Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random Shutdowns After MyScrapNook Malware Infection & Attempted R

Started by introspectacle , Jul 06 2012 02:57 PM

  • Please log in to reply

#1
introspectacle
Posted 06 July 2012 - 02:57 PM

introspectacle

    Member

  • Member
  • PipPip
  • 13 posts
Hello all,

10 days ago, my teenage daughter downloaded via Firefox a program called MyScrapNook, ostensibly a picture editing add-on for Firefox. I only use Chrome, but the following day, I happened to accidentally click on the Quick Launch button for Firefox in my Windows menu bar. When I did that, Firefox loaded with two tabs, one being a "MyWebSearch" tab, and the other being the MyScrapNook site or tab or whatever. When it began loading, I got an hourglass which stayed up for an uncharacteristically long time...this combined with the two suspicious tabs prompted my suspicions that it was running malware. Since I have run MBAM (free) and AVG (free) on all my computers since my first run in with malware several years ago, I immediately opened MBAM and ran the Quick Scan. It came back with several nasty looking files selected for quarantine / or deletion, which I completed. Then, I restarted and ran a full scan in MBAM and in AVG. The full scan in MBAM revealed something like 80+ infected files, which I completed the prompts for quarantine / or deletion. I then ran CCCleaner as well, just to clean up any left-over stuff from all that garbage. It found several additional files related to MyScrapNook / or mywebsearch.com, and I followed the prompts for deletion.

I restarted, and everything seemed to be ok....until my laptop started randomly shutting down completely within hours...like, right in the middle of doing anything, all power is abruptly terminated (no BSOD), even when plugged in. The power LED on the front of the laptop goes out, and the power button is completely unresponsive. This happens whether the computer is plugged in or on battery, and can happen 5 minutes after OS boot, or 2 hours....though usually it's somewhere in between the two. The only way to power the PC back on is to remove/replace the battery while the power cord is disconnected, and then it will start. If I shut the computer down properly, the power button works fine. This problem occurs in Normal mode, and in every version of Safe Mode.

I've been trying to find the root cause of this problem using Sophos, Speccy, Advanced System Care, GMER, and catchme.exe, as well as uninstalling Firefox, uninstalling / reinstalling MBAM and AVG, all to no avail. I also ran a couple of system scans using Windows Defender, and some boot scan processes (integrity maybe?) that I'm not familiar with. In some of my "research" on this issue, I found some references to a potential overheating issue of my CPU / or motherboard or HDD....when I downloaded SpeedFan to check temperatures and possibly adjust fan speeds to cool the hardware better, I found that all of my temperatures were in the unacceptably high range, however I could not figure out how to get speedfan.exe to increase fan speed in any detectable or verifiable way...plus, since I did not have this problem until the malware was installed and the shutdowns will occur whether the pc has been on for only a few minutes or a few hours, I'm guessing that if the laptop is in fact overheating, it's not due to an incredibly coincidental hardware failure independent of the malware issue, but would instead be either overheating due to the number of malware processes / or services my pc is running now, or some sort of infection of the BIOS or CMOS (or whatever would control fan function / speed), that's way out of my league regardless).

Aaaaanyhoo, I'm throwing in the towel on trying to stumble through this thing on my own, and am hoping one of you will be kind and patient enough to help me diagnose and fix this very frustrating problem.

Thanks for reading...because of this issue, please be patient with me in awaiting my response. Resolving this is very important to me, and I will be using this forum and thread exclusively to troubleshoot / fix, so my responses / follow-up should be within an hour or two of a request for information / action, unless my laptop goes even more haywire. Thanks for understanding and thanks for reading. Here's the OTL Quick Scan log as requested:

OTL logfile created on: 7/6/2012 12:54:39 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kim Calhoun\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 60.70% Memory free
5.74 Gb Paging File | 3.87 Gb Available in Paging File | 67.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 137.60 Gb Free Space | 62.20% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: Kim Calhoun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 12:53:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
PRC - [2012/07/05 11:02:17 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/05 10:26:21 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/06/13 03:47:56 | 005,161,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/28 15:56:36 | 000,288,128 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/02/22 04:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/05 11:02:17 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/05 10:26:21 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll
MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll
MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
MOD - [2010/02/22 04:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/14 14:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/05 10:26:21 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/13 03:47:56 | 005,161,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/26 12:04:52 | 000,913,792 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/05/16 08:19:22 | 000,151,104 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 20:16:45 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/12 12:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/23 15:50:54 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/03/31 20:52:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/03/31 20:52:22 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/03/31 20:52:20 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/03/31 20:52:18 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/09 05:05:48 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B5EF6B0-0BC0-4469-9A7A-91571D5464C1}
IE:64bit: - HKLM\..\SearchScopes\{3B5EF6B0-0BC0-4469-9A7A-91571D5464C1}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F01B088A-10FC-49C5-9342-4DFF4863FADF}
IE - HKLM\..\SearchScopes\{F01B088A-10FC-49C5-9342-4DFF4863FADF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{948D4734-7F50-4EA8-9E09-19F0D30914E7}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-07-05 11:02:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F01B088A-10FC-49C5-9342-4DFF4863FADF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=hp"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:58&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kim Calhoun\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kim Calhoun\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kim Calhoun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/04 15:16:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\8.0.0.40\ [2012/07/03 14:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 14:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.22 [2012/07/03 14:41:43 | 000,000,000 | ---D | M]

[2012/07/03 14:43:45 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/04 15:16:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/07/03 14:41:43 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.22
File not found (No name found) -- C:\USERS\KIM CALHOUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UW1WKZUS.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\KIM CALHOUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UW1WKZUS.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...pr&d=2012-07-05 11:02:18&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Kim Calhoun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Beat the Boot (by Google) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.1_0\
CHR - Extension: Angry Birds = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Word Search Puzzle = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: YouTube = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bloxorz = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\1.0_0\
CHR - Extension: Where is my Water = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdhbajofjlmalpkgdldpdnlkfaaeeid\1.0.1_0\
CHR - Extension: Voodoo Friends = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj\1.0_0\
CHR - Extension: Chain Reaction = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.1_0\
CHR - Extension: Totemo = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmnefpollagcoolkgefkcmgofhhlidpp\2.0.2.181_0\
CHR - Extension: Ultimate Flash Sonic = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\
CHR - Extension: Isoball 3 = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\
CHR - Extension: Blue Radiance = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iecndbkjadcolbcpfjekbldajoaamiao\1.3_0\
CHR - Extension: AVG Safe Search = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Little Alchemy = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: AVG Do Not Track = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: MathBoard Addition = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjpbdojdmdmnoijibadlmpiamcmmmcj\1.1.6_0\
CHR - Extension: Sinuous = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Gmail = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Spot The Differences! = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij\0.0.0.1_0\

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8900AB95-E5D8-4829-926E-1EEE50D6619D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b121cd30-73b9-11e0-ab8c-00266ca9f28c}\Shell - "" = AutoRun
O33 - MountPoints2\{b121cd30-73b9-11e0-ab8c-00266ca9f28c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 12:53:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
[2012/07/05 18:10:46 | 000,024,448 | ---- | C] (IObit) -- C:\windows\SysNative\RegistryDefragBootTime.exe
[2012/07/05 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/07/05 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\IObit
[2012/07/05 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/07/05 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/07/05 16:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/07/05 15:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/07/05 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/07/05 15:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/05 15:02:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/05 15:02:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/05 12:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/05 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/05 12:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/05 12:33:04 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG
[2012/07/05 12:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/05 12:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/07/05 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/05 10:08:24 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Local\PackageAware
[2012/07/05 08:16:32 | 000,000,000 | ---D | C] -- C:\perflogs
[2012/07/04 23:02:40 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Local\ElevatedDiagnostics
[2012/07/04 15:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/03 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/26 10:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/26 10:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/06 12:58:41 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 12:58:41 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 12:53:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
[2012/07/06 12:35:04 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/06 12:35:04 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/06 12:35:04 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/06 12:30:08 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 12:29:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/06 12:29:25 | 2312,089,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 12:19:18 | 101,200,596 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/06 12:09:01 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001UA.job
[2012/07/06 12:04:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 21:20:35 | 000,147,456 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\catchme.exe
[2012/07/05 20:16:45 | 000,033,096 | ---- | M] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2012/07/05 17:49:23 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/07/05 17:49:22 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/07/05 17:07:12 | 000,001,446 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\speedfan.exe - Shortcut.lnk
[2012/07/05 16:09:01 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001Core.job
[2012/07/05 16:01:59 | 000,000,045 | ---- | M] () -- C:\windows\SysWow64\initdebug.nfo
[2012/07/05 15:38:05 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/05 15:02:38 | 000,001,145 | ---- | M] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/05 15:02:38 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 12:38:35 | 000,003,233 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/05 12:32:00 | 000,001,178 | ---- | M] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/05 12:32:00 | 000,001,154 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\AVG PC Tuneup 2011.lnk
[2012/07/05 11:41:18 | 063,871,417 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm.old
[2012/07/05 10:52:41 | 000,528,493 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\AVGInstLog.cab
[2012/07/04 15:16:38 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/04 15:10:39 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/16 17:17:09 | 000,021,574 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\543315_333788820035337_961756943_n.jpg
[2012/06/16 03:35:31 | 000,223,209 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599616674.jpg
[2012/06/16 03:30:45 | 000,154,172 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599616774.jpg
[2012/06/16 03:12:39 | 000,026,983 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\Avf2zOJCEAAHncK.jpg-large
[2012/06/16 03:10:35 | 000,031,916 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\AvgNJ5ECEAA-Xue.jpg
[2012/06/16 03:02:19 | 000,065,609 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599606283.jpg
[2012/06/14 20:04:31 | 040,288,351 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\One Direction All Performance 2010 X Factor.M4A
[2012/06/14 08:28:48 | 005,268,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 21:21:04 | 000,147,456 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\catchme.exe
[2012/07/05 18:43:53 | 000,033,096 | ---- | C] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2012/07/05 17:49:23 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/07/05 17:49:22 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/07/05 17:07:12 | 000,001,446 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\speedfan.exe - Shortcut.lnk
[2012/07/05 16:01:59 | 000,000,045 | ---- | C] () -- C:\windows\SysWow64\initdebug.nfo
[2012/07/05 15:38:05 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/05 15:02:38 | 000,001,145 | ---- | C] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/05 15:02:38 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/05 12:38:35 | 000,003,233 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/05 12:32:00 | 000,001,178 | ---- | C] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/05 12:32:00 | 000,001,154 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\AVG PC Tuneup 2011.lnk
[2012/07/05 10:52:41 | 000,528,493 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\AVGInstLog.cab
[2012/07/03 16:04:01 | 000,000,932 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001UA.job
[2012/07/03 16:04:00 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001Core.job
[2012/06/16 17:17:11 | 000,021,574 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\543315_333788820035337_961756943_n.jpg
[2012/06/16 03:35:33 | 000,223,209 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599616674.jpg
[2012/06/16 03:30:47 | 000,154,172 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599616774.jpg
[2012/06/16 03:12:41 | 000,026,983 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\Avf2zOJCEAAHncK.jpg-large
[2012/06/16 03:10:37 | 000,031,916 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\AvgNJ5ECEAA-Xue.jpg
[2012/06/16 03:02:23 | 000,065,609 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599606283.jpg
[2012/06/14 20:02:38 | 040,288,351 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\One Direction All Performance 2010 X Factor.M4A
[2011/09/17 07:40:59 | 000,000,000 | ---- | C] () -- C:\Users\Kim Calhoun\AppData\Local\{5089B72A-7FF9-483D-B2E8-C6100A1FEC31}
[2011/09/10 22:42:00 | 000,000,132 | ---- | C] () -- C:\Users\Kim Calhoun\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/03 00:27:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/23 23:19:52 | 000,001,112 | ---- | C] () -- C:\windows\hpomdl41.dat.temp
[2011/05/18 17:53:28 | 000,208,761 | ---- | C] () -- C:\windows\hpoins41.dat
[2011/05/18 17:53:28 | 000,001,112 | ---- | C] () -- C:\windows\hpomdl41.dat
[2011/05/03 23:10:43 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/30 16:57:26 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

========== LOP Check ==========

[2012/07/05 12:33:29 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG
[2012/07/03 14:43:57 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG2012
[2011/11/24 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Canon
[2011/07/26 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/20 10:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Dora's Ballet Adventures
[2012/07/03 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Dropbox
[2012/07/05 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\IObit
[2012/05/17 13:16:44 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\SoftGrid Client
[2011/05/01 09:09:22 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/04 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Toshiba
[2011/05/03 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\TP
[2012/02/19 10:31:59 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Unity
[2011/09/11 08:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Western Digital
[2011/04/30 13:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\WinBatch
[2012/07/05 14:47:55 | 000,032,558 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by introspectacle, 06 July 2012 - 03:48 PM.

  • 0

Advertisements

#2
introspectacle
Posted 06 July 2012 - 03:34 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Btw, sorry my original post is so long (compared to many others)....I was trying to follow directions and provide as much info as possible.
  • 0

#3
RKinner
Posted 06 July 2012 - 08:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
speedfan
If it runs hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.
Also prop up the back of the laptop with a book (don't block the vents).

Uninstall Advanced SystemCare 5

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


Ron
  • 0

#4
introspectacle
Posted 06 July 2012 - 10:33 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you very much for the prompt reply. I am working on a complete reply, but because of random shutdown potential, wanted to post a prelim reply letting you know I am working on addressing all of the actions listed in your reply. Thanks again, and I hope to have an update for you within a few hours at most.
  • 0

#5
introspectacle
Posted 06 July 2012 - 11:06 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, this is a preliminary reply to provide feedback on the Speedfan actions you’ve suggested. I will post another reply when I have finished the rest of the action items in your last reply, but wanted to get this info to you since Speedfan doesn't seem to be doing much if anything.

Running Speedfan, have checked the current temps which are as follows:

HDO: 38C
Temp1: 52C
Core 0: 43C

Because the Temp 1 value is > 50C, I followed your direction and checked the "Automatic fan speed", put a book under the laptop as directed, and verified there is no apparent external obstruction of intake or exhaust vents...after an hour, there appears to be no significant change in any of the three temp readings in Speedfan. All three temp readings simply fluctuate occasionally +/- 1 degree. Also, I can detect no apparent increase in fan noise, fan exhaust velocity or temperature, nor any positive response from Speedfan indicating that any speed change has actually taken place or even been attempted. The bottom of the laptop does not seem to be particularly warm either.

More info on remaining action items to follow....thanks again for your help!

Edited by introspectacle, 06 July 2012 - 11:07 PM.

  • 0

#6
RKinner
Posted 06 July 2012 - 11:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
52C isn't hot enough to cause a problem. I've seen them run at 80C tho usually they start running slower in order to protect the CPU.
  • 0

#7
introspectacle
Posted 06 July 2012 - 11:25 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Uninstalled Advanced System Care per your instructions, which appears to have been successful.

