My other computer now has a virus

Solved
By MTilson
Mar 13, 2012
  1. Please help! I ran the antivirus program and malwarebytes so far. Here is the MBAM log:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.14.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Satan :: SATAN-PC [administrator]

    3/13/2012 7:46:44 PM
    mbam-log-2012-03-13 (19-46-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219269
    Time elapsed: 22 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  2. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    GMER results

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-13 20:37:58
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542512K9SA00 rev.BB2OC33P
    Running: vc0mo67b.exe; Driver: C:\Users\Satan\AppData\Local\Temp\pwdoypod.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  3. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    DDS.txt

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Satan at 20:44:23 on 2012-03-13
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.306 [GMT -7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Toshiba\IVP\ISM\pinger.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Toshiba\Utilities\KeNotify.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Button Manager\BM.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\avira\antivir desktop\avhlp.exe
    c:\program files\avira\antivir desktop\ApnStub.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031760
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
    mURLSearchHooks: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Softonic-EngUSA_ Toolbar: {6d474053-6aea-476f-af1a-840e7bbd0edb} - c:\program files\softonic-engusa_\prxtbSoft.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Facebook Update] "c:\users\satan\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [HWSetup] \HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [Skytel] Skytel.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\satan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{39811BFD-A031-4F2C-9911-CDF8F9763AED} : NameServer = 68.87.76.178,66.240.48.9
    TCP: Interfaces\{C65B8B4F-0AA9-42EE-A7BD-57B516133DA6} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\satan\appdata\roaming\mozilla\firefox\profiles\5gurtq4y.default\
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\satan\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc - BRI/1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-18 66616]
    S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2010-7-14 2696960]
    .
    =============== Created Last 30 ================
    .
    2012-03-14 02:45:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-13 03:10:38 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{04c35487-1dcc-4e0b-8b1a-a3d94a67dfd6}\mpengine.dll
    2012-03-12 01:03:28 -------- d-----w- c:\program files\common files\Intuit
    2012-03-12 01:03:11 -------- d-----w- c:\users\satan\appdata\roaming\Intuit
    2012-03-12 01:03:11 -------- d-----w- c:\program files\Quicken
    2012-03-12 01:02:25 -------- d-----w- c:\programdata\Intuit
    2012-03-07 04:43:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-06 05:04:27 -------- d-----w- c:\users\satan\appdata\roaming\Malwarebytes
    2012-03-06 05:03:58 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-15 01:14:09 680448 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 01:14:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-02-15 01:13:54 2044416 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-02-06 03:35:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-29 13:10:42 237072 ----a-w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 20:47:34.09 ===============
  4. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/15/2008 11:29:49 PM
    System Uptime: 3/13/2012 7:10:03 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | ISKAA
    Processor: Intel(R) Celeron(R) CPU 540 @ 1.86GHz | U2E1 | 1862/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 110 GiB total, 58.258 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft 6to4 Adapter
    Device ID: ROOT\*6TO4MP\0000
    Manufacturer: Microsoft
    Name: Microsoft 6to4 Adapter
    PNP Device ID: ROOT\*6TO4MP\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects 2
    ArcSoft ShowBiz
    ArcSoft WebCam Companion 3
    Atheros Driver Installation Program
    Atheros Wi-Fi Protected Setup Library
    Avira AntiVir Personal - Free Antivirus
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    DVD MovieFactory for TOSHIBA
    Emicsoft Video Converter
    Facebook Video Calling 1.1.1.1
    Feedback Tool
    GearDrvs
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Button Manager
    HP ePrint Mobile
    HP Officejet 6500 E710n-z Basic Device Software
    HP Officejet 6500 E710n-z Help
    HP Officejet 6500 E710n-z Product Improvement Study
    HP Postscript Converter
    HP Update
    HP Webcam User's Guide
    I.R.I.S. OCR
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Logitech Vid HD
    Logitech Webcam Software
    LUNA Plus v1.0
    Malwarebytes Anti-Malware version 1.60.1.1000
    Marketsplash Shortcuts
    Memeo AutoBackup
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 4.0
    MobileMe Control Panel
    Mozilla Firefox 8.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton 360
    Pando Media Booster
    Picasa 2
    QuickBooks Financial Center
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RuneScape Launcher 1.0.4
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skype Click to Call
    Skype™ 5.5
    Softonic-EngUSA_ Toolbar
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Games
    TOSHIBA Hardware Setup
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Utility Common Driver
    Windows Media Encoder 9 Series
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2012 3:53:42 PM, Error: EventLog [6008] - The previous system shutdown at 3:12:01 PM on 3/8/2012 was unexpected.
    3/8/2012 10:06:03 AM, Error: EventLog [6008] - The previous system shutdown at 10:04:55 AM on 3/8/2012 was unexpected.
    3/8/2012 10:02:09 AM, Error: EventLog [6008] - The previous system shutdown at 10:00:32 AM on 3/8/2012 was unexpected.
    3/7/2012 9:43:03 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/7/2012 9:43:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    3/7/2012 7:50:25 PM, Error: EventLog [6008] - The previous system shutdown at 7:48:56 PM on 3/7/2012 was unexpected.
    3/13/2012 7:12:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    3/13/2012 7:12:10 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/13/2012 7:03:15 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    3/13/2012 7:02:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/13/2012 7:02:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/13/2012 7:02:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb spldr ssmdrv Wanarpv6
    3/13/2012 7:02:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/13/2012 7:02:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/13/2012 7:02:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/13/2012 7:00:58 PM, Error: EventLog [6008] - The previous system shutdown at 6:58:54 PM on 3/13/2012 was unexpected.
    3/13/2012 6:55:42 PM, Error: EventLog [6008] - The previous system shutdown at 6:34:05 AM on 3/13/2012 was unexpected.
    3/12/2012 8:33:32 PM, Error: EventLog [6008] - The previous system shutdown at 8:31:02 PM on 3/12/2012 was unexpected.
    3/12/2012 8:17:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    3/12/2012 8:11:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb DfsC jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx Wanarpv6
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/12/2012 8:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/12/2012 8:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/12/2012 8:10:38 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.121.966.0 Loading engine version: 1.1.8101.0
    3/12/2012 8:10:01 PM, Error: EventLog [6008] - The previous system shutdown at 8:08:34 PM on 3/12/2012 was unexpected.
    3/12/2012 7:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    3/12/2012 7:51:05 PM, Error: EventLog [6008] - The previous system shutdown at 6:26:21 AM on 3/12/2012 was unexpected.
    3/12/2012 11:05:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    3/12/2012 11:05:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
    3/12/2012 11:05:29 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    3/12/2012 11:05:28 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    3/11/2012 9:14:06 PM, Error: EventLog [6008] - The previous system shutdown at 9:12:05 PM on 3/11/2012 was unexpected.
    3/11/2012 7:16:04 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    3/11/2012 3:54:50 PM, Error: EventLog [6008] - The previous system shutdown at 3:50:12 PM on 3/11/2012 was unexpected.
    3/11/2012 12:43:24 PM, Error: EventLog [6008] - The previous system shutdown at 12:40:53 PM on 3/11/2012 was unexpected.
    3/11/2012 12:11:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/11/2012 12:05:09 PM, Error: EventLog [6008] - The previous system shutdown at 12:03:03 PM on 3/11/2012 was unexpected.
    3/11/2012 11:21:25 AM, Error: EventLog [6008] - The previous system shutdown at 10:42:23 PM on 3/10/2012 was unexpected.
    3/11/2012 10:02:01 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    3/10/2012 4:21:36 PM, Error: EventLog [6008] - The previous system shutdown at 4:19:24 PM on 3/10/2012 was unexpected.
    3/10/2012 10:14:33 AM, Error: EventLog [6008] - The previous system shutdown at 10:12:09 AM on 3/10/2012 was unexpected.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

