75

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{029A0C75-B319-64B2-883B-9D99C51D8408}" = CCC Help German
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0919F4CB-3593-3190-D7C9-E97493DD6121}" = CCC Help French
    "{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
    "{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
    "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
    "{12C70AB0-2885-22A5-8924-7C8CE8A45F42}" = CCC Help Polish
    "{16C16789-E67A-C4FA-7661-9552BC0F0ADA}" = Catalyst Control Center Core Implementation
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
    "{1DDF0BBC-440C-446E-BB6A-594D2FD44DC6}" = Protection Center
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
    "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3074C0DC-5D9E-354C-5191-C14338255B60}" = CCC Help Korean
    "{35EBF726-9116-A9B4-5308-A95BC510613A}" = Catalyst Control Center InstallProxy
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
    "{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{419FD933-5A74-2D20-E46A-1FEE56194ED1}" = Skins
    "{426497EB-B45F-717D-54FB-C9DFC63E74ED}" = Catalyst Control Center Graphics Previews Vista
    "{44290AEA-81C0-D601-E619-DF434E8BB193}" = Catalyst Control Center Localization All
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
    "{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}" = CD/DVD Drive Acoustic Silencer
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{587F9585-DBA6-22A6-8EB7-5AC659690045}" = CCC Help Dutch
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
    "{5A93149E-F607-B06F-5628-DBB1974ED70F}" = CCC Help Chinese Standard
    "{5DA50254-CD41-24E9-C62D-DBDDC0C344BD}" = CCC Help Portuguese
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6BDEC548-2EE5-C9B8-DE57-46958EC26BE3}" = CCC Help Czech
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{70F92AAA-6733-1DDA-F122-257472015804}" = CCC Help Greek
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7CE8B930-7D89-24BD-380C-C849FF9C73D2}" = CCC Help Turkish
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
    "{836A1F7E-14EA-BB9E-9E40-32C7A6A5466F}" = CCC Help Chinese Traditional
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84A610B0-28F5-6972-506C-F5F62D489CF3}" = CCC Help Japanese
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E20D261-7119-6849-3E6D-6A29B420C3A8}" = CCC Help Russian
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
    "{93A96BEE-4DA9-E3FE-A949-77CE694B98B9}" = CCC Help Swedish
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D2459C7-8BE6-69C8-40B6-E448AEE5D832}" = ccc-core-static
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A9F9FBB1-FE0F-33AA-53F0-CB5BF9ACE918}" = CCC Help Italian
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE5A01BD-1D3A-AEF5-B88F-D2079500F049}" = CCC Help Danish
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B682AB6E-809D-9A4B-8228-84CA26989B2C}" = CCC Help English
    "{B6B4C0B7-0559-CB46-6D9C-643A22E6176A}" = Catalyst Control Center Graphics Light
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B86B0578-EC9F-CDB0-54D1-3BC743BE3759}" = CCC Help Hungarian
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CD265392-DB7D-5A01-5D7A-EE642B73B63A}" = Catalyst Control Center Graphics Full Existing
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{D7DF59F2-04CE-9C87-BBBB-10CA6A328C68}" = CCC Help Finnish
    "{DB3226BB-36E8-FB39-66E5-58B43AE6621A}" = CCC Help Norwegian
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E1E56B8A-1AAF-422A-91DB-625059FB9863}" = TOSHIBA Desktop Links
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F2346BDF-6F47-55E2-492E-48903FE7DF5E}" = CCC Help Spanish
    "{F789C27E-B3EF-4730-9EB5-928B4D8A17C1}" = SF_CDB_ProductContext
    "{F8116030-96CA-401C-BA85-50265E7C0A96}" = SlimDrivers
    "{F9605212-7EEF-8B69-B4EA-C4D8DF66C53E}" = Catalyst Control Center Graphics Full New
    "{FB356619-7ECE-42BC-A28A-541973E29F28}" = TOSHIBA PowerCinema Helper
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE0C5EC2-17FB-60F2-C43D-F294F961AF1C}" = CCC Help Thai
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "Adobe AIR" = Adobe AIR
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "FileHippo.com" = FileHippo.com Update Checker
    "iLivid" = iLivid
    "IncrediMail" = IncrediMail 2.0
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema for TOSHIBA
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Legacy 7.5" = Legacy 7.5
    "Lexmark 7300 Series" = Lexmark 7300 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROPLUSR" = Microsoft Office Professional Plus 2007
    "RealPlayer 15.0" = RealPlayer
    "Secunia PSI" = Secunia PSI (3.0.0.0006)
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SpywareBlaster_is1" = SpywareBlaster 4.6
    "Stellarium_is1" = Stellarium 0.11.1
    "VISPROR" = Microsoft Office Visio Professional 2007
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "Winamp" = Winamp
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2386243348-3563518645-4014822516-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/22/2012 11:34:21 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/22/2012 11:34:21 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/22/2012 11:34:22 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/22/2012 11:34:22 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/22/2012 11:34:22 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/22/2012 11:34:22 PM | Computer Name = DI-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/23/2012 6:53:38 AM | Computer Name = DI-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.2.4:5353 4 Di-PC.local.
    Addr 192.168.2.4

    Error - 5/23/2012 6:53:38 AM | Computer Name = DI-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DI-PC.local.
    Addr 192.168.2.2