Downloaded Process Explorer to desktop using the link you provided, ran as Admin, followed the instructions you provided. I do think I should mention that the list of processes didn't seem to "settle down" much if at all, even after waiting for a few minutes. Not sure if it matters, but the order of processes listed by CPU column value changed constantly with the exception of the top two being System Idle Process and procexp64.exe...here is the text of that report (and I am continuing to complete the remaining actions items):




Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 54.98 0 K 24 K
procexp64.exe 1020 23.12 26,504 K 45,488 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 4.80 0 K 0 K Hardware Interrupts and DPCs
chrome.exe 3524 3.67 16,400 K 24,228 K Google Chrome Google Inc. (Verified) Google Inc
SynTPEnh.exe 2600 3.09 9,048 K 13,500 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
vprot.exe 3548 2.08 8,256 K 13,704 K VProtect Application (Verified) AVG Technologies
explorer.exe 2552 1.60 54,388 K 57,784 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
speedfan.exe 2324 1.42 5,184 K 15,408 K Almico Software (www.almico.com) (Verified) SOKNO S.R.L.
csrss.exe 700 1.14 12,672 K 11,244 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 4 1.13 400 K 1,104 K
svchost.exe 1512 0.62 27,188 K 28,520 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgidsagent.exe 2180 0.61 13,452 K 15,904 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
chrome.exe 1136 0.56 61,960 K 70,808 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 816 0.50 58,812 K 84,808 K Google Chrome Google Inc. (Verified) Google Inc
mbamservice.exe 3216 0.10 110,380 K 52,408 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
avgwdsvc.exe 1640 0.09 9,772 K 10,836 K AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
svchost.exe 920 0.08 3,592 K 9,072 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgtray.exe 3464 0.07 6,588 K 11,136 K AVG Tray Monitor AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
svchost.exe 344 0.05 3,716 K 7,824 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4156 0.05 12,384 K 6,860 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2776 0.05 3,416 K 7,572 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1060 0.02 22,024 K 37,640 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1344 0.02 13,180 K 14,772 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1184 0.02 6,876 K 12,952 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TMachInfo.exe 4076 0.02 34,916 K 33,392 K TSS TMachInfo Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
SearchIndexer.exe 2748 0.02 37,100 K 20,896 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 2112 0.02 6,244 K 14,888 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
avgnsa.exe 2236 0.02 7,896 K 6,688 K AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
svchost.exe 1032 0.01 93,224 K 102,036 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgrsa.exe 360 0.01 44,276 K 1,512 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
csrss.exe 632 0.01 2,104 K 6,824 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WDDMService.exe 1312 < 0.01 75,992 K 6,696 K WD Drive Manager Service WDC (Unable to verify) WDC
TODDSrv.exe 1972 < 0.01 1,296 K 4,504 K TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
spoolsv.exe 1472 < 0.01 7,816 K 14,544 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 688 < 0.01 1,356 K 4,460 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4412 2,352 K 5,792 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2196 1,000 K 2,976 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WINWORD.EXE 4960 18,064 K 30,012 K Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 752 2,444 K 6,780 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WDSmartWareBackgroundService.exe 2064 23,792 K 17,548 K WDSmartWareBackgroundService Memeo (Unable to verify) Memeo
TPwrMain.exe 2720 2,880 K 7,344 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe 4808 2,096 K 6,748 K TosSmartSrv.exe TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSENotify.exe 4484 2,948 K 7,672 K TosSENotify.exe.mui TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosNcCore.exe 3092 1,852 K 6,176 K Message Center TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
ToshibaServiceStation.exe 3256 40,796 K 57,128 K TOSHIBA Service Station TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosCoSrv.exe 2012 2,188 K 4,684 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
ToolbarUpdater.exe 1316 1,384 K 4,508 K ToolbarU Application (Verified) AVG Technologies
TCrdMain.exe 2788 8,364 K 17,008 K TOSHIBA Flash Cards TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhost.exe 2224 2,940 K 6,740 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 4028 792 K 2,484 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 592 17,880 K 18,816 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1912 36,496 K 26,616 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1680 6,532 K 18,608 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1760 1,004 K 3,444 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1728 2,860 K 7,728 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2840 2,216 K 5,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1804 988 K 3,412 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1948 3,684 K 7,440 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2480 4,956 K 9,864 K Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 292 372 K 1,080 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmoothView.exe 2752 768 K 2,336 K SmoothView TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
services.exe 796 5,364 K 9,016 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2020 4,936 K 5,776 K Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
PsiService_2.exe 1828 1,008 K 3,520 K PsiService PsiService Protexis Inc. (Verified) Protexis Inc.
procexp.exe 4840 1,860 K 7,036 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mbamgui.exe 3580 2,204 K 6,608 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 820 2,288 K 4,080 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 812 4,016 K 11,048 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 3556 960 K 3,760 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
igfxtray.exe 2988 1,600 K 5,292 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 2520 1,348 K 4,700 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
CorelIOMonitor.exe 3348 1,408 K 6,008 K Corel File Shell Monitor Corel, Inc. (Verified) Corel Corporation
chrome.exe 3296 19,224 K 19,856 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4968 18,112 K 18,880 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3444 4,416 K 9,328 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3836 37,712 K 17,824 K Google Chrome Google Inc. (Verified) Google Inc
cAudioFilterAgent64.exe 2252 1,524 K 4,744 K Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems, Inc.
avgemca.exe 2260 2,396 K 6,436 K AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
avgcsrva.exe 412 17,908 K 364 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgcsrva.exe 3600 14,804 K 26,996 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
audiodg.exe 4560 16,316 K 16,232 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1604 1,120 K 3,844 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
  • 0

#8
introspectacle
Posted 06 July 2012 - 11:32 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Now working on the aswMBR direction...am I supposed to say Yes or No to the prompt asking if I want to download the latest Avast virus definitions? I am not running Avast, so answer "No" right? (never mind, I just read the part of your reply about accepting the Avast engine, which I assume is the same question with different verbiage. Running now...

Also, should I close out of the Process Explorer or just leave minimized?

Edited by introspectacle, 06 July 2012 - 11:37 PM.

  • 0

#9
RKinner
Posted 06 July 2012 - 11:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Actually you should allow the Avast engine download. It will run a scan using its engine which is IMO better than AVG's.

Looking at your Process Explorer:

This value seems way out of line:

Interrupts n/a 4.80 0 K 0 K Hardware Interrupts and DPCs

I've seen this before on a laptop. Try removing the main battery and running Process Explorer again. Sometimes an old battery will load down the power supply and cause this value to be high.
  • 0

#10
introspectacle
Posted 07 July 2012 - 12:01 AM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, I pulled out the main battery while AC power plugged in...there doesn't seem to be any impact to the Interrupts value you referenced. As part of the fluctuations I referred to previously, the value shown for that process fluctuates from below 1.0 to upwards of 8.5+ and everything in between...all in the span of 30 seconds or less.

Here is a new report generated after I exited Process Explorer, removed the battery, relaunched Process Explorer, and re-ran report after waiting for a minute or two:


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 58.49 0 K 24 K
procexp64.exe 5184 26.32 24,988 K 43,144 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
Interrupts n/a 4.75 0 K 0 K Hardware Interrupts and DPCs
SynTPEnh.exe 2600 2.39 9,024 K 13,652 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
vprot.exe 3548 2.29 8,256 K 13,740 K VProtect Application (Verified) AVG Technologies
speedfan.exe 2324 1.33 5,184 K 15,452 K Almico Software (www.almico.com) (Verified) SOKNO S.R.L.
explorer.exe 2552 1.08 38,428 K 57,976 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 700 0.93 12,672 K 11,604 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 4 0.83 400 K 1,132 K
avgidsagent.exe 2180 0.60 13,876 K 9,392 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
svchost.exe 1032 0.26 92,900 K 101,612 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4156 0.11 12,212 K 6,744 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2748 0.10 37,204 K 21,560 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
avgwdsvc.exe 1640 0.09 9,928 K 11,272 K AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgtray.exe 3464 0.08 6,660 K 11,588 K AVG Tray Monitor AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
svchost.exe 2776 0.05 3,416 K 7,600 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 812 0.05 4,832 K 12,644 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 816 0.03 73,424 K 105,756 K Google Chrome Google Inc. (Verified) Google Inc
TMachInfo.exe 4076 0.02 32,676 K 31,320 K TSS TMachInfo Service TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WLIDSVC.EXE 2112 0.02 6,216 K 14,880 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 1344 0.02 12,960 K 14,788 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1060 0.02 22,828 K 38,212 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgnsa.exe 2236 0.02 6,896 K 1,172 K AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
svchost.exe 1680 0.02 7,228 K 19,800 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 920 0.01 3,668 K 9,132 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgrsa.exe 360 0.01 57,464 K 664 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
csrss.exe 632 0.01 2,104 K 6,820 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
WDDMService.exe 1312 0.01 75,992 K 6,696 K WD Drive Manager Service WDC (Unable to verify) WDC
aswMBR.exe 5244 < 0.01 63,100 K 167,196 K avast! Antirootkit AVAST Software (Unable to verify) AVAST Software
svchost.exe 1912 < 0.01 36,904 K 17,116 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1472 < 0.01 7,672 K 14,476 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1512 < 0.01 27,164 K 28,488 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TODDSrv.exe 1972 < 0.01 1,296 K 4,504 K TDCSrv Application TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe 5172 2,364 K 5,996 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2196 1,000 K 2,976 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WINWORD.EXE 4960 18,064 K 30,076 K Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
winlogon.exe 752 2,444 K 6,784 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 688 1,356 K 4,460 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WDSmartWareBackgroundService.exe 2064 23,792 K 17,548 K WDSmartWareBackgroundService Memeo (Unable to verify) Memeo
TPwrMain.exe 2720 2,880 K 7,348 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSmartSrv.exe 4808 2,096 K 6,748 K TosSmartSrv.exe TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosSENotify.exe 4484 2,948 K 7,672 K TosSENotify.exe.mui TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosNcCore.exe 3092 1,852 K 6,176 K Message Center TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
ToshibaServiceStation.exe 3256 40,796 K 57,128 K TOSHIBA Service Station TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
TosCoSrv.exe 2012 2,188 K 4,684 K TOSHIBA Power Saver TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
ToolbarUpdater.exe 1316 1,384 K 4,508 K ToolbarU Application (Verified) AVG Technologies
TCrdMain.exe 2788 8,364 K 17,008 K TOSHIBA Flash Cards TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
taskhost.exe 2224 7,508 K 8,516 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 4028 792 K 2,484 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 344 3,856 K 8,064 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1184 6,644 K 12,928 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1728 2,860 K 7,728 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 592 17,652 K 18,648 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2840 2,216 K 5,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1804 988 K 3,412 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1948 3,684 K 7,440 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1760 1,004 K 3,444 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 2480 4,956 K 9,864 K Print driver host for 32bit applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 292 372 K 1,080 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SmoothView.exe 2752 768 K 2,336 K SmoothView TOSHIBA Corporation (Verified) TOSHIBA CORPORATION
services.exe 796 5,404 K 9,044 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
PsiService_2.exe 1828 1,008 K 3,520 K PsiService PsiService Protexis Inc. (Verified) Protexis Inc.
procexp.exe 4492 1,856 K 6,976 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
mbamservice.exe 3216 110,940 K 112,308 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamgui.exe 3580 2,256 K 6,712 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 820 2,296 K 4,108 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 3556 960 K 3,760 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
igfxtray.exe 2988 1,600 K 5,292 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 2520 1,348 K 4,700 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
CorelIOMonitor.exe 3348 1,408 K 6,024 K Corel File Shell Monitor Corel, Inc. (Verified) Corel Corporation
chrome.exe 1136 84,492 K 92,652 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3296 19,872 K 21,292 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4968 18,172 K 19,068 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3836 37,712 K 17,824 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 3444 4,416 K 9,328 K Google Chrome Google Inc. (Verified) Google Inc
cAudioFilterAgent64.exe 2252 1,496 K 4,728 K Conexant High Definition Audio Filter Agent Conexant Systems, Inc. (Verified) Conexant Systems, Inc.
avgemca.exe 2260 2,396 K 6,436 K AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies CZ, s.r.o.
avgcsrva.exe 412 15,164 K 348 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgcsrva.exe 3600 16,312 K 352 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
armsvc.exe 1604 1,120 K 3,844 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
  • 0

Advertisements

#11
introspectacle
Posted 07 July 2012 - 12:58 AM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok, Ron, here's the log files from aswMBR.exe and ComboFix...I'm going to call it a night tonight, but I do want to let you know how much I truly appreciate your time, effort, and expertise in helping me get a handle on this problem. I should check back in tomorrow morning around 9 - 11am.

Aaron

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 22:37:52
-----------------------------
22:37:52.615 OS Version: Windows x64 6.1.7601 Service Pack 1
22:37:52.615 Number of processors: 1 586 0x170A
22:37:52.616 ComputerName: PRIVATE UserName:
22:37:53.377 Initialize success
22:42:38.017 AVAST engine defs: 12070700
23:03:21.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:03:21.947 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
23:03:21.985 Disk 0 MBR read successfully
23:03:21.988 Disk 0 MBR scan
23:03:21.998 Disk 0 Windows VISTA default MBR code
23:03:22.009 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:03:22.025 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226546 MB offset 3074048
23:03:22.055 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10428 MB offset 467040256
23:03:22.102 Disk 0 scanning C:\windows\system32\drivers
23:03:34.269 Service scanning
23:04:18.952 Modules scanning
23:04:19.806 AVAST engine scan C:\windows
23:04:21.962 AVAST engine scan C:\windows\system32
23:07:49.198 AVAST engine scan C:\windows\system32\drivers
23:08:02.695 AVAST engine scan C:\Users\Kim Calhoun
23:35:00.563 AVAST engine scan C:\ProgramData
23:39:18.273 Scan finished successfully
23:41:12.264 Disk 0 MBR has been saved successfully to "C:\Users\Kim Calhoun\Desktop\MBR.dat"
23:41:12.279 The log file has been saved successfully to "C:\Users\Kim Calhoun\Desktop\aswMBR.txt"


Here's ComboFix:


ComboFix 12-07-07.01 - Kim Calhoun 07/07/2012 0:15.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1433 [GMT -7:00]
Running from: c:\users\Kim Calhoun\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kim Calhoun\AppData\Local\Temp\sfamcc00001.dll
c:\users\Kim Calhoun\AppData\Local\Temp\sfareca00001.dll
c:\users\KIMCAL~1\AppData\Local\Temp\sfamcc00001.dll
c:\users\KIMCAL~1\AppData\Local\Temp\sfareca00001.dll
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 07:26 . 2012-07-07 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 22:10 . 2012-07-06 22:10 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A08BC22-E433-4DC0-AD15-16CC06B4BA3B}\offreg.dll
2012-07-06 19:36 . 2012-06-18 10:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A08BC22-E433-4DC0-AD15-16CC06B4BA3B}\mpengine.dll
2012-07-06 01:43 . 2012-07-06 03:16 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-06 01:10 . 2012-05-24 17:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-06 00:49 . 2012-07-06 00:49 -------- d-----w- c:\programdata\IObit
2012-07-06 00:49 . 2012-07-06 04:25 -------- d-----w- c:\users\Kim Calhoun\AppData\Roaming\IObit
2012-07-06 00:49 . 2012-07-06 00:49 -------- d-----w- c:\program files (x86)\IObit
2012-07-05 23:01 . 2012-07-07 04:54 -------- d-----w- c:\program files (x86)\SpeedFan
2012-07-05 22:38 . 2012-07-05 22:38 -------- d-----w- c:\program files\Speccy
2012-07-05 22:02 . 2012-07-05 22:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 22:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 19:39 . 2012-07-05 19:39 -------- d-----w- c:\programdata\Sophos
2012-07-05 19:38 . 2012-07-05 19:38 73728 ----a-r- c:\users\Kim Calhoun\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 19:38 . 2012-07-05 19:38 73728 ----a-r- c:\users\Kim Calhoun\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-05 19:38 . 2012-07-05 19:38 73728 ----a-r- c:\users\Kim Calhoun\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-05 19:38 . 2012-07-05 19:38 -------- d-----w- c:\program files (x86)\Sophos
2012-07-05 19:33 . 2012-07-05 19:33 -------- d-----w- c:\users\Kim Calhoun\AppData\Roaming\AVG
2012-07-05 18:02 . 2012-07-05 18:02 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-05 17:08 . 2012-07-05 17:08 -------- d-----w- c:\users\Kim Calhoun\AppData\Local\PackageAware
2012-07-05 15:16 . 2012-07-05 15:16 -------- d-----w- C:\perflogs
2012-07-05 06:02 . 2012-07-05 06:16 -------- d-----w- c:\users\Kim Calhoun\AppData\Local\ElevatedDiagnostics
2012-06-26 17:37 . 2012-06-26 17:37 -------- d-----w- c:\program files (x86)\Oracle
2012-06-26 17:37 . 2012-06-26 17:36 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-26 17:35 . 2012-06-26 17:35 -------- d-----w- c:\programdata\McAfee
2012-06-22 01:48 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 01:48 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 01:48 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 01:48 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 01:48 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 01:48 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 01:48 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 01:48 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 01:48 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 00:22 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:22 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:22 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:22 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 00:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 00:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 00:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:22 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:22 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 00:21 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:21 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:21 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 00:21 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 00:21 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 00:21 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 17:36 . 2011-06-08 01:39 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 19:25 . 2011-06-01 14:20 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 17:16 . 2011-06-03 07:27 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-19 11:50 . 2012-04-19 11:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-05 18:02 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-05 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-09 16712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-05 1107552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-04-01 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-04-01 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-04-01 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-04-01 33792]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 40320]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-06 33096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2012-05-16 151104]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-07-09 53488]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-05 935008]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 17:41]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 17:41]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001Core.job
- c:\users\Kim Calhoun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 23:03]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001UA.job
- c:\users\Kim Calhoun\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-03 23:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Bay Photo - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
.
**************************************************************************
.
Completion time: 2012-07-07 00:46:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 07:46
.
Pre-Run: 147,505,807,360 bytes free
Post-Run: 147,259,826,176 bytes free
.
- - End Of File - - 14D89ED51341DB412C1689108DC36060

Edited by introspectacle, 07 July 2012 - 02:08 AM.

  • 0

#12
RKinner
Posted 07 July 2012 - 09:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Too bad the battery didn't help. Would have been a simple fix. Leave it out tho and see if the crashes stop or take longer to happen. IF your power supply is getting weak and heating up them running without the battery should make it last longer.