  7. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Please observe forum rules.
    All logs have to be pasted not attached or uploaded somewhere.
  8. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Sorry. That's how you told me to post it in the past when the log was too long. How would you like me to proceed this time?
  9. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    That was one time situation.
    I've never seen TDSSKiller log being super long.
    Let's see.....

    21:14:26.0266 0468 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
    21:14:26.0731 0468 ============================================================
    21:14:26.0731 0468 Current date / time: 2012/03/14 21:14:26.0731
    21:14:26.0731 0468 SystemInfo:
    21:14:26.0731 0468
    21:14:26.0731 0468 OS Version: 6.0.6002 ServicePack: 2.0
    21:14:26.0731 0468 Product type: Workstation
    21:14:26.0731 0468 ComputerName: SATAN-PC
    21:14:26.0731 0468 UserName: Satan
    21:14:26.0731 0468 Windows directory: C:\Windows
    21:14:26.0731 0468 System windows directory: C:\Windows
    21:14:26.0731 0468 Processor architecture: Intel x86
    21:14:26.0731 0468 Number of processors: 1
    21:14:26.0731 0468 Page size: 0x1000
    21:14:26.0731 0468 Boot type: Normal boot
    21:14:26.0731 0468 ============================================================
    21:14:28.0431 0468 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:14:28.0431 0468 \Device\Harddisk0\DR0:
    21:14:28.0431 0468 MBR used
    21:14:28.0431 0468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
    21:14:28.0481 0468 Initialize success
    21:14:28.0481 0468 ============================================================
    21:14:43.0714 0192 ============================================================
    21:14:43.0714 0192 Scan started
    21:14:43.0714 0192 Mode: Manual;
    21:14:43.0714 0192 ============================================================
    21:14:45.0544 0192 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:14:45.0544 0192 ACPI - ok
    21:14:45.0674 0192 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    21:14:45.0694 0192 adp94xx - ok
    21:14:45.0834 0192 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    21:14:45.0844 0192 adpahci - ok
    21:14:45.0914 0192 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    21:14:45.0944 0192 adpu160m - ok
    21:14:46.0074 0192 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    21:14:46.0074 0192 adpu320 - ok
    21:14:46.0234 0192 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:14:46.0234 0192 AFD - ok
    21:14:46.0694 0192 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:14:46.0854 0192 AgereSoftModem - ok
    21:14:47.0014 0192 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    21:14:47.0014 0192 agp440 - ok
    21:14:47.0064 0192 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:14:47.0064 0192 aic78xx - ok
    21:14:47.0104 0192 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    21:14:47.0104 0192 aliide - ok
    21:14:47.0144 0192 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    21:14:47.0174 0192 amdagp - ok
    21:14:47.0304 0192 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    21:14:47.0314 0192 amdide - ok
    21:14:47.0434 0192 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    21:14:47.0434 0192 AmdK7 - ok
    21:14:47.0474 0192 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    21:14:47.0494 0192 AmdK8 - ok
    21:14:47.0624 0192 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
    21:14:47.0664 0192 ApfiltrService - ok
    21:14:47.0824 0192 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    21:14:47.0834 0192 arc - ok
    21:14:47.0974 0192 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    21:14:47.0984 0192 arcsas - ok
    21:14:48.0094 0192 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:14:48.0104 0192 AsyncMac - ok
    21:14:48.0204 0192 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:14:48.0204 0192 atapi - ok
    21:14:48.0324 0192 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
    21:14:48.0334 0192 athr - ok
    21:14:48.0514 0192 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
    21:14:48.0514 0192 avgntflt - ok
    21:14:48.0564 0192 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
    21:14:48.0574 0192 avipbb - ok
    21:14:48.0724 0192 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:14:48.0744 0192 Beep - ok
    21:14:48.0854 0192 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    21:14:48.0884 0192 blbdrive - ok
    21:14:49.0044 0192 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:14:49.0044 0192 bowser - ok
    21:14:49.0164 0192 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:14:49.0164 0192 BrFiltLo - ok
    21:14:49.0204 0192 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:14:49.0214 0192 BrFiltUp - ok
    21:14:49.0354 0192 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:14:49.0354 0192 Brserid - ok
    21:14:49.0404 0192 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:14:49.0404 0192 BrSerWdm - ok
    21:14:49.0444 0192 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:14:49.0444 0192 BrUsbMdm - ok
    21:14:49.0474 0192 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:14:49.0474 0192 BrUsbSer - ok
    21:14:49.0634 0192 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:14:49.0654 0192 BTHMODEM - ok
    21:14:49.0774 0192 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
    21:14:49.0804 0192 BVRPMPR5 - ok
    21:14:49.0977 0192 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:14:49.0977 0192 cdfs - ok
    21:14:50.0070 0192 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
    21:14:50.0070 0192 Cdr4_xp - ok
    21:14:50.0195 0192 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
    21:14:50.0211 0192 Cdralw2k - ok
    21:14:50.0304 0192 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:14:50.0304 0192 cdrom - ok
    21:14:50.0367 0192 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    21:14:50.0367 0192 circlass - ok
    21:14:50.0460 0192 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:14:50.0491 0192 CLFS - ok
    21:14:50.0641 0192 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:14:50.0671 0192 CmBatt - ok
    21:14:50.0761 0192 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    21:14:50.0791 0192 cmdide - ok
    21:14:50.0931 0192 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:14:50.0931 0192 Compbatt - ok
    21:14:51.0131 0192 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    21:14:51.0161 0192 crcdisk - ok
    21:14:51.0231 0192 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    21:14:51.0231 0192 Crusoe - ok
    21:14:51.0481 0192 DCamUSBNovatek (ec6a07269d3762931f21f048f0a7875d) C:\Windows\system32\Drivers\nvtcam.sys
    21:14:51.0571 0192 DCamUSBNovatek - ok
    21:14:51.0741 0192 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:14:51.0761 0192 DfsC - ok
    21:14:52.0031 0192 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:14:52.0031 0192 disk - ok
    21:14:52.0181 0192 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:14:52.0181 0192 drmkaud - ok
    21:14:52.0331 0192 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:14:52.0341 0192 DXGKrnl - ok
    21:14:52.0481 0192 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:14:52.0491 0192 E1G60 - ok
    21:14:52.0631 0192 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:14:52.0631 0192 Ecache - ok
    21:14:52.0801 0192 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    21:14:52.0821 0192 elxstor - ok
    21:14:52.0941 0192 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    21:14:52.0941 0192 ErrDev - ok