    Error - 5/23/2012 6:53:38 AM | Computer Name = DI-PC | Source = Bonjour Service | ID = 100
    Description = Local Hostname DI-PC.local already in use; will try DI-PC-2.local
    instead

    Error - 5/23/2012 6:54:23 AM | Computer Name = DI-PC | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 11/29/2011 2:13:29 PM | Computer Name = DI-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 499
    seconds with 480 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 5/22/2012 11:22:13 PM | Computer Name = DI-PC | Source = DCOM | ID = 10005
    Description =

    Error - 5/22/2012 11:22:24 PM | Computer Name = DI-PC | Source = DCOM | ID = 10005
    Description =

    Error - 5/22/2012 11:22:28 PM | Computer Name = DI-PC | Source = DCOM | ID = 10005
    Description =

    Error - 5/22/2012 11:22:28 PM | Computer Name = DI-PC | Source = DCOM | ID = 10005
    Description =

    Error - 5/22/2012 11:22:28 PM | Computer Name = DI-PC | Source = DCOM | ID = 10005
    Description =

    Error - 5/22/2012 11:30:44 PM | Computer Name = DI-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:23:04 PM on 5/22/2012 was unexpected.

    Error - 5/22/2012 11:31:14 PM | Computer Name = DI-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 5/23/2012 6:54:26 AM | Computer Name = DI-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 5/23/2012 6:54:26 AM | Computer Name = DI-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/23/2012 6:54:26 AM | Computer Name = DI-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
    di229, May 23, 2012
    #33

  14. Broni Malware Annihilator Posts: 39,379   +177

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5C321E34

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===========================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, May 23, 2012
    #34

  15. di229 Newcomer, in training Posts: 75

    Computer crashed twice, however I was able to get it going and get the log.
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: DI
    ->Temp folder emptied: 5233243 bytes
    ->Temporary Internet Files folder emptied: 45636132 bytes
    ->Java cache emptied: 5461889 bytes
    ->Google Chrome cache emptied: 10703465 bytes
    ->Flash cache emptied: 56943 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 435970 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10991 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 630 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 64.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: DI
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: DI
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.1 log created on 05232012_174344
    Files\Folders moved on Reboot...
    Registry entries deleted on Reboot...
    di229, May 23, 2012
    #35

  16. di229 Newcomer, in training Posts: 75

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG PC Tuneup
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    SpywareBlaster 4.6
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.0006)
    AVG PC Tuneup
    JavaFX 2.0.3
    Java(TM) 7 Update 3
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````
    di229, May 23, 2012
    #36

  17. di229 Newcomer, in training Posts: 75

    Farbar Service Scanner Version: 17-05-2012
    Ran by DI (administrator) on 23-05-2012 at 18:21:18
    Running from "C:\Users\DI\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2008-01-20 20:49] - [2008-01-20 20:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2011-10-17 16:12] - [2009-04-11 01:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
    C:\Windows\System32\drivers\afd.sys
    [2012-02-14 14:59] - [2012-01-03 08:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-13 10:31] - [2012-03-30 06:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
    C:\Windows\System32\dnsrslvr.dll
    [2011-10-07 10:10] - [2011-03-02 10:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
    C:\Windows\System32\mpssvc.dll
    [2011-10-17 16:14] - [2009-04-11 01:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
    C:\Windows\System32\bfe.dll
    [2011-10-17 16:11] - [2009-04-11 01:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2008-01-20 20:47] - [2008-01-20 20:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018
    C:\Windows\System32\vssvc.exe
    [2011-10-17 16:15] - [2009-04-11 01:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
    C:\Windows\System32\wscsvc.dll
    [2011-10-17 16:10] - [2009-04-11 01:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
    C:\Windows\System32\wbem\WMIsvc.dll
    [2011-10-17 16:13] - [2009-04-11 01:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
    C:\Windows\System32\wuaueng.dll
    [2011-10-06 14:17] - [2009-08-06 20:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D
    C:\Windows\System32\qmgr.dll
    [2011-10-17 16:15] - [2009-04-11 01:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
    C:\Windows\System32\es.dll
    [2011-10-17 16:14] - [2009-04-11 01:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
    C:\Windows\System32\cryptsvc.dll
    [2011-10-17 16:13] - [2009-04-11 01:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7
    C:\Program Files\Windows Defender\MpSvc.dll
    [2008-01-20 20:47] - [2008-01-20 20:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2011-10-17 16:15] - [2009-04-11 01:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

    **** End of log ****
    di229, May 23, 2012
    #37

  18. di229 Newcomer, in training Posts: 75

    After running Temp File Cleaner it asked to restart computer I check ok when computer was booting it crashed.

    After the compute cooled off it started, I then ran ESET Online Scanner No threats found when checking for infected files it was at 62% and crashed.

    This is a thought: should I delete my old AIU ITP400 assignment in my doc. As this, might be the problem?
    di229, May 23, 2012
    #38

  19. Broni Malware Annihilator Posts: 39,379   +177

    At this point.....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
    Broni, May 23, 2012
    #39

  20. di229 Newcomer, in training Posts: 75

    As I stated that was only a thought as to why the computer is crashing. I will wait for further instruction. Thank you so much for all your help, in this matter.
    di229, May 23, 2012
    #40
Page 2 of 3

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.