Combofix didn't find anything. The files it removed are part of SpeedFan. I think it will recreate them the next time it runs so no big deal. It did remove
an orphan (a registry entry that points to a missing file):

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

This is part of your Touchpad system so I would go to the Toshiba website and find the latest drivers for the touchpad for your laptop and download and reinstall. (Probably should right click and Run As Admin when you do install it). While there I would look for the various Toshiba utilities and download and reinstall them too. There were a lot of orphans related to Toshiba utilities:
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
These may have been removed by mistake during your anti-virus activity.

I'm going to be away from the computer most of the morning. Have to be in a parade.
  • 0

#13
introspectacle
Posted 07 July 2012 - 12:47 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hope the parade was fun, Ron....here's the TDSSKiller and MBAM logs (now doing the code copy thing):


11:05:27.0455 3796 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
11:05:28.0875 3796 ============================================================
11:05:28.0875 3796 Current date / time: 2012/07/07 11:05:28.0875
11:05:28.0875 3796 SystemInfo:
11:05:28.0875 3796
11:05:28.0875 3796 OS Version: 6.1.7601 ServicePack: 1.0
11:05:28.0875 3796 Product type: Workstation
11:05:28.0875 3796 ComputerName: PRIVATE
11:05:28.0875 3796 UserName: Kim Calhoun
11:05:28.0875 3796 Windows directory: C:\windows
11:05:28.0875 3796 System windows directory: C:\windows
11:05:28.0875 3796 Running under WOW64
11:05:28.0875 3796 Processor architecture: Intel x64
11:05:28.0875 3796 Number of processors: 1
11:05:28.0875 3796 Page size: 0x1000
11:05:28.0875 3796 Boot type: Normal boot
11:05:28.0875 3796 ============================================================
11:05:29.0436 3796 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:05:29.0436 3796 ============================================================
11:05:29.0436 3796 \Device\Harddisk0\DR0:
11:05:29.0436 3796 MBR partitions:
11:05:29.0436 3796 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BA79000
11:05:29.0436 3796 ============================================================
11:05:29.0467 3796 C: <-> \Device\Harddisk0\DR0\Partition0
11:05:29.0467 3796 ============================================================
11:05:29.0467 3796 Initialize success
11:05:29.0467 3796 ============================================================
11:05:41.0932 4384 ============================================================
11:05:41.0932 4384 Scan started
11:05:41.0932 4384 Mode: Manual;
11:05:41.0932 4384 ============================================================
11:05:42.0447 4384 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:05:42.0447 4384 1394ohci - ok
11:05:42.0493 4384 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:05:42.0493 4384 ACPI - ok
11:05:42.0571 4384 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:05:42.0571 4384 AcpiPmi - ok
11:05:42.0696 4384 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:05:42.0696 4384 AdobeARMservice - ok
11:05:42.0805 4384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
11:05:42.0805 4384 adp94xx - ok
11:05:42.0883 4384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
11:05:42.0899 4384 adpahci - ok
11:05:42.0930 4384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
11:05:42.0930 4384 adpu320 - ok
11:05:42.0961 4384 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:05:42.0961 4384 AeLookupSvc - ok
11:05:43.0055 4384 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:05:43.0071 4384 AFD - ok
11:05:43.0102 4384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:05:43.0102 4384 agp440 - ok
11:05:43.0149 4384 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:05:43.0149 4384 ALG - ok
11:05:43.0164 4384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:05:43.0164 4384 aliide - ok
11:05:43.0195 4384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:05:43.0195 4384 amdide - ok
11:05:43.0258 4384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
11:05:43.0258 4384 AmdK8 - ok
11:05:43.0289 4384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
11:05:43.0289 4384 AmdPPM - ok
11:05:43.0336 4384 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:05:43.0351 4384 amdsata - ok
11:05:43.0383 4384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
11:05:43.0383 4384 amdsbs - ok
11:05:43.0429 4384 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:05:43.0429 4384 amdxata - ok
11:05:43.0461 4384 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\windows\system32\DRIVERS\lgandbus64.sys
11:05:43.0461 4384 Andbus - ok
11:05:43.0507 4384 AndDiag (6487376cbbf73c7f72ba4f48162c7501) C:\windows\system32\DRIVERS\lganddiag64.sys
11:05:43.0507 4384 AndDiag - ok
11:05:43.0539 4384 AndGps (31c0b1139f5c893084c15b2436c9acd5) C:\windows\system32\DRIVERS\lgandgps64.sys
11:05:43.0554 4384 AndGps - ok
11:05:43.0570 4384 ANDModem (3927a2b72fcbcd05b38ae3a6f69203eb) C:\windows\system32\DRIVERS\lgandmodem64.sys
11:05:43.0570 4384 ANDModem - ok
11:05:43.0632 4384 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:05:43.0632 4384 AppID - ok
11:05:43.0679 4384 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:05:43.0679 4384 AppIDSvc - ok
11:05:43.0741 4384 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:05:43.0741 4384 Appinfo - ok
11:05:43.0819 4384 Apple Mobile Device - ok
11:05:43.0913 4384 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
11:05:43.0913 4384 arc - ok
11:05:43.0929 4384 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
11:05:43.0929 4384 arcsas - ok
11:05:43.0960 4384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:05:43.0960 4384 AsyncMac - ok
11:05:44.0007 4384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:05:44.0007 4384 atapi - ok
11:05:44.0116 4384 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
11:05:44.0131 4384 athr - ok
11:05:44.0334 4384 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:05:44.0334 4384 AudioEndpointBuilder - ok
11:05:44.0350 4384 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:05:44.0350 4384 AudioSrv - ok
11:05:44.0880 4384 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:05:44.0911 4384 AVGIDSAgent - ok
11:05:45.0021 4384 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:05:45.0021 4384 AVGIDSDriver - ok
11:05:45.0067 4384 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
11:05:45.0067 4384 AVGIDSFilter - ok
11:05:45.0099 4384 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
11:05:45.0099 4384 AVGIDSHA - ok
11:05:45.0145 4384 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
11:05:45.0161 4384 Avgldx64 - ok
11:05:45.0177 4384 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
11:05:45.0177 4384 Avgmfx64 - ok
11:05:45.0208 4384 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
11:05:45.0208 4384 Avgrkx64 - ok
11:05:45.0255 4384 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
11:05:45.0255 4384 Avgtdia - ok
11:05:45.0348 4384 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:05:45.0348 4384 avgwd - ok
11:05:45.0395 4384 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:05:45.0411 4384 AxInstSV - ok
11:05:45.0457 4384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
11:05:45.0457 4384 b06bdrv - ok
11:05:45.0489 4384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:05:45.0489 4384 b57nd60a - ok
11:05:45.0535 4384 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:05:45.0535 4384 BDESVC - ok
11:05:45.0551 4384 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:05:45.0551 4384 Beep - ok
11:05:45.0613 4384 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:05:45.0613 4384 BFE - ok
11:05:45.0660 4384 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
11:05:45.0676 4384 BITS - ok
11:05:45.0723 4384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:05:45.0723 4384 blbdrive - ok
11:05:45.0754 4384 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:05:45.0754 4384 bowser - ok
11:05:45.0785 4384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
11:05:45.0785 4384 BrFiltLo - ok
11:05:45.0801 4384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
11:05:45.0801 4384 BrFiltUp - ok
11:05:45.0879 4384 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
11:05:45.0879 4384 BridgeMP - ok
11:05:45.0925 4384 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:05:45.0925 4384 Browser - ok
11:05:45.0957 4384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:05:45.0957 4384 Brserid - ok
11:05:45.0988 4384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:05:46.0003 4384 BrSerWdm - ok
11:05:46.0003 4384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:05:46.0003 4384 BrUsbMdm - ok
11:05:46.0019 4384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:05:46.0019 4384 BrUsbSer - ok
11:05:46.0035 4384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
11:05:46.0035 4384 BTHMODEM - ok
11:05:46.0066 4384 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:05:46.0066 4384 bthserv - ok
11:05:46.0113 4384 catchme - ok
11:05:46.0159 4384 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:05:46.0159 4384 cdfs - ok
11:05:46.0222 4384 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
11:05:46.0222 4384 cdrom - ok
11:05:46.0253 4384 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:05:46.0253 4384 CertPropSvc - ok
11:05:46.0300 4384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
11:05:46.0300 4384 circlass - ok
11:05:46.0331 4384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:05:46.0331 4384 CLFS - ok
11:05:46.0409 4384 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:05:46.0409 4384 clr_optimization_v2.0.50727_32 - ok
11:05:46.0471 4384 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:05:46.0471 4384 clr_optimization_v2.0.50727_64 - ok
11:05:46.0534 4384 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:05:46.0565 4384 clr_optimization_v4.0.30319_32 - ok
11:05:46.0596 4384 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:05:46.0596 4384 clr_optimization_v4.0.30319_64 - ok
11:05:46.0643 4384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:05:46.0643 4384 CmBatt - ok
11:05:46.0674 4384 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:05:46.0674 4384 cmdide - ok
11:05:46.0768 4384 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
11:05:46.0768 4384 CNG - ok
11:05:46.0830 4384 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
11:05:46.0830 4384 CnxtHdAudService - ok
11:05:46.0877 4384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
11:05:46.0877 4384 Compbatt - ok
11:05:46.0986 4384 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
11:05:46.0986 4384 CompositeBus - ok
11:05:46.0986 4384 COMSysApp - ok
11:05:47.0017 4384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
11:05:47.0017 4384 crcdisk - ok
11:05:47.0064 4384 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
11:05:47.0064 4384 CryptSvc - ok
11:05:47.0127 4384 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:05:47.0142 4384 DcomLaunch - ok
11:05:47.0173 4384 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:05:47.0173 4384 defragsvc - ok
11:05:47.0220 4384 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:05:47.0220 4384 DfsC - ok
11:05:47.0267 4384 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:05:47.0267 4384 Dhcp - ok
11:05:47.0314 4384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:05:47.0314 4384 discache - ok
11:05:47.0329 4384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
11:05:47.0329 4384 Disk - ok
11:05:47.0361 4384 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:05:47.0361 4384 Dnscache - ok
11:05:47.0407 4384 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:05:47.0407 4384 dot3svc - ok
11:05:47.0423 4384 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:05:47.0423 4384 DPS - ok
11:05:47.0470 4384 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:05:47.0470 4384 drmkaud - ok
11:05:47.0532 4384 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:05:47.0548 4384 DXGKrnl - ok
11:05:47.0595 4384 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:05:47.0595 4384 EapHost - ok
11:05:47.0719 4384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
11:05:47.0813 4384 ebdrv - ok
11:05:47.0938 4384 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:05:47.0938 4384 EFS - ok
11:05:48.0031 4384 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:05:48.0047 4384 ehRecvr - ok
11:05:48.0078 4384 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:05:48.0078 4384 ehSched - ok
11:05:48.0156 4384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
11:05:48.0156 4384 elxstor - ok
11:05:48.0203 4384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:05:48.0203 4384 ErrDev - ok
11:05:48.0281 4384 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:05:48.0281 4384 EventSystem - ok
11:05:48.0312 4384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:05:48.0328 4384 exfat - ok
11:05:48.0343 4384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:05:48.0359 4384 fastfat - ok
11:05:48.0437 4384 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:05:48.0468 4384 Fax - ok
11:05:48.0499 4384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
11:05:48.0499 4384 fdc - ok
11:05:48.0562 4384 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:05:48.0562 4384 fdPHost - ok
11:05:48.0609 4384 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:05:48.0609 4384 FDResPub - ok
11:05:48.0687 4384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:05:48.0687 4384 FileInfo - ok
11:05:48.0733 4384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:05:48.0733 4384 Filetrace - ok
11:05:48.0780 4384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
11:05:48.0780 4384 flpydisk - ok
11:05:48.0843 4384 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:05:48.0843 4384 FltMgr - ok
11:05:48.0967 4384 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:05:48.0983 4384 FontCache - ok
11:05:49.0061 4384 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:05:49.0061 4384 FontCache3.0.0.0 - ok
11:05:49.0108 4384 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:05:49.0108 4384 FsDepends - ok
11:05:49.0139 4384 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
11:05:49.0139 4384 Fs_Rec - ok
11:05:49.0186 4384 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:05:49.0186 4384 fvevol - ok
11:05:49.0233 4384 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
11:05:49.0233 4384 FwLnk - ok
11:05:49.0264 4384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
11:05:49.0264 4384 gagp30kx - ok
11:05:49.0295 4384 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:05:49.0295 4384 GEARAspiWDM - ok
11:05:49.0357 4384 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:05:49.0357 4384 gpsvc - ok
11:05:49.0435 4384 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:49.0435 4384 gupdate - ok
11:05:49.0451 4384 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:05:49.0451 4384 gupdatem - ok
11:05:49.0467 4384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:05:49.0467 4384 hcw85cir - ok
11:05:49.0513 4384 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:05:49.0513 4384 HdAudAddService - ok
11:05:49.0545 4384 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
11:05:49.0545 4384 HDAudBus - ok
11:05:49.0576 4384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
11:05:49.0576 4384 HidBatt - ok
11:05:49.0591 4384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
11:05:49.0591 4384 HidBth - ok
11:05:49.0607 4384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
11:05:49.0607 4384 HidIr - ok
11:05:49.0638 4384 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
11:05:49.0654 4384 hidserv - ok
11:05:49.0701 4384 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:05:49.0701 4384 HidUsb - ok
11:05:49.0747 4384 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:05:49.0747 4384 hkmsvc - ok
11:05:49.0794 4384 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:05:49.0794 4384 HomeGroupListener - ok
11:05:49.0903 4384 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:05:49.0903 4384 HomeGroupProvider - ok
11:05:50.0013 4384 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:05:50.0013 4384 hpqcxs08 - ok
11:05:50.0028 4384 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:05:50.0028 4384 hpqddsvc - ok
11:05:50.0075 4384 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:05:50.0075 4384 HpSAMD - ok
11:05:50.0153 4384 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:05:50.0169 4384 HPSLPSVC - ok
11:05:50.0231 4384 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:05:50.0231 4384 HTTP - ok
11:05:50.0278 4384 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:05:50.0278 4384 hwpolicy - ok
11:05:50.0325 4384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
11:05:50.0340 4384 i8042prt - ok
11:05:50.0371 4384 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
11:05:50.0371 4384 iaStor - ok
11:05:50.0481 4384 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:05:50.0481 4384 iaStorV - ok
11:05:50.0621 4384 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:05:50.0621 4384 idsvc - ok
11:05:51.0042 4384 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
11:05:51.0261 4384 igfx - ok
11:05:51.0370 4384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
11:05:51.0370 4384 iirsp - ok
11:05:51.0432 4384 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:05:51.0432 4384 IKEEXT - ok
11:05:51.0479 4384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:05:51.0479 4384 intelide - ok
11:05:51.0526 4384 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:05:51.0526 4384 intelppm - ok
11:05:51.0541 4384 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:05:51.0557 4384 IPBusEnum - ok
11:05:51.0588 4384 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:05:51.0588 4384 IpFilterDriver - ok
11:05:51.0635 4384 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:05:51.0635 4384 iphlpsvc - ok
11:05:51.0682 4384 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:05:51.0682 4384 IPMIDRV - ok
11:05:51.0729 4384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:05:51.0729 4384 IPNAT - ok
11:05:51.0900 4384 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe
11:05:51.0916 4384 iPod Service - ok
11:05:51.0931 4384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:05:51.0931 4384 IRENUM - ok
11:05:51.0978 4384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:05:51.0978 4384 isapnp - ok
11:05:52.0009 4384 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:05:52.0009 4384 iScsiPrt - ok
11:05:52.0041 4384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
11:05:52.0041 4384 kbdclass - ok
11:05:52.0072 4384 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:05:52.0072 4384 kbdhid - ok
11:05:52.0103 4384 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:05:52.0103 4384 KeyIso - ok
11:05:52.0134 4384 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
11:05:52.0134 4384 KSecDD - ok
11:05:52.0150 4384 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
11:05:52.0165 4384 KSecPkg - ok
11:05:52.0181 4384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:05:52.0181 4384 ksthunk - ok
11:05:52.0212 4384 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:05:52.0228 4384 KtmRm - ok
11:05:52.0275 4384 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
11:05:52.0275 4384 L1C - ok
11:05:52.0337 4384 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
11:05:52.0337 4384 LanmanServer - ok
11:05:52.0431 4384 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:05:52.0431 4384 LanmanWorkstation - ok
11:05:52.0477 4384 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
11:05:52.0493 4384 Leapfrog-USBLAN - ok
11:05:52.0524 4384 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:05:52.0524 4384 lltdio - ok
11:05:52.0602 4384 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:05:52.0602 4384 lltdsvc - ok
11:05:52.0618 4384 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:05:52.0618 4384 lmhosts - ok
11:05:52.0649 4384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
11:05:52.0649 4384 LSI_FC - ok
11:05:52.0696 4384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
11:05:52.0696 4384 LSI_SAS - ok
11:05:52.0711 4384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
11:05:52.0711 4384 LSI_SAS2 - ok
11:05:52.0727 4384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
11:05:52.0727 4384 LSI_SCSI - ok
11:05:52.0789 4384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:05:52.0789 4384 luafv - ok
11:05:52.0899 4384 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\windows\system32\drivers\mbamchameleon.sys
11:05:52.0899 4384 mbamchameleon - ok
11:05:52.0930 4384 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
11:05:52.0930 4384 MBAMProtector - ok
11:05:53.0039 4384 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:05:53.0039 4384 MBAMService - ok
11:05:53.0070 4384 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:05:53.0070 4384 Mcx2Svc - ok
11:05:53.0101 4384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
11:05:53.0117 4384 megasas - ok
11:05:53.0133 4384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
11:05:53.0148 4384 MegaSR - ok
11:05:53.0179 4384 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:05:53.0179 4384 MMCSS - ok
11:05:53.0211 4384 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:05:53.0211 4384 Modem - ok
11:05:53.0226 4384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:05:53.0226 4384 monitor - ok
11:05:53.0273 4384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
11:05:53.0273 4384 mouclass - ok
11:05:53.0304 4384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
11:05:53.0304 4384 mouhid - ok
11:05:53.0351 4384 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:05:53.0351 4384 mountmgr - ok
11:05:53.0398 4384 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:05:53.0398 4384 mpio - ok
11:05:53.0429 4384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:05:53.0429 4384 mpsdrv - ok
11:05:53.0507 4384 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:05:53.0507 4384 MpsSvc - ok
11:05:53.0569 4384 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:05:53.0569 4384 MRxDAV - ok
11:05:53.0616 4384 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:05:53.0616 4384 mrxsmb - ok
11:05:53.0663 4384 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:05:53.0663 4384 mrxsmb10 - ok
11:05:53.0694 4384 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:05:53.0694 4384 mrxsmb20 - ok
11:05:53.0741 4384 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
11:05:53.0741 4384 msahci - ok
11:05:53.0772 4384 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:05:53.0788 4384 msdsm - ok
11:05:53.0881 4384 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:05:53.0881 4384 MSDTC - ok
11:05:53.0928 4384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:05:53.0928 4384 Msfs - ok
11:05:53.0944 4384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:05:53.0944 4384 mshidkmdf - ok
11:05:53.0991 4384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:05:53.0991 4384 msisadrv - ok
11:05:54.0022 4384 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:05:54.0037 4384 MSiSCSI - ok
11:05:54.0037 4384 msiserver - ok
11:05:54.0084 4384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:05:54.0084 4384 MSKSSRV - ok