    21:14:53.0091 0192 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:14:53.0101 0192 exfat - ok
    21:14:53.0191 0192 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:14:53.0211 0192 fastfat - ok
    21:14:53.0341 0192 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    21:14:53.0341 0192 fdc - ok
    21:14:53.0411 0192 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:14:53.0421 0192 FileInfo - ok
    21:14:53.0461 0192 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:14:53.0491 0192 Filetrace - ok
    21:14:53.0521 0192 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:14:53.0531 0192 flpydisk - ok
    21:14:53.0661 0192 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:14:53.0671 0192 FltMgr - ok
    21:14:53.0771 0192 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    21:14:53.0781 0192 Fs_Rec - ok
    21:14:53.0881 0192 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    21:14:53.0881 0192 gagp30kx - ok
    21:14:54.0021 0192 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    21:14:54.0021 0192 GEARAspiWDM - ok
    21:14:54.0221 0192 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:14:54.0221 0192 HdAudAddService - ok
    21:14:54.0301 0192 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:14:54.0311 0192 HDAudBus - ok
    21:14:54.0471 0192 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:14:54.0471 0192 HidBth - ok
    21:14:54.0621 0192 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    21:14:54.0621 0192 HidIr - ok
    21:14:54.0731 0192 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    21:14:54.0731 0192 HidUsb - ok
    21:14:54.0861 0192 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    21:14:54.0861 0192 HpCISSs - ok
    21:14:54.0981 0192 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    21:14:54.0991 0192 HTTP - ok
    21:14:55.0101 0192 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    21:14:55.0111 0192 i2omp - ok
    21:14:55.0231 0192 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:14:55.0241 0192 i8042prt - ok
    21:14:55.0311 0192 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    21:14:55.0321 0192 iaStorV - ok
    21:14:55.0551 0192 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
    21:14:55.0581 0192 igfx - ok
    21:14:55.0681 0192 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:14:55.0691 0192 iirsp - ok
    21:14:55.0851 0192 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
    21:14:55.0911 0192 IntcAzAudAddService - ok
    21:14:56.0071 0192 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    21:14:56.0081 0192 intelide - ok
    21:14:56.0121 0192 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:14:56.0121 0192 intelppm - ok
    21:14:56.0221 0192 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:14:56.0221 0192 IpFilterDriver - ok
    21:14:56.0331 0192 IpInIp - ok
    21:14:56.0441 0192 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    21:14:56.0451 0192 IPMIDRV - ok
    21:14:56.0531 0192 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:14:56.0531 0192 IPNAT - ok
    21:14:56.0671 0192 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:14:56.0671 0192 IRENUM - ok
    21:14:56.0741 0192 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    21:14:56.0741 0192 isapnp - ok
    21:14:56.0811 0192 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:14:56.0811 0192 iScsiPrt - ok
    21:14:56.0901 0192 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:14:56.0901 0192 iteatapi - ok
    21:14:56.0981 0192 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:14:56.0981 0192 iteraid - ok
    21:14:57.0091 0192 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
    21:14:57.0091 0192 jswpslwf - ok
    21:14:57.0131 0192 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:14:57.0131 0192 kbdclass - ok
    21:14:57.0211 0192 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    21:14:57.0211 0192 kbdhid - ok
    21:14:57.0321 0192 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
    21:14:57.0321 0192 KR10I - ok
    21:14:57.0371 0192 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
    21:14:57.0371 0192 KR10N - ok
    21:14:57.0521 0192 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    21:14:57.0531 0192 KSecDD - ok
    21:14:57.0691 0192 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:14:57.0691 0192 lltdio - ok
    21:14:57.0851 0192 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
    21:14:57.0851 0192 LPCFilter - ok
    21:14:57.0911 0192 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    21:14:57.0941 0192 LSI_FC - ok
    21:14:57.0991 0192 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    21:14:57.0991 0192 LSI_SAS - ok
    21:14:58.0121 0192 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    21:14:58.0131 0192 LSI_SCSI - ok
    21:14:58.0191 0192 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:14:58.0191 0192 luafv - ok
    21:14:58.0361 0192 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    21:14:58.0361 0192 LVPr2Mon - ok
    21:14:58.0461 0192 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    21:14:58.0461 0192 megasas - ok
    21:14:58.0511 0192 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    21:14:58.0541 0192 MegaSR - ok
    21:14:58.0681 0192 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:14:58.0681 0192 Modem - ok
    21:14:58.0761 0192 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:14:58.0761 0192 monitor - ok
    21:14:58.0801 0192 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:14:58.0801 0192 mouclass - ok
    21:14:58.0841 0192 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    21:14:58.0841 0192 mouhid - ok
    21:14:58.0931 0192 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:14:58.0941 0192 MountMgr - ok
    21:14:59.0051 0192 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    21:14:59.0051 0192 mpio - ok
    21:14:59.0091 0192 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:14:59.0091 0192 mpsdrv - ok
    21:14:59.0201 0192 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:14:59.0201 0192 Mraid35x - ok
    21:14:59.0291 0192 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:14:59.0291 0192 MRxDAV - ok
    21:14:59.0361 0192 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:14:59.0361 0192 mrxsmb - ok
    21:14:59.0501 0192 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:14:59.0501 0192 mrxsmb10 - ok
    21:14:59.0591 0192 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:14:59.0591 0192 mrxsmb20 - ok
    21:14:59.0731 0192 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    21:14:59.0731 0192 msahci - ok
    21:14:59.0813 0192 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    21:14:59.0813 0192 msdsm - ok
    21:14:59.0938 0192 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:14:59.0953 0192 Msfs - ok
    21:15:00.0063 0192 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:15:00.0078 0192 msisadrv - ok
    21:15:00.0234 0192 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:15:00.0234 0192 MSKSSRV - ok
    21:15:00.0324 0192 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:15:00.0334 0192 MSPCLOCK - ok
    21:15:00.0364 0192 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:15:00.0364 0192 MSPQM - ok
    21:15:00.0414 0192 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:15:00.0424 0192 MsRPC - ok
    21:15:00.0524 0192 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:15:00.0524 0192 mssmbios - ok
    21:15:00.0584 0192 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:15:00.0584 0192 MSTEE - ok
    21:15:00.0644 0192 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:15:00.0644 0192 Mup - ok
    21:15:00.0774 0192 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:15:00.0784 0192 NativeWifiP - ok
    21:15:00.0894 0192 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:15:00.0904 0192 NDIS - ok
    21:15:00.0974 0192 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:15:00.0974 0192 NdisTapi - ok
    21:15:01.0044 0192 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:15:01.0044 0192 Ndisuio - ok
    21:15:01.0144 0192 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:15:01.0154 0192 NdisWan - ok
    21:15:01.0234 0192 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:15:01.0264 0192 NDProxy - ok
    21:15:01.0314 0192 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:15:01.0314 0192 NetBIOS - ok
    21:15:01.0354 0192 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:15:01.0374 0192 netbt - ok
    21:15:01.0644 0192 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    21:15:01.0704 0192 NETw3v32 - ok
    21:15:01.0844 0192 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:15:01.0844 0192 nfrd960 - ok
    21:15:01.0924 0192 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:15:01.0934 0192 Npfs - ok
    21:15:02.0104 0192 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:15:02.0114 0192 nsiproxy - ok
    21:15:02.0224 0192 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:15:02.0264 0192 Ntfs - ok
    21:15:02.0384 0192 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:15:02.0384 0192 ntrigdigi - ok
    21:15:02.0444 0192 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:15:02.0474 0192 Null - ok
    21:15:02.0524 0192 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    21:15:02.0524 0192 nvraid - ok
    21:15:02.0634 0192 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    21:15:02.0634 0192 nvstor - ok
    21:15:02.0714 0192 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    21:15:02.0714 0192 nv_agp - ok
    21:15:02.0734 0192 NwlnkFlt - ok
    21:15:02.0754 0192 NwlnkFwd - ok
    21:15:02.0824 0192 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:15:02.0824 0192 ohci1394 - ok
    21:15:02.0984 0192 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:15:02.0984 0192 Parport - ok
    21:15:03.0084 0192 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    21:15:03.0084 0192 partmgr - ok
    21:15:03.0194 0192 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:15:03.0194 0192 Parvdm - ok
    21:15:03.0254 0192 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:15:03.0254 0192 pci - ok
    21:15:03.0344 0192 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    21:15:03.0374 0192 pciide - ok
    21:15:03.0514 0192 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:15:03.0534 0192 pcmcia - ok
    21:15:03.0654 0192 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:15:03.0714 0192 PEAUTH - ok
    21:15:03.0994 0192 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
    21:15:04.0134 0192 PID_PEPI - ok
    21:15:04.0264 0192 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:15:04.0264 0192 PptpMiniport - ok
    21:15:04.0304 0192 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    21:15:04.0314 0192 Processor - ok
    21:15:04.0474 0192 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:15:04.0474 0192 PSched - ok
    21:15:04.0584 0192 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
    21:15:04.0594 0192 PxHelp20 - ok
    21:15:04.0694 0192 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    21:15:04.0714 0192 ql2300 - ok
    21:15:04.0824 0192 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:15:04.0834 0192 ql40xx - ok
    21:15:04.0894 0192 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:15:04.0904 0192 QWAVEdrv - ok
    21:15:04.0944 0192 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:15:04.0944 0192 RasAcd - ok
    21:15:05.0044 0192 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:15:05.0054 0192 Rasl2tp - ok
    21:15:05.0124 0192 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:15:05.0124 0192 RasPppoe - ok
    21:15:05.0234 0192 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:15:05.0244 0192 RasSstp - ok
    21:15:05.0304 0192 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:15:05.0304 0192 rdbss - ok
    21:15:05.0404 0192 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:15:05.0404 0192 RDPCDD - ok
    21:15:05.0494 0192 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    21:15:05.0494 0192 rdpdr - ok
    21:15:05.0524 0192 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:15:05.0524 0192 RDPENCDD - ok
    21:15:05.0604 0192 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    21:15:05.0634 0192 RDPWD - ok
    21:15:05.0764 0192 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:15:05.0774 0192 rspndr - ok
    21:15:05.0894 0192 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:15:05.0894 0192 RTL8169 - ok
    21:15:05.0994 0192 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:15:06.0024 0192 sbp2port - ok
    21:15:06.0134 0192 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
    21:15:06.0164 0192 sdbus - ok
    21:15:06.0314 0192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:15:06.0314 0192 secdrv - ok
    21:15:06.0394 0192 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:15:06.0404 0192 Serenum - ok
    21:15:06.0454 0192 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:15:06.0464 0192 Serial - ok
    21:15:06.0564 0192 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:15:06.0594 0192 sermouse - ok
    21:15:06.0674 0192 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
    21:15:06.0694 0192 sffdisk - ok
    21:15:06.0794 0192 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    21:15:06.0794 0192 sffp_mmc - ok
    21:15:06.0874 0192 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
    21:15:06.0884 0192 sffp_sd - ok
    21:15:06.0914 0192 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:15:06.0914 0192 sfloppy - ok
    21:15:07.0034 0192 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    21:15:07.0034 0192 sisagp - ok
    21:15:07.0094 0192 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    21:15:07.0104 0192 SiSRaid2 - ok
    21:15:07.0144 0192 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    21:15:07.0204 0192 SiSRaid4 - ok
    21:15:07.0314 0192 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:15:07.0324 0192 Smb - ok
    21:15:07.0464 0192 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:15:07.0484 0192 spldr - ok
    21:15:07.0594 0192 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:15:07.0604 0192 srv - ok
    21:15:07.0714 0192 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:15:07.0744 0192 srv2 - ok
    21:15:07.0804 0192 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:15:07.0814 0192 srvnet - ok
    21:15:07.0874 0192 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    21:15:07.0874 0192 ssmdrv - ok
    21:15:08.0044 0192 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    21:15:08.0044 0192 StillCam - ok
    21:15:08.0204 0192 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:15:08.0214 0192 swenum - ok
    21:15:08.0324 0192 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:15:08.0334 0192 Symc8xx - ok
    21:15:08.0414 0192 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:15:08.0414 0192 Sym_hi - ok
    21:15:08.0464 0192 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:15:08.0464 0192 Sym_u3 - ok
    21:15:08.0574 0192 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
    21:15:08.0574 0192 SynTP - ok
    21:15:08.0714 0192 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    21:15:08.0724 0192 Tcpip - ok