11:05:54.0084 4384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:05:54.0084 4384 MSPCLOCK - ok
11:05:54.0100 4384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:05:54.0100 4384 MSPQM - ok
11:05:54.0147 4384 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:05:54.0162 4384 MsRPC - ok
11:05:54.0209 4384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
11:05:54.0209 4384 mssmbios - ok
11:05:54.0225 4384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:05:54.0225 4384 MSTEE - ok
11:05:54.0240 4384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
11:05:54.0240 4384 MTConfig - ok
11:05:54.0271 4384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:05:54.0271 4384 Mup - ok
11:05:54.0334 4384 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:05:54.0334 4384 napagent - ok
11:05:54.0365 4384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:05:54.0365 4384 NativeWifiP - ok
11:05:54.0505 4384 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:05:54.0505 4384 NDIS - ok
11:05:54.0537 4384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:05:54.0537 4384 NdisCap - ok
11:05:54.0583 4384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:05:54.0583 4384 NdisTapi - ok
11:05:54.0630 4384 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:05:54.0630 4384 Ndisuio - ok
11:05:54.0677 4384 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:05:54.0677 4384 NdisWan - ok
11:05:54.0693 4384 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:05:54.0693 4384 NDProxy - ok
11:05:54.0724 4384 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
11:05:54.0724 4384 Net Driver HPZ12 - ok
11:05:54.0755 4384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:05:54.0755 4384 NetBIOS - ok
11:05:54.0817 4384 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:05:54.0817 4384 NetBT - ok
11:05:54.0895 4384 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:05:54.0895 4384 Netlogon - ok
11:05:54.0927 4384 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:05:54.0927 4384 Netman - ok
11:05:54.0973 4384 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:05:54.0973 4384 netprofm - ok
11:05:55.0036 4384 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:05:55.0036 4384 NetTcpPortSharing - ok
11:05:55.0083 4384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
11:05:55.0083 4384 nfrd960 - ok
11:05:55.0129 4384 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:05:55.0129 4384 NlaSvc - ok
11:05:55.0145 4384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:05:55.0145 4384 Npfs - ok
11:05:55.0192 4384 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:05:55.0192 4384 nsi - ok
11:05:55.0223 4384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:05:55.0223 4384 nsiproxy - ok
11:05:55.0301 4384 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:05:55.0317 4384 Ntfs - ok
11:05:55.0426 4384 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:05:55.0426 4384 Null - ok
11:05:55.0473 4384 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:05:55.0473 4384 nvraid - ok
11:05:55.0504 4384 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:05:55.0504 4384 nvstor - ok
11:05:55.0535 4384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:05:55.0535 4384 nv_agp - ok
11:05:55.0582 4384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:05:55.0582 4384 ohci1394 - ok
11:05:55.0660 4384 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:05:55.0660 4384 ose - ok
11:05:55.0707 4384 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:05:55.0722 4384 p2pimsvc - ok
11:05:55.0753 4384 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:05:55.0753 4384 p2psvc - ok
11:05:55.0785 4384 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
11:05:55.0800 4384 Parport - ok
11:05:55.0847 4384 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
11:05:55.0847 4384 partmgr - ok
11:05:55.0878 4384 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:05:55.0878 4384 PcaSvc - ok
11:05:55.0925 4384 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:05:55.0941 4384 pci - ok
11:05:56.0019 4384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
11:05:56.0019 4384 pciide - ok
11:05:56.0050 4384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
11:05:56.0050 4384 pcmcia - ok
11:05:56.0081 4384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:05:56.0081 4384 pcw - ok
11:05:56.0112 4384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:05:56.0128 4384 PEAUTH - ok
11:05:56.0190 4384 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:05:56.0190 4384 PerfHost - ok
11:05:56.0315 4384 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:05:56.0331 4384 pla - ok
11:05:56.0424 4384 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:05:56.0440 4384 PlugPlay - ok
11:05:56.0487 4384 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
11:05:56.0487 4384 Pml Driver HPZ12 - ok
11:05:56.0518 4384 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:05:56.0518 4384 PNRPAutoReg - ok
11:05:56.0549 4384 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:05:56.0549 4384 PNRPsvc - ok
11:05:56.0611 4384 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:05:56.0611 4384 PolicyAgent - ok
11:05:56.0643 4384 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:05:56.0658 4384 Power - ok
11:05:56.0721 4384 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:05:56.0721 4384 PptpMiniport - ok
11:05:56.0752 4384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
11:05:56.0752 4384 Processor - ok
11:05:56.0814 4384 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
11:05:56.0814 4384 ProfSvc - ok
11:05:56.0908 4384 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:05:56.0908 4384 ProtectedStorage - ok
11:05:56.0955 4384 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:05:56.0955 4384 Psched - ok
11:05:57.0017 4384 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:05:57.0017 4384 PSI_SVC_2 - ok
11:05:57.0048 4384 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\windows\system32\Drivers\PxHlpa64.sys
11:05:57.0048 4384 PxHlpa64 - ok
11:05:57.0142 4384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
11:05:57.0157 4384 ql2300 - ok
11:05:57.0251 4384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
11:05:57.0267 4384 ql40xx - ok
11:05:57.0298 4384 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:05:57.0298 4384 QWAVE - ok
11:05:57.0329 4384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:05:57.0329 4384 QWAVEdrv - ok
11:05:57.0360 4384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:05:57.0360 4384 RasAcd - ok
11:05:57.0391 4384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:05:57.0391 4384 RasAgileVpn - ok
11:05:57.0423 4384 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:05:57.0438 4384 RasAuto - ok
11:05:57.0485 4384 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:05:57.0485 4384 Rasl2tp - ok
11:05:57.0532 4384 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:05:57.0532 4384 RasMan - ok
11:05:57.0563 4384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:05:57.0563 4384 RasPppoe - ok
11:05:57.0594 4384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:05:57.0594 4384 RasSstp - ok
11:05:57.0641 4384 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:05:57.0641 4384 rdbss - ok
11:05:57.0688 4384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
11:05:57.0688 4384 rdpbus - ok
11:05:57.0703 4384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:05:57.0703 4384 RDPCDD - ok
11:05:57.0719 4384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:05:57.0719 4384 RDPENCDD - ok
11:05:57.0750 4384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:05:57.0750 4384 RDPREFMP - ok
11:05:57.0797 4384 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
11:05:57.0797 4384 RDPWD - ok
11:05:57.0891 4384 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:05:57.0891 4384 rdyboost - ok
11:05:57.0953 4384 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:05:57.0953 4384 RemoteAccess - ok
11:05:58.0000 4384 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:05:58.0000 4384 RemoteRegistry - ok
11:05:58.0062 4384 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:05:58.0062 4384 RpcEptMapper - ok
11:05:58.0093 4384 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:05:58.0093 4384 RpcLocator - ok
11:05:58.0156 4384 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
11:05:58.0156 4384 RpcSs - ok
11:05:58.0187 4384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:05:58.0187 4384 rspndr - ok
11:05:58.0218 4384 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
11:05:58.0218 4384 RSUSBSTOR - ok
11:05:58.0265 4384 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:05:58.0265 4384 SamSs - ok
11:05:58.0296 4384 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:05:58.0296 4384 sbp2port - ok
11:05:58.0343 4384 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:05:58.0343 4384 SCardSvr - ok
11:05:58.0390 4384 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:05:58.0390 4384 scfilter - ok
11:05:58.0499 4384 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:05:58.0515 4384 Schedule - ok
11:05:58.0546 4384 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:05:58.0546 4384 SCPolicySvc - ok
11:05:58.0577 4384 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:05:58.0577 4384 SDRSVC - ok
11:05:58.0639 4384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:05:58.0639 4384 secdrv - ok
11:05:58.0686 4384 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:05:58.0686 4384 seclogon - ok
11:05:58.0702 4384 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
11:05:58.0717 4384 SENS - ok
11:05:58.0733 4384 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:05:58.0733 4384 SensrSvc - ok
11:05:58.0764 4384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
11:05:58.0764 4384 Serenum - ok
11:05:58.0858 4384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
11:05:58.0858 4384 Serial - ok
11:05:58.0905 4384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
11:05:58.0905 4384 sermouse - ok
11:05:58.0967 4384 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:05:58.0967 4384 SessionEnv - ok
11:05:59.0014 4384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:05:59.0014 4384 sffdisk - ok
11:05:59.0045 4384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:05:59.0045 4384 sffp_mmc - ok
11:05:59.0076 4384 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:05:59.0076 4384 sffp_sd - ok
11:05:59.0107 4384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
11:05:59.0107 4384 sfloppy - ok
11:05:59.0170 4384 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:05:59.0185 4384 SharedAccess - ok
11:05:59.0263 4384 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:05:59.0263 4384 ShellHWDetection - ok
11:05:59.0295 4384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
11:05:59.0295 4384 SiSRaid2 - ok
11:05:59.0310 4384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
11:05:59.0310 4384 SiSRaid4 - ok
11:05:59.0326 4384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:05:59.0341 4384 Smb - ok
11:05:59.0388 4384 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:05:59.0388 4384 SNMPTRAP - ok
11:05:59.0622 4384 SophosVirusRemovalTool (5c979403e32b8c53ea6cf6c3423f872d) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
11:05:59.0700 4384 SophosVirusRemovalTool - ok
11:05:59.0778 4384 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\windows\syswow64\speedfan.sys
11:05:59.0778 4384 speedfan - ok
11:05:59.0809 4384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:05:59.0809 4384 spldr - ok
11:05:59.0950 4384 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:05:59.0950 4384 Spooler - ok
11:06:00.0090 4384 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:06:00.0153 4384 sppsvc - ok
11:06:00.0277 4384 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:06:00.0293 4384 sppuinotify - ok
11:06:00.0355 4384 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:06:00.0355 4384 srv - ok
11:06:00.0433 4384 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:06:00.0433 4384 srv2 - ok
11:06:00.0465 4384 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:06:00.0465 4384 srvnet - ok
11:06:00.0511 4384 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:06:00.0511 4384 SSDPSRV - ok
11:06:00.0543 4384 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:06:00.0558 4384 SstpSvc - ok
11:06:00.0589 4384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
11:06:00.0589 4384 stexstor - ok
11:06:00.0636 4384 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
11:06:00.0636 4384 StillCam - ok
11:06:00.0730 4384 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:06:00.0730 4384 stisvc - ok
11:06:00.0792 4384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
11:06:00.0792 4384 swenum - ok
11:06:00.0948 4384 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:06:00.0948 4384 SwitchBoard - ok
11:06:00.0995 4384 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:06:00.0995 4384 swprv - ok
11:06:01.0026 4384 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
11:06:01.0026 4384 SynTP - ok
11:06:01.0151 4384 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:06:01.0167 4384 SysMain - ok
11:06:01.0260 4384 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:06:01.0260 4384 TabletInputService - ok
11:06:01.0307 4384 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:06:01.0307 4384 TapiSrv - ok
11:06:01.0338 4384 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:06:01.0338 4384 TBS - ok
11:06:01.0447 4384 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
11:06:01.0463 4384 Tcpip - ok
11:06:01.0619 4384 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
11:06:01.0635 4384 TCPIP6 - ok
11:06:01.0759 4384 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:06:01.0759 4384 tcpipreg - ok
11:06:01.0806 4384 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
11:06:01.0806 4384 tdcmdpst - ok
11:06:01.0900 4384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:06:01.0900 4384 TDPIPE - ok
11:06:01.0931 4384 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:06:01.0931 4384 TDTCP - ok
11:06:01.0978 4384 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:06:01.0978 4384 tdx - ok
11:06:02.0025 4384 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
11:06:02.0025 4384 TermDD - ok
11:06:02.0071 4384 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:06:02.0087 4384 TermService - ok
11:06:02.0165 4384 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:06:02.0165 4384 Themes - ok
11:06:02.0664 4384 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:06:02.0664 4384 THREADORDER - ok
11:06:02.0758 4384 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:06:02.0758 4384 TMachInfo - ok
11:06:02.0805 4384 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
11:06:02.0805 4384 TODDSrv - ok
11:06:02.0914 4384 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:06:02.0914 4384 TosCoSrv - ok
11:06:02.0992 4384 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:06:03.0007 4384 TOSHIBA HDD SSD Alert Service - ok
11:06:03.0070 4384 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:06:03.0070 4384 TrkWks - ok
11:06:03.0148 4384 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:06:03.0148 4384 TrustedInstaller - ok
11:06:03.0210 4384 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:06:03.0210 4384 tssecsrv - ok
11:06:03.0257 4384 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:06:03.0273 4384 TsUsbFlt - ok
11:06:03.0335 4384 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:06:03.0335 4384 tunnel - ok
11:06:03.0475 4384 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:06:03.0475 4384 TVALZ - ok
11:06:03.0522 4384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
11:06:03.0522 4384 uagp35 - ok
11:06:03.0569 4384 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:06:03.0569 4384 udfs - ok
11:06:03.0631 4384 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:06:03.0631 4384 UI0Detect - ok
11:06:03.0678 4384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:06:03.0694 4384 uliagpkx - ok
11:06:03.0709 4384 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:06:03.0709 4384 umbus - ok
11:06:03.0756 4384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
11:06:03.0756 4384 UmPass - ok
11:06:03.0834 4384 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:06:03.0834 4384 upnphost - ok
11:06:03.0928 4384 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
11:06:03.0928 4384 USBAAPL64 - ok
11:06:03.0975 4384 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
11:06:03.0975 4384 usbaudio - ok
11:06:04.0006 4384 usbbus (e4eb7dd07eeca792a2982ce4622be04b) C:\windows\system32\DRIVERS\lgx64bus.sys
11:06:04.0053 4384 usbbus - ok
11:06:04.0099 4384 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:06:04.0115 4384 usbccgp - ok
11:06:04.0146 4384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:06:04.0146 4384 usbcir - ok
11:06:04.0162 4384 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:06:04.0162 4384 usbehci - ok
11:06:04.0193 4384 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:06:04.0209 4384 usbhub - ok
11:06:04.0240 4384 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:06:04.0240 4384 usbohci - ok
11:06:04.0287 4384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
11:06:04.0287 4384 usbprint - ok
11:06:04.0302 4384 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:06:04.0302 4384 USBSTOR - ok
11:06:04.0349 4384 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
11:06:04.0349 4384 usbuhci - ok
11:06:04.0380 4384 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
11:06:04.0380 4384 usbvideo - ok
11:06:04.0427 4384 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:06:04.0427 4384 UxSms - ok
11:06:04.0458 4384 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:06:04.0458 4384 VaultSvc - ok
11:06:04.0505 4384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:06:04.0521 4384 vdrvroot - ok
11:06:04.0567 4384 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:06:04.0583 4384 vds - ok
11:06:04.0614 4384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:06:04.0614 4384 vga - ok
11:06:04.0645 4384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:06:04.0645 4384 VgaSave - ok
11:06:04.0677 4384 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:06:04.0677 4384 vhdmp - ok
11:06:04.0708 4384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:06:04.0708 4384 viaide - ok
11:06:04.0739 4384 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:06:04.0739 4384 volmgr - ok
11:06:04.0801 4384 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:06:04.0801 4384 volmgrx - ok
11:06:04.0911 4384 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
11:06:04.0911 4384 volsnap - ok
11:06:04.0942 4384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
11:06:04.0957 4384 vsmraid - ok
11:06:05.0035 4384 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:06:05.0051 4384 VSS - ok
11:06:05.0176 4384 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:06:05.0176 4384 vToolbarUpdater11.2.0 - ok
11:06:05.0285 4384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:06:05.0285 4384 vwifibus - ok
11:06:05.0301 4384 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:06:05.0301 4384 vwififlt - ok
11:06:05.0332 4384 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:06:05.0347 4384 W32Time - ok
11:06:05.0379 4384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
11:06:05.0379 4384 WacomPen - ok
11:06:05.0441 4384 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:06:05.0441 4384 WANARP - ok
11:06:05.0441 4384 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:06:05.0441 4384 Wanarpv6 - ok
11:06:05.0535 4384 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:06:05.0550 4384 WatAdminSvc - ok
11:06:05.0628 4384 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:06:05.0644 4384 wbengine - ok
11:06:05.0737 4384 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:06:05.0737 4384 WbioSrvc - ok
11:06:05.0800 4384 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:06:05.0800 4384 wcncsvc - ok
11:06:05.0893 4384 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:06:05.0893 4384 WcsPlugInService - ok
11:06:05.0956 4384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
11:06:05.0956 4384 Wd - ok
11:06:05.0987 4384 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
11:06:06.0003 4384 WDC_SAM - ok
11:06:06.0081 4384 WDDMService (fa24fbe15a8036387ecc013d06094f3d) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:06:06.0081 4384 WDDMService - ok
11:06:06.0112 4384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:06:06.0112 4384 Wdf01000 - ok
11:06:06.0143 4384 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:06:06.0143 4384 WdiServiceHost - ok
11:06:06.0159 4384 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:06:06.0159 4384 WdiSystemHost - ok
11:06:06.0237 4384 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
11:06:06.0237 4384 WDSmartWareBackgroundService - ok
11:06:06.0283 4384 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:06:06.0283 4384 WebClient - ok
11:06:06.0315 4384 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:06:06.0330 4384 Wecsvc - ok
11:06:06.0346 4384 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:06:06.0346 4384 wercplsupport - ok
11:06:06.0361 4384 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:06:06.0377 4384 WerSvc - ok
11:06:06.0439 4384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:06:06.0439 4384 WfpLwf - ok
11:06:06.0455 4384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:06:06.0455 4384 WIMMount - ok
11:06:06.0533 4384 WinDefend - ok
11:06:06.0549 4384 WinHttpAutoProxySvc - ok
11:06:06.0611 4384 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:06:06.0611 4384 Winmgmt - ok
11:06:06.0720 4384 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:06:06.0751 4384 WinRM - ok
11:06:06.0876 4384 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:06:06.0876 4384 WinUsb - ok
11:06:06.0954 4384 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:06:06.0954 4384 Wlansvc - ok
11:06:07.0095 4384 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:06:07.0095 4384 wlcrasvc - ok
11:06:07.0235 4384 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:06:07.0251 4384 wlidsvc - ok
11:06:07.0391 4384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:06:07.0391 4384 WmiAcpi - ok
11:06:07.0469 4384 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:06:07.0469 4384 wmiApSrv - ok
11:06:07.0531 4384 WMPNetworkSvc - ok
11:06:07.0563 4384 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:06:07.0563 4384 WPCSvc - ok
11:06:07.0625 4384 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:06:07.0625 4384 WPDBusEnum - ok
11:06:07.0656 4384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:06:07.0656 4384 ws2ifsl - ok
11:06:07.0687 4384 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
11:06:07.0687 4384 wscsvc - ok
11:06:07.0719 4384 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
11:06:07.0719 4384 WSDPrintDevice - ok
11:06:07.0734 4384 WSearch - ok
11:06:07.0859 4384 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
11:06:07.0937 4384 wuauserv - ok
11:06:08.0062 4384 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:06:08.0062 4384 WudfPf - ok
11:06:08.0093 4384 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:06:08.0093 4384 WUDFRd - ok
11:06:08.0124 4384 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:06:08.0140 4384 wudfsvc - ok