    21:15:08.0884 0192 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    21:15:08.0894 0192 Tcpip6 - ok
    21:15:09.0034 0192 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:15:09.0044 0192 tcpipreg - ok
    21:15:09.0244 0192 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    21:15:09.0254 0192 tdcmdpst - ok
    21:15:09.0334 0192 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:15:09.0334 0192 TDPIPE - ok
    21:15:09.0444 0192 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:15:09.0444 0192 TDTCP - ok
    21:15:09.0524 0192 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:15:09.0534 0192 tdx - ok
    21:15:09.0584 0192 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:15:09.0584 0192 TermDD - ok
    21:15:09.0744 0192 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
    21:15:09.0744 0192 tifm21 - ok
    21:15:09.0934 0192 Tosrfcom - ok
    21:15:09.0984 0192 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    21:15:09.0984 0192 tosrfec - ok
    21:15:10.0064 0192 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    21:15:10.0064 0192 tos_sps32 - ok
    21:15:10.0194 0192 TpChoice - ok
    21:15:10.0344 0192 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:15:10.0344 0192 tssecsrv - ok
    21:15:10.0434 0192 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:15:10.0434 0192 tunmp - ok
    21:15:10.0474 0192 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
    21:15:10.0474 0192 tunnel - ok
    21:15:10.0574 0192 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    21:15:10.0574 0192 TVALZ - ok
    21:15:10.0664 0192 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    21:15:10.0664 0192 uagp35 - ok
    21:15:10.0774 0192 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:15:10.0774 0192 udfs - ok
    21:15:10.0894 0192 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    21:15:10.0924 0192 uliagpkx - ok
    21:15:11.0044 0192 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    21:15:11.0054 0192 uliahci - ok
    21:15:11.0174 0192 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:15:11.0204 0192 UlSata - ok
    21:15:11.0274 0192 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:15:11.0284 0192 ulsata2 - ok
    21:15:11.0404 0192 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:15:11.0414 0192 umbus - ok
    21:15:11.0554 0192 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    21:15:11.0554 0192 USBAAPL - ok
    21:15:11.0684 0192 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    21:15:11.0694 0192 usbaudio - ok
    21:15:11.0744 0192 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:15:11.0764 0192 usbccgp - ok
    21:15:11.0884 0192 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:15:11.0884 0192 usbcir - ok
    21:15:11.0964 0192 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:15:11.0964 0192 usbehci - ok
    21:15:12.0014 0192 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:15:12.0024 0192 usbhub - ok
    21:15:12.0134 0192 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    21:15:12.0164 0192 usbohci - ok
    21:15:12.0264 0192 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    21:15:12.0264 0192 usbprint - ok
    21:15:12.0324 0192 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:15:12.0324 0192 USBSTOR - ok
    21:15:12.0394 0192 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:15:12.0404 0192 usbuhci - ok
    21:15:12.0544 0192 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    21:15:12.0554 0192 usbvideo - ok
    21:15:12.0614 0192 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:15:12.0614 0192 vga - ok
    21:15:12.0704 0192 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:15:12.0704 0192 VgaSave - ok
    21:15:12.0764 0192 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    21:15:12.0774 0192 viaagp - ok
    21:15:12.0814 0192 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    21:15:12.0844 0192 ViaC7 - ok
    21:15:12.0894 0192 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    21:15:12.0914 0192 viaide - ok
    21:15:13.0044 0192 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:15:13.0044 0192 volmgr - ok
    21:15:13.0114 0192 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:15:13.0124 0192 volmgrx - ok
    21:15:13.0234 0192 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:15:13.0254 0192 volsnap - ok
    21:15:13.0324 0192 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    21:15:13.0344 0192 vsmraid - ok
    21:15:13.0494 0192 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:15:13.0524 0192 WacomPen - ok
    21:15:13.0604 0192 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:15:13.0614 0192 Wanarp - ok
    21:15:13.0624 0192 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:15:13.0624 0192 Wanarpv6 - ok
    21:15:13.0694 0192 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    21:15:13.0704 0192 Wd - ok
    21:15:13.0974 0192 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:15:13.0974 0192 Wdf01000 - ok
    21:15:14.0824 0192 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    21:15:14.0854 0192 WmiAcpi - ok
    21:15:15.0094 0192 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:15:15.0094 0192 WpdUsb - ok
    21:15:15.0174 0192 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:15:15.0174 0192 ws2ifsl - ok
    21:15:15.0344 0192 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
    21:15:15.0344 0192 WSDPrintDevice - ok
    21:15:15.0484 0192 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:15:15.0504 0192 WUDFRd - ok
    21:15:15.0544 0192 MBR (0x1B8) (849e52748aab5959bc8000cb4974bc13) \Device\Harddisk0\DR0
    21:15:15.0564 0192 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    21:15:15.0564 0192 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    21:15:15.0594 0192 Boot (0x1200) (bcaf97a13b1d31bc3778ca91dc7dfa31) \Device\Harddisk0\DR0\Partition0
    21:15:15.0594 0192 \Device\Harddisk0\DR0\Partition0 - ok
    21:15:15.0604 0192 ============================================================
    21:15:15.0604 0192 Scan finished
    21:15:15.0604 0192 ============================================================
    21:15:15.0624 5968 Detected object count: 1
    21:15:15.0624 5968 Actual detected object count: 1
    21:15:29.0362 5968 \Device\Harddisk0\DR0\# - copied to quarantine
    21:15:29.0362 5968 \Device\Harddisk0\DR0 - copied to quarantine
    21:15:29.0422 5968 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    21:15:29.0442 5968 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:15:29.0452 5968 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    21:15:29.0452 5968 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:15:29.0472 5968 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:15:29.0502 5968 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    21:15:29.0512 5968 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    21:15:29.0522 5968 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    21:15:29.0522 5968 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    21:15:29.0532 5968 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    21:15:29.0542 5968 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    21:15:29.0542 5968 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    21:15:29.0602 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    21:15:29.0602 5968 \Device\Harddisk0\DR0 - ok
    21:15:29.0612 5968 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    21:15:50.0019 1988 Deinitialize success
  10. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    As you can see posted no problem.