11:06:08.0171 4384 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:06:08.0187 4384 WwanSvc - ok
11:06:08.0233 4384 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:06:08.0389 4384 \Device\Harddisk0\DR0 - ok
11:06:08.0405 4384 Boot (0x1200) (f0dd1e264c067963ab34e1dd5ea255a7) \Device\Harddisk0\DR0\Partition0
11:06:08.0405 4384 \Device\Harddisk0\DR0\Partition0 - ok
11:06:08.0405 4384 ============================================================
11:06:08.0405 4384 Scan finished
11:06:08.0405 4384 ============================================================
11:06:08.0421 2424 Detected object count: 0
11:06:08.0421 2424 Actual detected object count: 0
11:07:13.0551 3564 ============================================================
11:07:13.0551 3564 Scan started
11:07:13.0551 3564 Mode: Manual; SigCheck; TDLFS;
11:07:13.0551 3564 ============================================================
11:07:13.0707 3564 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:07:13.0847 3564 1394ohci - ok
11:07:13.0894 3564 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:07:13.0925 3564 ACPI - ok
11:07:13.0956 3564 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:07:14.0034 3564 AcpiPmi - ok
11:07:14.0112 3564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:07:14.0128 3564 AdobeARMservice - ok
11:07:14.0175 3564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
11:07:14.0206 3564 adp94xx - ok
11:07:14.0222 3564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
11:07:14.0237 3564 adpahci - ok
11:07:14.0253 3564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
11:07:14.0268 3564 adpu320 - ok
11:07:14.0315 3564 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:07:14.0471 3564 AeLookupSvc - ok
11:07:14.0565 3564 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:07:14.0612 3564 AFD - ok
11:07:14.0658 3564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:07:14.0674 3564 agp440 - ok
11:07:14.0705 3564 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:07:14.0736 3564 ALG - ok
11:07:14.0783 3564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:07:14.0799 3564 aliide - ok
11:07:14.0814 3564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:07:14.0830 3564 amdide - ok
11:07:14.0877 3564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
11:07:14.0924 3564 AmdK8 - ok
11:07:14.0955 3564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
11:07:14.0970 3564 AmdPPM - ok
11:07:15.0017 3564 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:07:15.0033 3564 amdsata - ok
11:07:15.0080 3564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
11:07:15.0095 3564 amdsbs - ok
11:07:15.0126 3564 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:07:15.0142 3564 amdxata - ok
11:07:15.0173 3564 Andbus (60257f0a7ed9781719a6b7b6f661a5b6) C:\windows\system32\DRIVERS\lgandbus64.sys
11:07:15.0220 3564 Andbus - ok
11:07:15.0251 3564 AndDiag (6487376cbbf73c7f72ba4f48162c7501) C:\windows\system32\DRIVERS\lganddiag64.sys
11:07:15.0267 3564 AndDiag - ok
11:07:15.0282 3564 AndGps (31c0b1139f5c893084c15b2436c9acd5) C:\windows\system32\DRIVERS\lgandgps64.sys
11:07:15.0314 3564 AndGps - ok
11:07:15.0345 3564 ANDModem (3927a2b72fcbcd05b38ae3a6f69203eb) C:\windows\system32\DRIVERS\lgandmodem64.sys
11:07:15.0360 3564 ANDModem - ok
11:07:15.0392 3564 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:07:15.0454 3564 AppID - ok
11:07:15.0485 3564 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:07:15.0532 3564 AppIDSvc - ok
11:07:15.0579 3564 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:07:15.0626 3564 Appinfo - ok
11:07:15.0704 3564 Apple Mobile Device - ok
11:07:15.0735 3564 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
11:07:15.0750 3564 arc - ok
11:07:15.0766 3564 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
11:07:15.0782 3564 arcsas - ok
11:07:15.0813 3564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:07:15.0860 3564 AsyncMac - ok
11:07:15.0906 3564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:07:15.0922 3564 atapi - ok
11:07:16.0000 3564 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
11:07:16.0062 3564 athr - ok
11:07:16.0172 3564 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:07:16.0234 3564 AudioEndpointBuilder - ok
11:07:16.0250 3564 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:07:16.0296 3564 AudioSrv - ok
11:07:16.0530 3564 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:07:16.0624 3564 AVGIDSAgent - ok
11:07:16.0733 3564 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:07:16.0764 3564 AVGIDSDriver - ok
11:07:16.0780 3564 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
11:07:16.0796 3564 AVGIDSFilter - ok
11:07:16.0827 3564 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
11:07:16.0842 3564 AVGIDSHA - ok
11:07:16.0889 3564 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
11:07:16.0905 3564 Avgldx64 - ok
11:07:16.0920 3564 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
11:07:16.0936 3564 Avgmfx64 - ok
11:07:16.0952 3564 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
11:07:16.0967 3564 Avgrkx64 - ok
11:07:17.0014 3564 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
11:07:17.0045 3564 Avgtdia - ok
11:07:17.0139 3564 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:07:17.0154 3564 avgwd - ok
11:07:17.0186 3564 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:07:17.0264 3564 AxInstSV - ok
11:07:17.0310 3564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
11:07:17.0373 3564 b06bdrv - ok
11:07:17.0404 3564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:07:17.0435 3564 b57nd60a - ok
11:07:17.0482 3564 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:07:17.0529 3564 BDESVC - ok
11:07:17.0560 3564 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:07:17.0591 3564 Beep - ok
11:07:17.0654 3564 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:07:17.0716 3564 BFE - ok
11:07:17.0763 3564 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
11:07:17.0825 3564 BITS - ok
11:07:17.0888 3564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:07:17.0919 3564 blbdrive - ok
11:07:17.0950 3564 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:07:17.0981 3564 bowser - ok
11:07:18.0028 3564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
11:07:18.0090 3564 BrFiltLo - ok
11:07:18.0090 3564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
11:07:18.0137 3564 BrFiltUp - ok
11:07:18.0168 3564 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
11:07:18.0215 3564 BridgeMP - ok
11:07:18.0262 3564 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:07:18.0309 3564 Browser - ok
11:07:18.0340 3564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:07:18.0387 3564 Brserid - ok
11:07:18.0434 3564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:07:18.0465 3564 BrSerWdm - ok
11:07:18.0480 3564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:07:18.0512 3564 BrUsbMdm - ok
11:07:18.0543 3564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:07:18.0574 3564 BrUsbSer - ok
11:07:18.0574 3564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
11:07:18.0621 3564 BTHMODEM - ok
11:07:18.0668 3564 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:07:18.0714 3564 bthserv - ok
11:07:18.0730 3564 catchme - ok
11:07:18.0761 3564 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:07:18.0824 3564 cdfs - ok
11:07:18.0870 3564 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
11:07:18.0902 3564 cdrom - ok
11:07:18.0933 3564 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:07:18.0995 3564 CertPropSvc - ok
11:07:19.0026 3564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
11:07:19.0058 3564 circlass - ok
11:07:19.0104 3564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:07:19.0136 3564 CLFS - ok
11:07:19.0198 3564 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:19.0214 3564 clr_optimization_v2.0.50727_32 - ok
11:07:19.0276 3564 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:07:19.0292 3564 clr_optimization_v2.0.50727_64 - ok
11:07:19.0338 3564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:19.0354 3564 clr_optimization_v4.0.30319_32 - ok
11:07:19.0385 3564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:07:19.0401 3564 clr_optimization_v4.0.30319_64 - ok
11:07:19.0432 3564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:07:19.0448 3564 CmBatt - ok
11:07:19.0479 3564 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:07:19.0494 3564 cmdide - ok
11:07:19.0557 3564 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
11:07:19.0588 3564 CNG - ok
11:07:19.0635 3564 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
11:07:19.0666 3564 CnxtHdAudService - ok
11:07:19.0697 3564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
11:07:19.0713 3564 Compbatt - ok
11:07:19.0760 3564 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
11:07:19.0791 3564 CompositeBus - ok
11:07:19.0806 3564 COMSysApp - ok
11:07:19.0838 3564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
11:07:19.0853 3564 crcdisk - ok
11:07:19.0900 3564 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
11:07:19.0962 3564 CryptSvc - ok
11:07:20.0025 3564 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:07:20.0087 3564 DcomLaunch - ok
11:07:20.0134 3564 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:07:20.0181 3564 defragsvc - ok
11:07:20.0228 3564 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:07:20.0290 3564 DfsC - ok
11:07:20.0321 3564 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:07:20.0384 3564 Dhcp - ok
11:07:20.0430 3564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:07:20.0477 3564 discache - ok
11:07:20.0508 3564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
11:07:20.0524 3564 Disk - ok
11:07:20.0555 3564 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:07:20.0618 3564 Dnscache - ok
11:07:20.0664 3564 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:07:20.0711 3564 dot3svc - ok
11:07:20.0742 3564 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:07:20.0805 3564 DPS - ok
11:07:20.0852 3564 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:07:20.0898 3564 drmkaud - ok
11:07:20.0961 3564 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:07:20.0992 3564 DXGKrnl - ok
11:07:21.0023 3564 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:07:21.0086 3564 EapHost - ok
11:07:21.0210 3564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
11:07:21.0273 3564 ebdrv - ok
11:07:21.0398 3564 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:07:21.0444 3564 EFS - ok
11:07:21.0538 3564 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:07:21.0616 3564 ehRecvr - ok
11:07:21.0647 3564 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:07:21.0678 3564 ehSched - ok
11:07:21.0772 3564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
11:07:21.0788 3564 elxstor - ok
11:07:21.0834 3564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:07:21.0866 3564 ErrDev - ok
11:07:21.0912 3564 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:07:21.0975 3564 EventSystem - ok
11:07:22.0006 3564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:07:22.0068 3564 exfat - ok
11:07:22.0100 3564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:07:22.0162 3564 fastfat - ok
11:07:22.0209 3564 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:07:22.0271 3564 Fax - ok
11:07:22.0302 3564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
11:07:22.0334 3564 fdc - ok
11:07:22.0380 3564 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:07:22.0412 3564 fdPHost - ok
11:07:22.0443 3564 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:07:22.0474 3564 FDResPub - ok
11:07:22.0490 3564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:07:22.0505 3564 FileInfo - ok
11:07:22.0521 3564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:07:22.0583 3564 Filetrace - ok
11:07:22.0614 3564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
11:07:22.0630 3564 flpydisk - ok
11:07:22.0677 3564 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:07:22.0692 3564 FltMgr - ok
11:07:22.0770 3564 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:07:22.0833 3564 FontCache - ok
11:07:22.0911 3564 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:07:22.0926 3564 FontCache3.0.0.0 - ok
11:07:22.0973 3564 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:07:22.0989 3564 FsDepends - ok
11:07:23.0020 3564 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
11:07:23.0036 3564 Fs_Rec - ok
11:07:23.0082 3564 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:07:23.0098 3564 fvevol - ok
11:07:23.0129 3564 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
11:07:23.0176 3564 FwLnk - ok
11:07:23.0207 3564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
11:07:23.0223 3564 gagp30kx - ok
11:07:23.0254 3564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
11:07:23.0254 3564 GEARAspiWDM - ok
11:07:23.0316 3564 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:07:23.0394 3564 gpsvc - ok
11:07:23.0472 3564 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:07:23.0488 3564 gupdate - ok
11:07:23.0488 3564 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:07:23.0504 3564 gupdatem - ok
11:07:23.0519 3564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:07:23.0582 3564 hcw85cir - ok
11:07:23.0628 3564 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:07:23.0660 3564 HdAudAddService - ok
11:07:23.0675 3564 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
11:07:23.0722 3564 HDAudBus - ok
11:07:23.0753 3564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
11:07:23.0784 3564 HidBatt - ok
11:07:23.0800 3564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
11:07:23.0816 3564 HidBth - ok
11:07:23.0862 3564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
11:07:23.0878 3564 HidIr - ok
11:07:23.0909 3564 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
11:07:23.0972 3564 hidserv - ok
11:07:24.0003 3564 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:07:24.0018 3564 HidUsb - ok
11:07:24.0065 3564 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:07:24.0128 3564 hkmsvc - ok
11:07:24.0190 3564 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:07:24.0252 3564 HomeGroupListener - ok
11:07:24.0284 3564 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:07:24.0330 3564 HomeGroupProvider - ok
11:07:24.0440 3564 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:07:24.0455 3564 hpqcxs08 - ok
11:07:24.0486 3564 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:07:24.0486 3564 hpqddsvc - ok
11:07:24.0533 3564 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:07:24.0549 3564 HpSAMD - ok
11:07:24.0611 3564 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:07:24.0642 3564 HPSLPSVC - ok
11:07:24.0705 3564 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:07:24.0767 3564 HTTP - ok
11:07:24.0814 3564 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:07:24.0830 3564 hwpolicy - ok
11:07:24.0876 3564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
11:07:24.0892 3564 i8042prt - ok
11:07:24.0939 3564 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
11:07:24.0954 3564 iaStor - ok
11:07:25.0017 3564 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:07:25.0032 3564 iaStorV - ok
11:07:25.0142 3564 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:07:25.0173 3564 idsvc - ok
11:07:25.0485 3564 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
11:07:25.0812 3564 igfx - ok
11:07:25.0922 3564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
11:07:25.0937 3564 iirsp - ok
11:07:26.0000 3564 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:07:26.0062 3564 IKEEXT - ok
11:07:26.0124 3564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:07:26.0124 3564 intelide - ok
11:07:26.0171 3564 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:07:26.0202 3564 intelppm - ok
11:07:26.0234 3564 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:07:26.0296 3564 IPBusEnum - ok
11:07:26.0327 3564 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:07:26.0405 3564 IpFilterDriver - ok
11:07:26.0483 3564 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:07:26.0546 3564 iphlpsvc - ok
11:07:26.0608 3564 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:07:26.0655 3564 IPMIDRV - ok
11:07:26.0702 3564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:07:26.0748 3564 IPNAT - ok
11:07:26.0858 3564 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe
11:07:26.0873 3564 iPod Service - ok
11:07:26.0920 3564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:07:26.0982 3564 IRENUM - ok
11:07:27.0029 3564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:07:27.0029 3564 isapnp - ok
11:07:27.0060 3564 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:07:27.0092 3564 iScsiPrt - ok
11:07:27.0123 3564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
11:07:27.0123 3564 kbdclass - ok
11:07:27.0170 3564 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:07:27.0201 3564 kbdhid - ok
11:07:27.0248 3564 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:07:27.0263 3564 KeyIso - ok
11:07:27.0279 3564 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
11:07:27.0294 3564 KSecDD - ok
11:07:27.0326 3564 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
11:07:27.0341 3564 KSecPkg - ok
11:07:27.0372 3564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:07:27.0435 3564 ksthunk - ok
11:07:27.0482 3564 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:07:27.0528 3564 KtmRm - ok
11:07:27.0575 3564 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
11:07:27.0591 3564 L1C - ok
11:07:27.0638 3564 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
11:07:27.0700 3564 LanmanServer - ok
11:07:27.0747 3564 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:07:27.0794 3564 LanmanWorkstation - ok
11:07:27.0840 3564 Leapfrog-USBLAN (797289607a5ebf31353aa5ead141f872) C:\windows\system32\DRIVERS\btblan.sys
11:07:27.0872 3564 Leapfrog-USBLAN - ok
11:07:27.0903 3564 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:07:27.0950 3564 lltdio - ok
11:07:27.0981 3564 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:07:28.0059 3564 lltdsvc - ok
11:07:28.0074 3564 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:07:28.0121 3564 lmhosts - ok
11:07:28.0152 3564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
11:07:28.0168 3564 LSI_FC - ok
11:07:28.0184 3564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
11:07:28.0199 3564 LSI_SAS - ok
11:07:28.0215 3564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
11:07:28.0230 3564 LSI_SAS2 - ok
11:07:28.0246 3564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
11:07:28.0277 3564 LSI_SCSI - ok
11:07:28.0293 3564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:07:28.0340 3564 luafv - ok
11:07:28.0386 3564 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\windows\system32\drivers\mbamchameleon.sys
11:07:28.0402 3564 mbamchameleon - ok
11:07:28.0433 3564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
11:07:28.0464 3564 MBAMProtector - ok
11:07:28.0558 3564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:07:28.0574 3564 MBAMService - ok
11:07:28.0620 3564 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:07:28.0636 3564 Mcx2Svc - ok
11:07:28.0667 3564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
11:07:28.0683 3564 megasas - ok
11:07:28.0698 3564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
11:07:28.0730 3564 MegaSR - ok
11:07:28.0761 3564 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:07:28.0823 3564 MMCSS - ok
11:07:28.0854 3564 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:07:28.0901 3564 Modem - ok
11:07:28.0932 3564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:07:28.0964 3564 monitor - ok
11:07:28.0995 3564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
11:07:29.0010 3564 mouclass - ok
11:07:29.0042 3564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
11:07:29.0073 3564 mouhid - ok
11:07:29.0104 3564 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:07:29.0120 3564 mountmgr - ok
11:07:29.0166 3564 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:07:29.0182 3564 mpio - ok
11:07:29.0213 3564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:07:29.0244 3564 mpsdrv - ok
11:07:29.0322 3564 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:07:29.0385 3564 MpsSvc - ok
11:07:29.0463 3564 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:07:29.0510 3564 MRxDAV - ok
11:07:29.0541 3564 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:07:29.0603 3564 mrxsmb - ok
11:07:29.0650 3564 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:07:29.0697 3564 mrxsmb10 - ok
11:07:29.0728 3564 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:07:29.0744 3564 mrxsmb20 - ok
11:07:29.0775 3564 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
11:07:29.0790 3564 msahci - ok
11:07:29.0837 3564 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:07:29.0853 3564 msdsm - ok
11:07:29.0884 3564 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:07:29.0915 3564 MSDTC - ok
11:07:29.0962 3564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:07:29.0993 3564 Msfs - ok
11:07:30.0009 3564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:07:30.0056 3564 mshidkmdf - ok
11:07:30.0087 3564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:07:30.0118 3564 msisadrv - ok
11:07:30.0134 3564 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:07:30.0196 3564 MSiSCSI - ok
11:07:30.0212 3564 msiserver - ok
11:07:30.0243 3564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:07:30.0305 3564 MSKSSRV - ok
11:07:30.0321 3564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:07:30.0368 3564 MSPCLOCK - ok
11:07:30.0399 3564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:07:30.0461 3564 MSPQM - ok
11:07:30.0492 3564 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:07:30.0524 3564 MsRPC - ok
11:07:30.0570 3564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
11:07:30.0586 3564 mssmbios - ok
11:07:30.0617 3564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:07:30.0680 3564 MSTEE - ok
11:07:30.0695 3564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
11:07:30.0726 3564 MTConfig - ok
11:07:30.0742 3564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:07:30.0758 3564 Mup - ok
11:07:30.0804 3564 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:07:30.0851 3564 napagent - ok
11:07:30.0898 3564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:07:30.0929 3564 NativeWifiP - ok
11:07:31.0007 3564 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:07:31.0038 3564 NDIS - ok
11:07:31.0070 3564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:07:31.0132 3564 NdisCap - ok
11:07:31.0148 3564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:07:31.0194 3564 NdisTapi - ok
11:07:31.0241 3564 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:07:31.0272 3564 Ndisuio - ok
11:07:31.0319 3564 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:07:31.0382 3564 NdisWan - ok
11:07:31.0413 3564 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:07:31.0460 3564 NDProxy - ok
11:07:31.0491 3564 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
11:07:31.0506 3564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:07:31.0506 3564 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:07:31.0538 3564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:07:31.0584 3564 NetBIOS - ok
11:07:31.0616 3564 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:07:31.0678 3564 NetBT - ok