    Re-run TDSSKiller one more time.
  11. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Ok. It says no threats found.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    I always want to see the log no matter what it says.
    That's for the future.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  13. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    aswMBR

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-15 19:19:29
    -----------------------------
    19:19:29.037 OS Version: Windows 6.0.6002 Service Pack 2
    19:19:29.037 Number of processors: 1 586 0x1601
    19:19:29.037 ComputerName: SATAN-PC UserName: Satan
    19:19:35.027 Initialize success
    19:20:51.673 AVAST engine defs: 12031401
    19:21:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    19:21:16.302 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
    19:21:16.317 Disk 0 MBR read successfully
    19:21:16.317 Disk 0 MBR scan
    19:21:16.364 Disk 0 Windows VISTA default MBR code
    19:21:16.395 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:21:16.426 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
    19:21:16.458 Disk 0 scanning sectors +234440704
    19:21:16.536 Disk 0 scanning C:\Windows\system32\drivers
    19:21:37.523 Service scanning
    19:22:21.407 Modules scanning
    19:22:30.137 Disk 0 trace - called modules:
    19:22:30.167 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    19:22:30.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e9968]
    19:22:30.197 3 CLASSPNP.SYS[82d538b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x851d2390]
    19:22:31.785 AVAST engine scan C:\Windows
    19:22:37.355 AVAST engine scan C:\Windows\system32
    19:28:36.571 AVAST engine scan C:\Windows\system32\drivers
    19:28:59.092 AVAST engine scan C:\Users\Satan
    19:43:52.184 AVAST engine scan C:\ProgramData
    19:46:57.328 Scan finished successfully
    19:47:36.737 Disk 0 MBR has been saved successfully to "C:\Users\Satan\Desktop\MBR.dat"
    19:47:36.768 The log file has been saved successfully to "C:\Users\Satan\Desktop\aswMBR.txt"
  14. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Is the boot cleaner output supposed to look just like the last log?
  15. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    When I CTRL V into Notepad it shows the same as the previous log.
  16. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-15 19:19:29
    -----------------------------
    19:19:29.037 OS Version: Windows 6.0.6002 Service Pack 2
    19:19:29.037 Number of processors: 1 586 0x1601
    19:19:29.037 ComputerName: SATAN-PC UserName: Satan
    19:19:35.027 Initialize success
    19:20:51.673 AVAST engine defs: 12031401
    19:21:16.302 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
    19:21:16.302 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
    19:21:16.317 Disk 0 MBR read successfully
    19:21:16.317 Disk 0 MBR scan
    19:21:16.364 Disk 0 Windows VISTA default MBR code
    19:21:16.395 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:21:16.426 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
    19:21:16.458 Disk 0 scanning sectors +234440704
    19:21:16.536 Disk 0 scanning C:\Windows\system32\drivers
    19:21:37.523 Service scanning
    19:22:21.407 Modules scanning
    19:22:30.137 Disk 0 trace - called modules:
    19:22:30.167 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    19:22:30.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859e9968]
    19:22:30.197 3 CLASSPNP.SYS[82d538b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x851d2390]
    19:22:31.785 AVAST engine scan C:\Windows
    19:22:37.355 AVAST engine scan C:\Windows\system32
    19:28:36.571 AVAST engine scan C:\Windows\system32\drivers
    19:28:59.092 AVAST engine scan C:\Users\Satan
    19:43:52.184 AVAST engine scan C:\ProgramData
    19:46:57.328 Scan finished successfully
    19:47:36.737 Disk 0 MBR has been saved successfully to "C:\Users\Satan\Desktop\MBR.dat"
    19:47:36.768 The log file has been saved successfully to "C:\Users\Satan\Desktop\aswMBR.txt"
  17. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  18. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    The computer just restarted. Is that ok? Should I do something special?
     