11:07:31.0709 3564 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:07:31.0725 3564 Netlogon - ok
11:07:31.0772 3564 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:07:31.0834 3564 Netman - ok
11:07:31.0865 3564 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:07:31.0928 3564 netprofm - ok
11:07:32.0021 3564 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:07:32.0037 3564 NetTcpPortSharing - ok
11:07:32.0068 3564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
11:07:32.0084 3564 nfrd960 - ok
11:07:32.0130 3564 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:07:32.0193 3564 NlaSvc - ok
11:07:32.0224 3564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:07:32.0255 3564 Npfs - ok
11:07:32.0302 3564 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:07:32.0364 3564 nsi - ok
11:07:32.0396 3564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:07:32.0458 3564 nsiproxy - ok
11:07:32.0536 3564 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:07:32.0583 3564 Ntfs - ok
11:07:32.0676 3564 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:07:32.0708 3564 Null - ok
11:07:32.0754 3564 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:07:32.0770 3564 nvraid - ok
11:07:32.0801 3564 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:07:32.0817 3564 nvstor - ok
11:07:32.0832 3564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:07:32.0864 3564 nv_agp - ok
11:07:32.0895 3564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:07:32.0926 3564 ohci1394 - ok
11:07:33.0020 3564 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:33.0035 3564 ose - ok
11:07:33.0082 3564 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:07:33.0129 3564 p2pimsvc - ok
11:07:33.0176 3564 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:07:33.0191 3564 p2psvc - ok
11:07:33.0238 3564 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
11:07:33.0254 3564 Parport - ok
11:07:33.0300 3564 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
11:07:33.0316 3564 partmgr - ok
11:07:33.0347 3564 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:07:33.0394 3564 PcaSvc - ok
11:07:33.0425 3564 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:07:33.0456 3564 pci - ok
11:07:33.0472 3564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
11:07:33.0488 3564 pciide - ok
11:07:33.0519 3564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
11:07:33.0534 3564 pcmcia - ok
11:07:33.0550 3564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:07:33.0566 3564 pcw - ok
11:07:33.0612 3564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:07:33.0690 3564 PEAUTH - ok
11:07:33.0768 3564 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:07:33.0800 3564 PerfHost - ok
11:07:33.0924 3564 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:07:34.0002 3564 pla - ok
11:07:34.0049 3564 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:07:34.0112 3564 PlugPlay - ok
11:07:34.0143 3564 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
11:07:34.0174 3564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:07:34.0174 3564 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:07:34.0205 3564 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:07:34.0236 3564 PNRPAutoReg - ok
11:07:34.0268 3564 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:07:34.0299 3564 PNRPsvc - ok
11:07:34.0361 3564 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:07:34.0424 3564 PolicyAgent - ok
11:07:34.0470 3564 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:07:34.0533 3564 Power - ok
11:07:34.0595 3564 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:07:34.0658 3564 PptpMiniport - ok
11:07:34.0704 3564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
11:07:34.0736 3564 Processor - ok
11:07:34.0767 3564 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
11:07:34.0829 3564 ProfSvc - ok
11:07:34.0860 3564 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:07:34.0876 3564 ProtectedStorage - ok
11:07:34.0970 3564 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:07:35.0032 3564 Psched - ok
11:07:35.0110 3564 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:07:35.0126 3564 PSI_SVC_2 - ok
11:07:35.0157 3564 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\windows\system32\Drivers\PxHlpa64.sys
11:07:35.0172 3564 PxHlpa64 - ok
11:07:35.0250 3564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
11:07:35.0297 3564 ql2300 - ok
11:07:35.0391 3564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
11:07:35.0406 3564 ql40xx - ok
11:07:35.0438 3564 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:07:35.0469 3564 QWAVE - ok
11:07:35.0500 3564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:07:35.0516 3564 QWAVEdrv - ok
11:07:35.0547 3564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:07:35.0609 3564 RasAcd - ok
11:07:35.0640 3564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:07:35.0687 3564 RasAgileVpn - ok
11:07:35.0718 3564 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:07:35.0781 3564 RasAuto - ok
11:07:35.0828 3564 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:07:35.0890 3564 Rasl2tp - ok
11:07:35.0937 3564 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:07:35.0999 3564 RasMan - ok
11:07:36.0046 3564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:07:36.0093 3564 RasPppoe - ok
11:07:36.0124 3564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:07:36.0186 3564 RasSstp - ok
11:07:36.0218 3564 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:07:36.0280 3564 rdbss - ok
11:07:36.0311 3564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
11:07:36.0358 3564 rdpbus - ok
11:07:36.0389 3564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:07:36.0436 3564 RDPCDD - ok
11:07:36.0467 3564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:07:36.0530 3564 RDPENCDD - ok
11:07:36.0561 3564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:07:36.0608 3564 RDPREFMP - ok
11:07:36.0654 3564 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
11:07:36.0686 3564 RDPWD - ok
11:07:36.0748 3564 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:07:36.0764 3564 rdyboost - ok
11:07:36.0795 3564 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:07:36.0842 3564 RemoteAccess - ok
11:07:36.0888 3564 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:07:36.0935 3564 RemoteRegistry - ok
11:07:36.0951 3564 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:07:36.0998 3564 RpcEptMapper - ok
11:07:37.0029 3564 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:07:37.0076 3564 RpcLocator - ok
11:07:37.0138 3564 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
11:07:37.0185 3564 RpcSs - ok
11:07:37.0200 3564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:07:37.0278 3564 rspndr - ok
11:07:37.0325 3564 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
11:07:37.0341 3564 RSUSBSTOR - ok
11:07:37.0388 3564 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:07:37.0403 3564 SamSs - ok
11:07:37.0450 3564 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:07:37.0466 3564 sbp2port - ok
11:07:37.0512 3564 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:07:37.0559 3564 SCardSvr - ok
11:07:37.0606 3564 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:07:37.0653 3564 scfilter - ok
11:07:37.0715 3564 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:07:37.0793 3564 Schedule - ok
11:07:37.0840 3564 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:07:37.0871 3564 SCPolicySvc - ok
11:07:37.0902 3564 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:07:37.0949 3564 SDRSVC - ok
11:07:38.0012 3564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:07:38.0043 3564 secdrv - ok
11:07:38.0090 3564 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:07:38.0152 3564 seclogon - ok
11:07:38.0183 3564 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
11:07:38.0261 3564 SENS - ok
11:07:38.0277 3564 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:07:38.0339 3564 SensrSvc - ok
11:07:38.0370 3564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
11:07:38.0402 3564 Serenum - ok
11:07:38.0417 3564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
11:07:38.0448 3564 Serial - ok
11:07:38.0480 3564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
11:07:38.0511 3564 sermouse - ok
11:07:38.0573 3564 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:07:38.0636 3564 SessionEnv - ok
11:07:38.0667 3564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:07:38.0729 3564 sffdisk - ok
11:07:38.0760 3564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:07:38.0807 3564 sffp_mmc - ok
11:07:38.0823 3564 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:07:38.0870 3564 sffp_sd - ok
11:07:38.0916 3564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
11:07:38.0948 3564 sfloppy - ok
11:07:38.0979 3564 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:07:39.0057 3564 SharedAccess - ok
11:07:39.0104 3564 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:07:39.0166 3564 ShellHWDetection - ok
11:07:39.0197 3564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
11:07:39.0213 3564 SiSRaid2 - ok
11:07:39.0228 3564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
11:07:39.0244 3564 SiSRaid4 - ok
11:07:39.0275 3564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:07:39.0322 3564 Smb - ok
11:07:39.0353 3564 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:07:39.0400 3564 SNMPTRAP - ok
11:07:39.0618 3564 SophosVirusRemovalTool (5c979403e32b8c53ea6cf6c3423f872d) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
11:07:39.0634 3564 SophosVirusRemovalTool - ok
11:07:39.0712 3564 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\windows\syswow64\speedfan.sys
11:07:39.0728 3564 speedfan - ok
11:07:39.0774 3564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:07:39.0774 3564 spldr - ok
11:07:39.0852 3564 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:07:39.0899 3564 Spooler - ok
11:07:40.0040 3564 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:07:40.0180 3564 sppsvc - ok
11:07:40.0289 3564 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:07:40.0352 3564 sppuinotify - ok
11:07:40.0476 3564 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:07:40.0554 3564 srv - ok
11:07:40.0617 3564 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:07:40.0664 3564 srv2 - ok
11:07:40.0710 3564 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:07:40.0742 3564 srvnet - ok
11:07:40.0773 3564 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:07:40.0851 3564 SSDPSRV - ok
11:07:40.0898 3564 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:07:40.0944 3564 SstpSvc - ok
11:07:40.0976 3564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
11:07:40.0991 3564 stexstor - ok
11:07:41.0022 3564 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
11:07:41.0069 3564 StillCam - ok
11:07:41.0116 3564 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:07:41.0147 3564 stisvc - ok
11:07:41.0194 3564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
11:07:41.0210 3564 swenum - ok
11:07:41.0303 3564 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:07:41.0334 3564 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:07:41.0334 3564 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:07:41.0381 3564 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:07:41.0444 3564 swprv - ok
11:07:41.0490 3564 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
11:07:41.0506 3564 SynTP - ok
11:07:41.0600 3564 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:07:41.0678 3564 SysMain - ok
11:07:41.0787 3564 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:07:41.0834 3564 TabletInputService - ok
11:07:41.0865 3564 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:07:41.0927 3564 TapiSrv - ok
11:07:41.0974 3564 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:07:42.0021 3564 TBS - ok
11:07:42.0130 3564 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
11:07:42.0177 3564 Tcpip - ok
11:07:42.0317 3564 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
11:07:42.0364 3564 TCPIP6 - ok
11:07:42.0473 3564 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:07:42.0536 3564 tcpipreg - ok
11:07:42.0582 3564 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
11:07:42.0598 3564 tdcmdpst - ok
11:07:42.0629 3564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:07:42.0676 3564 TDPIPE - ok
11:07:42.0707 3564 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:07:42.0754 3564 TDTCP - ok
11:07:42.0785 3564 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:07:42.0832 3564 tdx - ok
11:07:42.0863 3564 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
11:07:42.0879 3564 TermDD - ok
11:07:42.0926 3564 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:07:43.0004 3564 TermService - ok
11:07:43.0035 3564 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:07:43.0082 3564 Themes - ok
11:07:43.0128 3564 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:07:43.0175 3564 THREADORDER - ok
11:07:43.0238 3564 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:07:43.0253 3564 TMachInfo - ok
11:07:43.0284 3564 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
11:07:43.0300 3564 TODDSrv - ok
11:07:43.0378 3564 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:07:43.0394 3564 TosCoSrv - ok
11:07:43.0440 3564 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:07:43.0456 3564 TOSHIBA HDD SSD Alert Service - ok
11:07:43.0487 3564 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:07:43.0550 3564 TrkWks - ok
11:07:43.0628 3564 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:07:43.0690 3564 TrustedInstaller - ok
11:07:43.0768 3564 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:07:43.0830 3564 tssecsrv - ok
11:07:43.0877 3564 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:07:43.0924 3564 TsUsbFlt - ok
11:07:43.0971 3564 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:07:44.0033 3564 tunnel - ok
11:07:44.0064 3564 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
11:07:44.0080 3564 TVALZ - ok
11:07:44.0111 3564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
11:07:44.0127 3564 uagp35 - ok
11:07:44.0189 3564 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:07:44.0236 3564 udfs - ok
11:07:44.0267 3564 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:07:44.0298 3564 UI0Detect - ok
11:07:44.0345 3564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:07:44.0361 3564 uliagpkx - ok
11:07:44.0376 3564 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
11:07:44.0392 3564 umbus - ok
11:07:44.0439 3564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
11:07:44.0470 3564 UmPass - ok
11:07:44.0517 3564 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:07:44.0579 3564 upnphost - ok
11:07:44.0626 3564 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\windows\system32\Drivers\usbaapl64.sys
11:07:44.0673 3564 USBAAPL64 - ok
11:07:44.0720 3564 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
11:07:44.0751 3564 usbaudio - ok
11:07:44.0766 3564 usbbus (e4eb7dd07eeca792a2982ce4622be04b) C:\windows\system32\DRIVERS\lgx64bus.sys
11:07:44.0813 3564 usbbus - ok
11:07:44.0844 3564 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:07:44.0891 3564 usbccgp - ok
11:07:44.0938 3564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:07:44.0954 3564 usbcir - ok
11:07:44.0969 3564 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:07:45.0016 3564 usbehci - ok
11:07:45.0047 3564 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:07:45.0078 3564 usbhub - ok
11:07:45.0110 3564 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:07:45.0141 3564 usbohci - ok
11:07:45.0172 3564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
11:07:45.0219 3564 usbprint - ok
11:07:45.0250 3564 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:07:45.0312 3564 USBSTOR - ok
11:07:45.0328 3564 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
11:07:45.0359 3564 usbuhci - ok
11:07:45.0406 3564 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
11:07:45.0437 3564 usbvideo - ok
11:07:45.0468 3564 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:07:45.0562 3564 UxSms - ok
11:07:45.0609 3564 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:07:45.0624 3564 VaultSvc - ok
11:07:45.0671 3564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:07:45.0687 3564 vdrvroot - ok
11:07:45.0734 3564 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:07:45.0796 3564 vds - ok
11:07:45.0827 3564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:07:45.0843 3564 vga - ok
11:07:45.0874 3564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:07:45.0936 3564 VgaSave - ok
11:07:45.0968 3564 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:07:45.0983 3564 vhdmp - ok
11:07:45.0999 3564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:07:46.0014 3564 viaide - ok
11:07:46.0046 3564 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:07:46.0061 3564 volmgr - ok
11:07:46.0124 3564 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:07:46.0139 3564 volmgrx - ok
11:07:46.0186 3564 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
11:07:46.0202 3564 volsnap - ok
11:07:46.0233 3564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
11:07:46.0248 3564 vsmraid - ok
11:07:46.0326 3564 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:07:46.0404 3564 VSS - ok
11:07:46.0607 3564 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:07:46.0638 3564 vToolbarUpdater11.2.0 - ok
11:07:46.0841 3564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:07:46.0872 3564 vwifibus - ok
11:07:46.0935 3564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:07:46.0997 3564 vwififlt - ok
11:07:47.0044 3564 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:07:47.0091 3564 W32Time - ok
11:07:47.0122 3564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
11:07:47.0169 3564 WacomPen - ok
11:07:47.0200 3564 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:07:47.0262 3564 WANARP - ok
11:07:47.0262 3564 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:07:47.0309 3564 Wanarpv6 - ok
11:07:47.0403 3564 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:07:47.0450 3564 WatAdminSvc - ok
11:07:47.0528 3564 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:07:47.0590 3564 wbengine - ok
11:07:47.0668 3564 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:07:47.0699 3564 WbioSrvc - ok
11:07:47.0746 3564 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:07:47.0793 3564 wcncsvc - ok
11:07:47.0808 3564 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:07:47.0840 3564 WcsPlugInService - ok
11:07:47.0902 3564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
11:07:47.0918 3564 Wd - ok
11:07:47.0964 3564 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
11:07:48.0027 3564 WDC_SAM - ok
11:07:48.0089 3564 WDDMService (fa24fbe15a8036387ecc013d06094f3d) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
11:07:48.0105 3564 WDDMService ( UnsignedFile.Multi.Generic ) - warning
11:07:48.0105 3564 WDDMService - detected UnsignedFile.Multi.Generic (1)
11:07:48.0152 3564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:07:48.0183 3564 Wdf01000 - ok
11:07:48.0214 3564 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:07:48.0292 3564 WdiServiceHost - ok
11:07:48.0308 3564 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:07:48.0339 3564 WdiSystemHost - ok
11:07:48.0448 3564 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
11:07:48.0464 3564 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
11:07:48.0464 3564 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
11:07:48.0510 3564 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:07:48.0557 3564 WebClient - ok
11:07:48.0620 3564 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:07:48.0682 3564 Wecsvc - ok
11:07:48.0729 3564 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:07:48.0791 3564 wercplsupport - ok
11:07:48.0838 3564 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:07:48.0885 3564 WerSvc - ok
11:07:48.0963 3564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:07:49.0010 3564 WfpLwf - ok
11:07:49.0025 3564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:07:49.0041 3564 WIMMount - ok
11:07:49.0072 3564 WinDefend - ok
11:07:49.0088 3564 WinHttpAutoProxySvc - ok
11:07:49.0150 3564 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:07:49.0212 3564 Winmgmt - ok
11:07:49.0306 3564 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:07:49.0415 3564 WinRM - ok
11:07:49.0540 3564 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:07:49.0571 3564 WinUsb - ok
11:07:49.0634 3564 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:07:49.0696 3564 Wlansvc - ok
11:07:49.0758 3564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:07:49.0774 3564 wlcrasvc - ok
11:07:49.0899 3564 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:07:49.0946 3564 wlidsvc - ok
11:07:50.0055 3564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:07:50.0102 3564 WmiAcpi - ok
11:07:50.0180 3564 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:07:50.0195 3564 wmiApSrv - ok
11:07:50.0242 3564 WMPNetworkSvc - ok
11:07:50.0273 3564 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:07:50.0304 3564 WPCSvc - ok
11:07:50.0351 3564 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:07:50.0382 3564 WPDBusEnum - ok
11:07:50.0414 3564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:07:50.0476 3564 ws2ifsl - ok
11:07:50.0507 3564 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
11:07:50.0554 3564 wscsvc - ok
11:07:50.0585 3564 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
11:07:50.0632 3564 WSDPrintDevice - ok
11:07:50.0632 3564 WSearch - ok
11:07:50.0741 3564 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
11:07:50.0819 3564 wuauserv - ok
11:07:50.0928 3564 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:07:50.0991 3564 WudfPf - ok
11:07:51.0022 3564 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:07:51.0069 3564 WUDFRd - ok
11:07:51.0116 3564 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:07:51.0147 3564 wudfsvc - ok
11:07:51.0194 3564 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:07:51.0256 3564 WwanSvc - ok
11:07:51.0287 3564 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
11:07:52.0286 3564 \Device\Harddisk0\DR0 - ok
11:07:52.0317 3564 Boot (0x1200) (f0dd1e264c067963ab34e1dd5ea255a7) \Device\Harddisk0\DR0\Partition0
11:07:52.0332 3564 \Device\Harddisk0\DR0\Partition0 - ok
11:07:52.0332 3564 ============================================================
11:07:52.0332 3564 Scan finished
11:07:52.0332 3564 ============================================================
11:07:52.0348 4612 Detected object count: 5
11:07:52.0348 4612 Actual detected object count: 5
11:09:03.0375 4612 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:03.0375 4612 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:03.0375 4612 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:03.0375 4612 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:03.0375 4612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:03.0375 4612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:03.0391 4612 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:03.0391 4612 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:09:03.0391 4612 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
11:09:03.0391 4612 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:13:33.0513 2956 Deinitialize success