  19. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    If you ran Combofix a log should have been produced.
  20. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    ComboFix 12-03-15.03 - Satan 03/15/2012 20:21:52.1.1 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1148 [GMT -7:00]
    Running from: c:\users\Satan\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\xp
    c:\programdata\xp\EBLib.dll
    c:\programdata\xp\TPwSav.sys
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-16 03:32 . 2012-03-16 03:39 -------- d-----w- c:\users\Satan\AppData\Local\temp
    2012-03-16 03:32 . 2012-03-16 03:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-03-16 03:32 . 2012-03-16 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-15 04:35 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
    2012-03-15 04:34 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-15 04:34 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-15 04:34 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-15 04:34 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-15 04:34 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-15 04:34 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0E873BA-9150-45CD-A97F-95FD2CA5A3C4}\mpengine.dll
    2012-03-15 04:34 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-03-15 04:34 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
    2012-03-15 04:34 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-15 04:29 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-15 04:29 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-03-15 04:15 . 2012-03-15 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 02:45 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-12 02:22 . 2012-03-12 02:22 -------- d-----w- c:\users\Guest\AppData\Roaming\Intuit
    2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\program files\Common Files\Intuit
    2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\program files\Quicken
    2012-03-12 01:03 . 2012-03-12 01:03 -------- d-----w- c:\users\Satan\AppData\Roaming\Intuit
    2012-03-12 01:02 . 2012-03-12 01:02 -------- d-----w- c:\programdata\Intuit
    2012-03-09 21:56 . 2012-03-09 21:56 -------- d-----w- c:\programdata\WindowsSearch
    2012-03-08 04:22 . 2012-03-08 04:22 -------- d-----w- c:\windows\Sun
    2012-03-07 04:43 . 2012-03-14 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-06 05:39 . 2012-03-06 05:39 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
    2012-03-06 05:04 . 2012-03-06 05:04 -------- d-----w- c:\users\Satan\AppData\Roaming\Malwarebytes
    2012-03-06 05:03 . 2012-03-06 05:03 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-25 07:55 . 2012-02-25 07:55 -------- d-----w- c:\users\Guest\AppData\Local\Apple
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-06 03:35 . 2011-07-28 09:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-29 13:10 . 2010-10-31 06:02 237072 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-21 04:04 . 2011-12-06 01:51 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{6d474053-6aea-476f-af1a-840e7bbd0edb}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
    2011-03-28 16:22 176936 ----a-w- c:\program files\Softonic-EngUSA_\prxtbSoft.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6d474053-6aea-476f-af1a-840e7bbd0edb}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{6D474053-6AEA-476F-AF1A-840E7BBD0EDB}"= "c:\program files\Softonic-EngUSA_\prxtbSoft.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{6d474053-6aea-476f-af1a-840e7bbd0edb}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    "Facebook Update"="c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-04 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HWSetup"="\HWSetup.exe hwSetUP" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
    "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
    "KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    .
    c:\users\Satan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-7-23 61440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050984951-2095670543-4058770262-1000Core.job
    - c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 05:38]
    .
    2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4050984951-2095670543-4058770262-1000UA.job
    - c:\users\Satan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-04 05:38]
    .
    2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 23:42]
    .
    2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 23:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3031760
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{39811BFD-A031-4F2C-9911-CDF8F9763AED}: NameServer = 68.87.76.178,66.240.48.9
    FF - ProfilePath - c:\users\Satan\AppData\Roaming\Mozilla\Firefox\Profiles\5gurtq4y.default\
    FF - user.js: general.useragent.extra.brc - BRI/1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
    .
    .
    .
    **************************************************************************
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files:
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\toshiba\IVP\ISM\pinger.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-15 20:47:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-16 03:47
    .
    Pre-Run: 62,916,169,728 bytes free
    Post-Run: 64,593,223,680 bytes free
    .
    - - End Of File - - D1A6CCDA4F89BAF50A560AC90E7DEBF8
  21. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  22. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Firefox doesn't load. Other browsers seem to be working fine. About to download OTL.
  23. Broni

    Broni Malware Annihilator Posts: 46,130   +251

    Reinstall Firefox.
  24. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Should I uninstall firefox before reloading it?
  25. MTilson

    MTilson Newcomer, in training Topic Starter Posts: 93

    Extras.txt

    OTL Extras logfile created on: 3/16/2012 6:50:55 PM - Run 1
    OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Satan\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.58% Memory free
    4.22 Gb Paging File | 2.97 Gb Available in Paging File | 70.37% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 110.32 Gb Total Space | 59.32 Gb Free Space | 53.77% Space Free | Partition Type: NTFS

    Computer Name: SATAN-PC | User Name: Satan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4050984951-2095670543-4058770262-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0020B61A-53F8-4DAE-9D3D-44DE63DDBF91}" = lport=31337 | protocol=6 | dir=in | name=terraria |
    "{0325093D-6B08-455E-A321-AFF4E1D58EB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0441D404-691E-4C67-BA07-36B9727866EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{0535BD24-CFCE-4732-9BF4-E9186BE9C836}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{0627EE78-5B57-42D8-833D-BF650CE6C1D9}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{07B0D077-86F5-4609-BD5C-52BF10F28256}" = rport=138 | protocol=17 | dir=out | app=system |
    "{0A88FBF6-FE2C-40F6-B9EC-612CFB50FFA8}" = lport=2178 | protocol=6 | dir=in | app=system |
    "{10F0A921-FF19-4601-84DA-7C81B98FE873}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{15DB462A-AF30-4249-9D17-EA8A992ED9F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{166DA2F1-BC4F-4997-B4C8-CC9639FC2956}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{258A2FFE-449F-4D42-A44A-CF22710FFF99}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
    "{294799FB-DE86-4036-868C-7B76207F6E08}" = lport=137 | protocol=17 | dir=in | app=system |
    "{296C7F34-4872-43A7-8425-8768FC53C7AE}" = lport=7777 | protocol=6 | dir=in | name=terraria 2 |
    "{357878ED-CB35-4315-8903-18BE83BFC995}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{407F5A18-A5DF-487A-8976-4B2833B54D79}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4AC623C8-8662-4D49-B41F-4F546FFB0477}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{4C86120F-360B-49E3-A0D9-3F3BAE80EE05}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{4E424031-999B-4F31-AAF3-8325CFB42E44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{4EE6ADC1-578A-4E5A-A85F-EE448D8835BF}" = lport=138 | protocol=17 | dir=in | app=system |
    "{52CC24E2-C085-49B9-96A1-D9E35B3DAABB}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
    "{5331AE99-00F4-43CD-A03E-C78C57695847}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{590C3017-AB8B-4019-BAFC-12DEAF9DF71E}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
    "{5CFAFCCE-78A5-4D6B-85A5-F8DD8493A2F8}" = rport=445 | protocol=6 | dir=out | app=system |
    "{6B15CFFC-B31F-41D4-A286-06D851D9F9F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6BD51C73-E9D7-49F5-A1FC-6A8EA5EE9F56}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{6ED2D5A1-8F87-4D44-9355-233375E77719}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{6F40BA4E-89D3-40BD-A91F-47CBA2AD54BC}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{73323364-EDA1-4164-A80C-B1B740474B22}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{86A50A31-E9C0-4F28-9249-BB7C2150CF1E}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
    "{885E8FA4-DCC6-4B2E-B8FA-6F5A6B15B3AF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8EC6BBB5-9FB7-4764-BC2C-FBB13AE0F96C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{9FE05305-0094-4DE1-A5D3-93F9AC36A109}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{AAA11173-CBCA-4A1F-BCEC-DB4947272184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{B9AB7261-46F0-4A4E-A561-3D74D684C685}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{C007D31C-81A7-4F9A-8FC4-05B61AE9C977}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{C8382727-BAEE-4323-B762-3A38622EAC66}" = lport=445 | protocol=6 | dir=in | app=system |
    "{D00E758B-F6A2-4108-AAAD-A9C5A06BE900}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
    "{D54C5119-DC58-456B-8F23-9BCF8A456B9B}" = rport=2178 | protocol=6 | dir=out | app=system |
    "{E0573ECA-DE36-40A2-BDA4-2A174131AFE6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
    "{E2820655-CC7C-45F9-AAFD-11A559097118}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{E2DAB26C-320B-4A45-8B97-597D454A640B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{E486302F-4C37-46D0-855F-9DF42A87B186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EAD90454-2860-435A-9143-019355A0CB96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
    "{F6AE7432-7C9E-43AF-A8B2-4E1C167583AA}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{F710D2C8-EF3C-42FA-80B0-0D1B59777B18}" = rport=139 | protocol=6 | dir=out | app=system |
    "{FDD53E9B-66F2-468C-9C9A-BE8F8F18C2B4}" = lport=5358 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01A3EFA3-9274-4215-8D36-C2C70FC0D281}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{11AC29AC-D031-479E-8920-A73E712B6B12}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{1813842D-D741-4CC7-B232-EFC981CA9889}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{181E3A88-CD6C-4959-B964-28739BB5AA0A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{1915CF69-DC47-4944-BC41-28EBC182446E}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{382FA0E4-B09B-4217-8BC7-4A5E0FF645F5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{452DAF9C-F0AA-4748-9C7D-AB81421F5C1A}" = protocol=6 | dir=out | app=system |
    "{4A9478A2-C45B-40DC-8662-D5447694216E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{5CF81E3A-3E47-44F0-961B-7E8212788B12}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{64FAB3A7-A9BD-4335-BDE2-BB24CD539B75}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
    "{653065FD-9D06-4A76-B2AF-A127176C71D8}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
    "{68CA25DC-808F-4FDA-A43E-6FC20C06E25E}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
    "{6B788418-9627-41F5-9399-403E8D7E9E15}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
    "{6C75D61A-2EA9-49FA-B95E-48B93BD1BF7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{85F92E66-24DA-4AF5-9EB9-BF4C7637D358}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
    "{860E7ED2-9500-4892-9FC3-5B5C4BA943F1}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
    "{95406314-7A4C-4336-B97D-347834FC148C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{99859D97-0C4E-4EB8-B02E-3717997CB754}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{9DBE4C5D-1777-4A60-BB01-B856CD53D7A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9ECADBA6-D075-4A5C-863E-784FED82089A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{A072CB96-75CD-45D6-AD46-A51E9308AE51}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{A33A0AF1-A7FE-4EC0-9C8E-F3A6FA6B9102}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AFC6A88C-F9DB-47F6-A35B-8155B34EA25F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B5E84012-85AA-4E5D-B7A3-27667027C027}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
    "{B7793FC8-01AF-4B16-AE3D-FE74BA174F2C}" = protocol=6 | dir=out | app=system |
    "{B8782635-8E3F-4019-BB7F-F9F9D981B140}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{BC5173C5-894D-4860-A3EB-1E8883831E71}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{BD23C075-36EF-49E3-9AF8-7A444660C4EC}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{BE7B4FDD-DC71-4835-A2E1-C7D30C287ADE}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
    "{C174F0E9-42BD-40F4-A68E-9BDC19202B9B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{C39B7CE4-6F4F-4A6E-BF13-9571D25FE310}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
    "{C5176CBA-B1B2-49F0-8298-CF89D7EC300E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{C9DC7A38-B16F-4BCE-9C89-CF54B8E371AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CB4EDF0A-21F5-412A-9BC5-FE4741BE3CE4}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{CECFCF96-B3E9-458D-AC3E-E6EE0CA9217D}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
    "{D9A12464-E98B-4839-A564-4FE266C71701}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{DC5542B6-A1DE-4245-81FC-E3CFAA3BBAAA}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
    "{DCA2B74D-6B43-488B-BADE-CCEA6EC2CDD2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{E0534F4F-8D66-4E09-9D39-71EA11BE692A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{E495AFFD-CDD2-4EB1-8845-76442EB34A7C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{F206B229-8998-48CA-9095-58A475193640}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{F2CC2140-38B9-49B2-A5BE-4369813E2A37}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{F80FFD5D-07EA-402C-BE70-A5FEEB261415}" = dir=in | app=c:\users\satan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{F8523A69-ACF8-400E-9CDE-BFA1B44301A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F9AC4CD5-EF71-4110-BDF9-7A6E5B383867}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "TCP Query User{50CEE4BB-48B2-4F52-B1F8-D163629F3547}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "TCP Query User{61AB0872-868F-40BC-8191-5EBC0F342061}D:\bin\ia\core\mdm_util.exe" = protocol=6 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
    "TCP Query User{6517FE44-9CA7-477E-8B39-32701F32E459}C:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe |
    "TCP Query User{684CDBF2-E948-45E2-90DC-FC731A8CEA6B}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=6 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
    "TCP Query User{6BD41EA4-4696-4F5E-B807-9F9B067DA6AB}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
    "TCP Query User{B00692A5-B7A8-4C8D-91ED-90A734376924}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "UDP Query User{AAF8879D-1185-4328-8A00-0041CCB8B1BF}C:\program files\adobe\reader 8.0\reader\acrord32.exe" = protocol=17 | dir=in | app=c:\program files\adobe\reader 8.0\reader\acrord32.exe |
    "UDP Query User{B69145B5-8DD6-4110-A4CF-A28FA12A4B82}C:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\monowheel\team fortress 2\hl2.exe |
    "UDP Query User{B804118C-8A84-4DF6-A2BF-ABD9D5DB93F9}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |
    "UDP Query User{BE331A48-6C0A-460D-8D19-0F39A6B4F1FA}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
    "UDP Query User{C43B872F-EDA1-469B-B22F-24C6FB01C261}D:\bin\ia\core\mdm_util.exe" = protocol=17 | dir=in | app=d:\bin\ia\core\mdm_util.exe |
    "UDP Query User{CC7403A5-5E3F-4B91-8DB0-F0A9C5573A42}C:\program files\java\jre1.6.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_03\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint Mobile
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
    "{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
    "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
    "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
    "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
    "{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
    "{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
    "{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
    "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "conduitEngine" = Conduit Engine
    "Emicsoft Video Converter_is1" = Emicsoft Video Converter
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
    "InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
    "InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
    "InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
    "InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
    "InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
    "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Logitech Vid" = Logitech Vid HD
    "LUNA Plus" = LUNA Plus v1.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "Picasa2" = Picasa 2
    "Softonic-EngUSA_ Toolbar" = Softonic-EngUSA_ Toolbar
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "WildTangent toshiba Master Uninstall" = TOSHIBA Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.