Here's the MBAM log:



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kim Calhoun :: PRIVATE [administrator]

7/7/2012 11:42:21 AM
mbam-log-2012-07-07 (11-42-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 213414
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
introspectacle
Posted 07 July 2012 - 01:08 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I completed the integrity scan, and it reported no integrity problems. I'm going to be working on the Event Viewer Tool steps now, but in the meantime here are OTL logs:


OTL logfile created on: 7/7/2012 11:51:14 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kim Calhoun\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.17% Memory free
5.74 Gb Paging File | 4.42 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 137.01 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: Kim Calhoun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 12:53:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
PRC - [2012/07/05 11:02:17 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/05 10:26:21 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/05 11:02:17 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/05 10:26:21 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2008/08/08 17:30:44 | 000,016,712 | R--- | M] () -- C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 17:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/10/14 14:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/05 10:26:21 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/16 08:19:22 | 000,151,104 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe -- (SophosVirusRemovalTool)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/12 12:18:12 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/23 15:50:54 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/03/31 20:52:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/03/31 20:52:22 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/03/31 20:52:20 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/03/31 20:52:18 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/03/31 15:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/01 11:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/09 05:05:48 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3B5EF6B0-0BC0-4469-9A7A-91571D5464C1}
IE:64bit: - HKLM\..\SearchScopes\{3B5EF6B0-0BC0-4469-9A7A-91571D5464C1}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F01B088A-10FC-49C5-9342-4DFF4863FADF}
IE - HKLM\..\SearchScopes\{F01B088A-10FC-49C5-9342-4DFF4863FADF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/g/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{948D4734-7F50-4EA8-9E09-19F0D30914E7}: "URL" = http://www.google.co...&rlz=1I7TSNF_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-07-05 11:02:18&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F01B088A-10FC-49C5-9342-4DFF4863FADF}: "URL" = http://www.google.co...ng}&rlz=1I7TSNF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=hp"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:58&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kim Calhoun\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kim Calhoun\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kim Calhoun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/07 11:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\8.0.0.40\ [2012/07/03 14:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 14:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 17:57:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.22 [2012/07/03 14:41:43 | 000,000,000 | ---D | M]

[2012/07/03 14:43:45 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/07 11:11:31 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/07/03 14:41:43 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\9.0.0.22
File not found (No name found) -- C:\USERS\KIM CALHOUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UW1WKZUS.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\KIM CALHOUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UW1WKZUS.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...pr&d=2012-07-05 11:02:18&v=11.1.0.12&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Kim Calhoun\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Beat the Boot (by Google) = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidgmjkfmbhldhnhkopojimkhhhcpenl\1.0.0.1_0\
CHR - Extension: Angry Birds = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Word Search Puzzle = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\alcobafdkcddhiabfgnongafffchimnl\1.2_0\
CHR - Extension: YouTube = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bloxorz = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\1.0_0\
CHR - Extension: Where is my Water = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdhbajofjlmalpkgdldpdnlkfaaeeid\1.0.1_0\
CHR - Extension: Voodoo Friends = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmedapekkakaehidplfhmblngkelolaj\1.0_0\
CHR - Extension: Chain Reaction = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.1_0\
CHR - Extension: Totemo = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmnefpollagcoolkgefkcmgofhhlidpp\2.0.2.181_0\
CHR - Extension: Ultimate Flash Sonic = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgmfbijldhdncjcipeocgkgbjhaecfp\1.0_0\
CHR - Extension: Isoball 3 = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\
CHR - Extension: Blue Radiance = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\iecndbkjadcolbcpfjekbldajoaamiao\1.3_0\
CHR - Extension: AVG Safe Search = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Little Alchemy = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.12_0\
CHR - Extension: AVG Do Not Track = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: MathBoard Addition = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjpbdojdmdmnoijibadlmpiamcmmmcj\1.1.6_0\
CHR - Extension: Sinuous = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Gmail = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Spot The Differences! = C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij\0.0.0.1_0\

O1 HOSTS File: ([2012/07/07 00:28:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8900AB95-E5D8-4829-926E-1EEE50D6619D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe - (WDC)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe - (Western Digital)
MsConfig:64bit - StartUpFolder: C:^Users^Kim Calhoun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found
MsConfig:64bit - StartUpReg: AdobeBridge - hkey= - key= - C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
MsConfig:64bit - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files (x86)\Napster\napster.exe (Napster)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TosReelTimeMonitor - hkey= - key= - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{4260FD8B-EB85-4A91-93B1-7EFD1CB5204D} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8329030-6E45-847A-8AEF-BF1992314582} - Browser Customizations
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\windows\SysWow64\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 11:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/07 11:24:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/07 11:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/07 11:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/07 11:04:38 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kim Calhoun\Desktop\tdsskiller.exe
[2012/07/07 00:28:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/07 00:13:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/07 00:13:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/07 00:13:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/07 00:13:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/07 00:13:10 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/06 23:47:00 | 004,573,088 | R--- | C] (Swearware) -- C:\Users\Kim Calhoun\Desktop\ComboFix.exe
[2012/07/06 22:26:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kim Calhoun\Desktop\aswMBR.exe
[2012/07/06 22:11:21 | 002,691,184 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Kim Calhoun\Desktop\procexp.exe
[2012/07/06 12:53:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
[2012/07/05 18:10:46 | 000,024,448 | ---- | C] (IObit) -- C:\windows\SysNative\RegistryDefragBootTime.exe
[2012/07/05 17:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/07/05 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\IObit
[2012/07/05 17:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/07/05 16:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2012/07/05 15:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/07/05 15:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/07/05 12:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/05 12:38:35 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/05 12:38:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/05 12:33:04 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG
[2012/07/05 12:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/07/05 12:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/07/05 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/05 10:08:24 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Local\PackageAware
[2012/07/05 08:16:32 | 000,000,000 | ---D | C] -- C:\perflogs
[2012/07/04 23:02:40 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Local\ElevatedDiagnostics
[2012/07/03 16:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kim Calhoun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/26 10:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/26 10:37:01 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/06/26 10:37:01 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/06/26 10:36:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/06/26 10:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/21 18:48:51 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/21 18:48:51 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/21 18:48:51 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/21 18:48:23 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/21 18:48:23 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/21 18:48:23 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/21 18:48:16 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/21 18:48:16 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/14 08:00:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/14 08:00:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/14 08:00:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/14 08:00:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/14 08:00:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/14 08:00:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/14 08:00:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/14 08:00:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/14 08:00:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/14 08:00:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/14 08:00:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/14 08:00:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/14 08:00:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/13 17:22:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/13 17:22:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/13 17:22:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/13 17:22:34 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/13 17:22:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/13 17:22:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/13 17:22:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/13 17:21:54 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/13 17:21:53 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Kim Calhoun\Desktop\*.tmp files -> C:\Users\Kim Calhoun\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 11:24:28 | 000,001,145 | ---- | M] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/07 11:24:28 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 11:22:35 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 11:22:35 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 11:19:36 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/07 11:19:36 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/07 11:19:36 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/07 11:16:06 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 11:15:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/07 11:15:08 | 2312,089,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 11:11:31 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/07 11:09:26 | 101,270,096 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/07 11:09:04 | 000,000,932 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001UA.job
[2012/07/07 11:04:57 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kim Calhoun\Desktop\tdsskiller.exe
[2012/07/07 11:04:05 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 00:28:40 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/06 23:47:16 | 004,573,088 | R--- | M] (Swearware) -- C:\Users\Kim Calhoun\Desktop\ComboFix.exe
[2012/07/06 23:41:12 | 000,000,512 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\MBR.dat
[2012/07/06 22:28:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kim Calhoun\Desktop\aswMBR.exe
[2012/07/06 22:12:00 | 002,691,184 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Kim Calhoun\Desktop\procexp.exe
[2012/07/06 16:09:00 | 000,000,880 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001Core.job
[2012/07/06 12:53:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kim Calhoun\Desktop\OTL.exe
[2012/07/05 21:20:35 | 000,147,456 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\catchme.exe
[2012/07/05 17:07:12 | 000,001,446 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\speedfan.exe - Shortcut.lnk
[2012/07/05 16:01:59 | 000,000,045 | ---- | M] () -- C:\windows\SysWow64\initdebug.nfo
[2012/07/05 15:38:05 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/05 12:38:35 | 000,003,233 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/05 12:32:00 | 000,001,178 | ---- | M] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/05 12:32:00 | 000,001,154 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\AVG PC Tuneup 2011.lnk
[2012/07/05 10:52:41 | 000,528,493 | ---- | M] () -- C:\Users\Kim Calhoun\Desktop\AVGInstLog.cab
[2012/07/04 15:10:39 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/26 10:36:28 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/06/26 10:36:28 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/06/26 10:36:28 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/06/26 10:36:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/06/26 10:36:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/06/16 17:17:09 | 000,021,574 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\543315_333788820035337_961756943_n.jpg
[2012/06/16 03:35:31 | 000,223,209 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599616674.jpg
[2012/06/16 03:30:45 | 000,154,172 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599616774.jpg
[2012/06/16 03:12:39 | 000,026,983 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\Avf2zOJCEAAHncK.jpg-large
[2012/06/16 03:10:35 | 000,031,916 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\AvgNJ5ECEAA-Xue.jpg
[2012/06/16 03:02:19 | 000,065,609 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\599606283.jpg
[2012/06/14 20:04:31 | 040,288,351 | ---- | M] () -- C:\Users\Kim Calhoun\Documents\One Direction All Performance 2010 X Factor.M4A
[2012/06/14 08:28:48 | 005,268,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Kim Calhoun\Desktop\*.tmp files -> C:\Users\Kim Calhoun\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/07 11:24:28 | 000,001,145 | ---- | C] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/07 11:24:28 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 00:13:39 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/07 00:13:39 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/07 00:13:39 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/07 00:13:39 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/07 00:13:39 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/06 23:41:12 | 000,000,512 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\MBR.dat
[2012/07/05 21:21:04 | 000,147,456 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\catchme.exe
[2012/07/05 17:07:12 | 000,001,446 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\speedfan.exe - Shortcut.lnk
[2012/07/05 16:01:59 | 000,000,045 | ---- | C] () -- C:\windows\SysWow64\initdebug.nfo
[2012/07/05 15:38:05 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/05 12:38:35 | 000,003,233 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/05 12:32:00 | 000,001,178 | ---- | C] () -- C:\Users\Kim Calhoun\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/07/05 12:32:00 | 000,001,154 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\AVG PC Tuneup 2011.lnk
[2012/07/05 10:52:41 | 000,528,493 | ---- | C] () -- C:\Users\Kim Calhoun\Desktop\AVGInstLog.cab
[2012/07/03 16:04:01 | 000,000,932 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001UA.job
[2012/07/03 16:04:00 | 000,000,880 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-762180543-3437973954-2724216704-1001Core.job
[2012/06/16 17:17:11 | 000,021,574 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\543315_333788820035337_961756943_n.jpg
[2012/06/16 03:35:33 | 000,223,209 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599616674.jpg
[2012/06/16 03:30:47 | 000,154,172 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599616774.jpg
[2012/06/16 03:12:41 | 000,026,983 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\Avf2zOJCEAAHncK.jpg-large
[2012/06/16 03:10:37 | 000,031,916 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\AvgNJ5ECEAA-Xue.jpg
[2012/06/16 03:02:23 | 000,065,609 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\599606283.jpg
[2012/06/14 20:02:38 | 040,288,351 | ---- | C] () -- C:\Users\Kim Calhoun\Documents\One Direction All Performance 2010 X Factor.M4A
[2011/09/17 07:40:59 | 000,000,000 | ---- | C] () -- C:\Users\Kim Calhoun\AppData\Local\{5089B72A-7FF9-483D-B2E8-C6100A1FEC31}
[2011/09/10 22:42:00 | 000,000,132 | ---- | C] () -- C:\Users\Kim Calhoun\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/06/03 00:27:05 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/05/23 23:19:52 | 000,001,112 | ---- | C] () -- C:\windows\hpomdl41.dat.temp
[2011/05/18 17:53:28 | 000,208,761 | ---- | C] () -- C:\windows\hpoins41.dat
[2011/05/18 17:53:28 | 000,001,112 | ---- | C] () -- C:\windows\hpomdl41.dat
[2011/05/03 23:10:43 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/30 16:57:26 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/07 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Adobe
[2011/05/01 09:09:23 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Adobe Mini Bridge CS5
[2011/04/30 14:54:33 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Apple Computer
[2012/07/05 12:33:29 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG
[2012/07/03 14:43:57 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\AVG2012
[2011/11/24 14:05:55 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Canon
[2011/07/26 12:30:23 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/03 00:27:05 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Corel
[2011/05/20 10:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Dora's Ballet Adventures
[2012/07/03 14:41:59 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Dropbox
[2011/10/14 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Google
[2011/05/18 18:07:52 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\HP
[2011/05/25 19:12:15 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\HpUpdate
[2011/04/30 13:32:26 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Identities
[2011/05/01 13:03:10 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\InstallShield
[2012/07/05 21:25:48 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\IObit
[2011/04/30 13:35:53 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Macromedia
[2012/07/03 12:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Malwarebytes
[2009/07/14 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Media Center Programs
[2012/07/03 14:42:03 | 000,000,000 | --SD | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Microsoft
[2012/07/03 14:42:08 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Mozilla
[2011/05/01 13:15:15 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Roxio
[2012/05/17 13:16:44 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\SoftGrid Client
[2011/05/01 09:09:22 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/07/04 19:18:06 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Toshiba
[2011/05/03 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\TP
[2012/02/19 10:31:59 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Unity
[2011/09/11 08:57:26 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Western Digital
[2011/04/30 13:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\WinBatch
[2011/05/18 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Kim Calhoun\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/21 09:51:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/21 09:51:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/21 09:51:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\KIM CALHOUN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\KIM CALHOUN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\KIM CALHOUN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\KIM CALHOUN\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/06/28 03:28:57 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/21 09:51:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/21 09:51:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/21 09:51:29 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



OTL Extras logfile created on: 7/7/2012 11:51:14 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kim Calhoun\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 67.17% Memory free
5.74 Gb Paging File | 4.42 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.24 Gb Total Space | 137.01 Gb Free Space | 61.93% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: Kim Calhoun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Kim Calhoun\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03484547-CF30-4C09-9B82-CAF2087F8E0A}" = rport=139 | protocol=6 | dir=out | app=system |
"{0941A370-5C91-4DB6-9025-B837EFCD5790}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2541E513-0529-4C6E-9CF0-10B49BD1FBB8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2789A3BA-5969-4C6C-A108-6EF0BBFA70A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{39A7A900-73D7-4DD0-8E9E-CB0CACA8867F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42FC9DA3-2808-4C09-B9A0-EC743E0713ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A742987-7A8C-4A49-85D0-1E1EC3F9F3E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8322DF60-D721-4D13-821E-9B91173BDEAA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{851EC275-D3FE-4CDE-A8EF-CAFC8A7AE53B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A9F480B-C3BD-439F-8007-6462AEF80C55}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{8E70E07B-B1C9-4B24-B220-0F19F4490E22}" = rport=137 | protocol=17 | dir=out | app=system |
"{A17F1F14-DA92-474F-8B09-17ADE5CE7063}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B2E91B3A-1C14-4CE0-94C3-7F65111FEFB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF260BC6-B83C-46E7-8D43-51ADD1A4D44A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{BFDD5E76-1E2F-42A1-8EB7-B64A88A3DC8A}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3838F39-68CC-43BE-9498-4E3D220D881B}" = lport=137 | protocol=17 | dir=in | app=system |
"{CD5858B5-FEDF-4295-A182-2AA7100249C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D09EE6F6-FA00-4CD8-B5CA-F4DF02FF44FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D5672C53-6DC4-4CE4-98D9-8EAECBD75802}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9EA7734-9BFB-406F-8045-56A6A6F6B818}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCD5A86D-EA02-4F46-9407-23FDCD9F379C}" = rport=138 | protocol=17 | dir=out | app=system |
"{E07CA0DD-19A6-4536-97EA-17886AFC57FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5F1279B-65B1-4DA0-A7D6-1D88EADB31D2}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB20C4E5-739F-4FEF-9849-D5923D807933}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0204DF51-9E8C-4BFB-AD8C-1F3C3250A0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{0605CA0C-09DE-4D2B-B150-F12F486A018E}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{11973809-2F79-40D5-9E7C-CBC6BAEC0556}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{130713B0-1B6B-4BB3-99D4-C40E3CAE32EB}" = protocol=1 | dir=in | [email protected],-28543 |
"{14F1B787-A4D8-4472-B388-EC0D6E14FF1E}" = protocol=1 | dir=out | [email protected],-28544 |
"{174F14CD-9CD6-43AA-8667-BF12DF788D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20B3F320-238B-4BA4-93A2-51A28745CE4D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{26E8A799-3398-404C-9DF9-E33A55C36B66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28B2A19D-9AA4-4B2E-B544-61D4E360021B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{29B3A3D9-2AAF-403A-875E-B81BEBE1C7C9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{29CE93AD-4947-4C1C-B733-5516CC240765}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{2A285E67-B62B-4C4B-818E-06C6E03B018C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2CB09A67-6EA4-489D-ADD5-C2E02994BBE8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DBB70EF-F1B7-4C53-AE10-F7C41F405F8F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{327BCDC9-8A4F-4B9E-B260-E2C2AA96C2A2}" = protocol=58 | dir=in | [email protected],-28545 |
"{3941C643-B4EB-4FF9-A687-06D2E89E1BB2}" = protocol=58 | dir=out | [email protected],-28546 |
"{435FBA8D-274D-47E6-AD73-3EA5A4C31283}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4678B0B5-01ED-412F-862D-E7A91A30A606}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{48609358-0DA4-41B4-92B7-AECF93476699}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{48EBE500-55FB-4698-B05E-B98A59B317CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{50A1F02E-101B-4729-A5FC-F0304185CEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{5E6EDC3D-853F-46C8-8438-5D5BC3358A94}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67E9151E-F6F6-42A5-9CE2-3343EF13571B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6C4DBD5F-9463-4AD3-B54F-3C81D98D37B2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79687F32-D205-445D-ADA5-972C02E31B59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{79769851-4BA8-4ED0-AFAE-2581EBD8AFB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{7E525DF9-1947-4DA1-B68F-3205D3AC2E64}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{816AD236-3685-4A55-A23B-9996A20F91A4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{845CC3FB-5FD7-4BBB-AB5F-B4E89C5D32C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91834495-C502-4FDB-B2E7-5067E780538A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9EE96B38-419C-47D3-A09F-00CCA56E6F48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C0D4C984-2895-4F5B-91A6-F96D26D71E35}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{C1A27651-27D5-4851-A8DB-BE9EE2B24C0C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{CADD365C-D496-4A19-88D8-1C5BD7D7FD93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{D0A67F74-599A-42C3-8779-82C6B3D2C37D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{D3485C78-93EC-4B9E-A213-BB3C134B1E9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D963E619-0EC0-45B4-A78E-197128C78314}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{DA958802-D9E7-4C89-843E-7DF9E9C0BDF2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1A17AE-0AEF-4C68-B577-6CEFD43240A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E3911B3D-D42E-447A-A9C2-D0CBD55F3F0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{EA04A737-9351-4BED-8962-50DF03035B80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDD8404A-A3D5-40D7-AB6B-06A0E6C251EF}" = protocol=6 | dir=out | app=system |
"{F003452B-22D6-4CB6-9FDE-04E8A00CBAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F2005113-122F-4386-8020-4714C071A552}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F6609864-498B-41E9-9BA3-A520AF8F024C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F667C140-BF55-40C0-A5DC-8B61C97A1AD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE1D89BC-5906-4BDE-8E0B-4F23249A3978}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B9CE44B-52D0-4B2F-BDFA-56FF4977A790}" = AVG 2012
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B9162E8-4274-4323-A31B-444ECA641B8A}" = Adobe Photoshop Lightroom 2 64-bit
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B36AB323-9849-4486-AB8F-93E64A06E716}" = WD SmartWare
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCD42CCF-9AFF-4BC5-862A-38CCD3C8E8F8}" = HP Photosmart Premium C309g-m All-in-One Driver Software 14.0 Rel. 6
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B03443D-8E0B-453e-8EFC-4490D0D24E6A}" = LG United Mobile Drivers
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39187A4B-7538-4BE7-8BAD-9E83303793AA}" = Toshiba Book Place
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6319C60-D4DF-4D4D-A077-9F46D656E4FB}" = C309g-m
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{EE177519-70E3-4A94-B8DB-FD0B78D1A47E}" = PS_AIO_06_C309g-m_SW_Min
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DPP" = Canon Utilities Digital Photo Professional 3.8
"EOS Utility" = Canon Utilities EOS Utility
"FL Studio 10" = FL Studio 10
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SpeedFan" = SpeedFan (remove only)
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 4:24:51 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 4:40:17 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 4:40:24 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 9:12:39 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 9:12:49 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 10:17:07 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 10:17:19 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 10:28:39 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/8/2012 10:28:48 PM | Computer Name = KimCalhoun-PC | Source = LeapFrog Connect Device Service | ID = 0
Description =

Error - 2/11/2012 12:11:47 AM | Computer Name = KimCalhoun-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 11/22/2011 3:39:09 PM | Computer Name = KimCalhoun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the PlugPlay service.

Error - 11/23/2011 4:52:42 AM | Computer Name = KimCalhoun-PC | Source = DCOM | ID = 10016
Description =

Error - 11/23/2011 5:00:54 AM | Computer Name = KimCalhoun-PC | Source = DCOM | ID = 10016
Description =

Error - 11/23/2011 6:02:35 AM | Computer Name = KimCalhoun-PC | Source = DCOM | ID = 10016
Description =

Error - 11/24/2011 11:41:03 PM | Computer Name = KimCalhoun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/28/2011 11:16:10 AM | Computer Name = KimCalhoun-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{8900AB95-E5D8-4829-926E-1EEE50D6619D}
because another computer on the network has the same name. The server could not
start.

Error - 11/29/2011 3:36:01 PM | Computer Name = KimCalhoun-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{8900AB95-E5D8-4829-926E-1EEE50D6619D}
because another computer on the network has the same name. The server could not
start.

Error - 11/29/2011 9:48:39 PM | Computer Name = KimCalhoun-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{8900AB95-E5D8-4829-926E-1EEE50D6619D}
because another computer on the network has the same name. The server could not
start.

Error - 12/2/2011 3:38:37 PM | Computer Name = KimCalhoun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/3/2011 12:39:42 PM | Computer Name = KimCalhoun-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.


< End of report >

Edited by introspectacle, 07 July 2012 - 03:32 PM.

  • 0

#15
introspectacle
Posted 07 July 2012 - 03:41 PM

introspectacle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have completed the Event Viewer Tool scans...here are the System and Application scan logs:


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/07/2012 2:36:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2012 8:47:08 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 07/07/2012 8:45:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 07/07/2012 8:45:52 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 1:43:13 PM on ?7/?7/?2012 was unexpected.

Log: 'System' Date/Time: 07/07/2012 7:14:28 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 07/07/2012 7:13:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/07/2012 7:12:25 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



Application


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/07/2012 2:40:25 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/07/2012 8:46:18 PM
Type: Error Category: 0
Event: 0 Source: Toshiba App Place
The event description cannot be found.

Log: 'Application' Date/Time: 07/07/2012 7:38:40 PM
Type: Error Category: 0
Event: 63 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Log: 'Application' Date/Time: 07/07/2012 7:16:12 PM
Type: Error Category: 0
Event: 0 Source: Toshiba App Place
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP