Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Widows Update is Missing/Random Audio plays when the Net is connected.

Started by Dougrbi , Aug 01 2012 07:23 PM

  • Please log in to reply

#1
Dougrbi
Posted 01 August 2012 - 07:23 PM

Dougrbi

    Member

  • Member
  • PipPip
  • 57 posts
I showed a trojin of some kind my malwarebytes while looking a thisoldhouse.com. I read in another thread something about Adobe Update and if I remember right I did have an update that didn't work with adobe at the same time.
Tried to run Malwarebytes -it wouldn't run some fake security system was up.
Ran RougeKiller - then Malwarebytes without updating, 6 items removed
Re-boot, then try again to run Malwarebytes, no go, run rougeKiller, run update, then malwarebytes, Issue fixed.
I then think I better run my updates to make sure all is good as I don't see windows security running.
No updates. It is not in the Service directory.
I'm sitting at my computer looking up things and suddenly random audio starts, I close everything still plays, look at my programs running, nothing, things is system processes nothing. Everything works just random Audio. If I shut off my wireless connection, it stops like it was buffered, maybe 5 seconds after the connection stops.
I also tried to follow steps in another thread and it didn't work.
OTL Log is below:

OTL logfile created on: 8/1/2012 6:05:49 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Doug\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 56.22% Memory free
8.12 Gb Paging File | 6.23 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 166.10 Gb Free Space | 58.61% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.59 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 18:05:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Downloads\OTL(1).exe
PRC - [2012/07/27 12:37:14 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
PRC - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/27 12:37:14 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/19 10:03:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
MOD - [2011/07/18 03:27:14 | 000,078,584 | ---- | M] () -- C:\Program Files (x86)\CE\nmsvTree.dll
MOD - [2011/07/18 03:27:12 | 000,644,856 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.dll
MOD - [2011/07/18 03:27:08 | 000,241,912 | ---- | M] () -- C:\Windows\SysWOW64\nmNsp.dll
MOD - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
MOD - [2011/07/18 03:27:02 | 000,182,520 | ---- | M] () -- C:\Windows\SysWOW64\CESpy.dll
MOD - [2011/07/18 03:19:12 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\CE\zlib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\authServer.exe -- (Auth Service)
SRV:64bit: - [2009/03/31 08:00:18 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/31 08:00:02 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/07/27 12:37:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 10:03:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\authServer.exe -- (Auth Service)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/12/08 13:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/12 12:18:20 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2010/12/08 13:12:30 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/11/04 15:54:06 | 000,049,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 15:47:38 | 000,040,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 11:32:26 | 000,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/03/31 09:53:54 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/31 09:48:56 | 010,275,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/31 08:00:28 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/31 07:19:00 | 000,225,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/19 16:02:00 | 000,311,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/30 19:00:22 | 000,172,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 10:26:28 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/12/19 19:24:48 | 000,041,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2008/08/31 11:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/31 11:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/20 19:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/20 19:57:40 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2007/06/20 19:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111149,6902,0,24,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/11 20:58:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]

[2010/01/08 12:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions
[2010/06/29 14:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 17:49:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\[email protected]
[2011/11/10 17:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 10:03:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/19 18:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/08/23 16:49:55 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/19 18:16:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\nmNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84722BE2-2DF7-4342-8A0B-614951F105E7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O24 - Desktop BackupWallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell - "" = AutoRun
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7cca3723-4ffc-11df-b443-00256443b61a}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 17:24:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 17:24:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 17:24:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/01 14:08:21 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
[2012/08/01 13:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB130008337F004639176C44B161
[2012/07/29 06:57:50 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Rainbow Franchise All
[2012/07/29 06:45:56 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\A-Resumes

========== Files - Modified Within 30 Days ==========

[2012/08/01 17:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 17:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 17:37:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/01 17:37:46 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/08/01 17:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 17:37:39 | 4253,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 17:32:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/01 16:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 14:12:08 | 000,006,080 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2012/08/01 14:10:44 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 17:17:19 | 000,862,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 17:17:19 | 000,717,626 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 17:17:19 | 000,147,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 14:03:10 | 000,216,828 | ---- | M] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/07/27 12:37:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 12:37:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/18 18:23:11 | 000,000,732 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/08/01 13:28:23 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\U\800000cb.@
[2012/08/01 13:28:23 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\U\80000000.@
[2012/08/01 13:28:23 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\U\00000001.@
[2012/07/27 14:03:09 | 000,216,828 | ---- | C] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/03/22 09:05:56 | 000,000,008 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\usb.dat
[2012/02/01 13:29:24 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/02/01 12:43:46 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/02/01 12:23:12 | 000,207,238 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/01/03 15:38:11 | 000,009,040 | -HS- | C] () -- C:\Users\Doug\AppData\Local\fiu662ux6gdw64qa1j204p0xtlmlw7ku8avim
[2012/01/03 15:38:11 | 000,009,040 | -HS- | C] () -- C:\ProgramData\fiu662ux6gdw64qa1j204p0xtlmlw7ku8avim
[2011/07/19 09:50:11 | 000,241,912 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
[2011/07/19 09:50:11 | 000,182,520 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
[2011/07/19 09:50:00 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\authServer.exe
[2011/07/01 17:55:51 | 000,000,732 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2011/02/08 22:40:25 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\@
[2011/02/08 22:40:25 | 000,002,048 | -HS- | C] () -- C:\Users\Doug\AppData\Local\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\@
[2010/03/03 11:40:34 | 000,026,311 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\UserTile.png
[2010/02/21 19:47:21 | 000,061,224 | ---- | C] () -- C:\Users\Doug\GoToAssistDownloadHelper.exe
[2009/12/01 02:42:49 | 000,006,080 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2009/11/27 18:29:17 | 000,007,680 | ---- | C] () -- C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 6916 bytes -> C:\Users\Doug\Desktop\Seattle Remodeling LOGO2009.png:Q30lsldxJoudresxAaaqpcawXc

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 01 August 2012 - 09:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This is the latest zero Access infection.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2012/01/03 15:38:11 | 000,009,040 | -HS- | C] () -- C:\Users\Doug\AppData\Local\fiu662ux6gdw64qa1j204p0xtlmlw7ku8avim
[2012/01/03 15:38:11 | 000,009,040 | -HS- | C] () -- C:\ProgramData\fiu662ux6gdw64qa1j204p0xtlmlw7ku8avim

:files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
C:\Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}
C:\Users\Doug\AppData\Local\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
[-HKCU\Software\Classes\clsid\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron

PS I assume you agreed to have Covenant Eyes spyware on your computer and don't want it removed while we removing the other malware?
  • 0

#3
Dougrbi
Posted 02 August 2012 - 09:10 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thanks for getting back so quickly, I had to give up last night as the ComboFix hung, I let it run all night and still had to shut it down. It gave me no log. I hope I got all the logs I should have posted responses at each step would have been better. I don't seam to have a problem right now. Windows update is available I won't do any updates till I hear back.
All the other stuff is below:
/

OTL Extras logfile created on: 8/2/2012 7:37:27 AM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.55% Memory free
8.11 Gb Paging File | 6.37 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 165.53 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.59 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{04F693CE-1C19-4DED-8418-31A9E79212D2}" = Xactimate 25
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (XACTWARE)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Calendar Sync" = Google Calendar Sync
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trusted Software Assistant_is1" = File Type Assistant
"TurboMeeting" = TurboMeeting
"UPCShell" = LeapFrog Connect
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2012 9:56:01 AM | Computer Name = DougLT | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/2/2012 9:57:08 AM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/19/2012 8:22:03 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/19/2012 9:48:37 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 8:12:32 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 6:25:50 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 1:47:44 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:33:04 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 3:11:34 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 11:04:48 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/1/2012 8:43:51 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/2/2012 12:06:26 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/2/2012 9:55:30 AM | Computer Name = DougLT | Source = HTTP | ID = 15016
Description =

Error - 8/2/2012 9:55:34 AM | Computer Name = DougLT | Source = Print | ID = 19
Description = The print spooler failed to share printer TurboMeeting Printer with
shared resource name TurboMeeting Printer. Error 1753. The printer cannot be used
by others on the network.

Error - 8/2/2012 9:57:09 AM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 9:57:09 AM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 9:57:09 AM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 9:57:09 AM | Computer Name = DougLT | Source = Service Control Manager | ID = 7023
Description =

Error - 8/2/2012 9:57:09 AM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =


< End of report >
OTL logfile created on: 8/2/2012 7:37:27 AM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.55% Memory free
8.11 Gb Paging File | 6.37 Gb Available in Paging File | 78.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 165.53 Gb Free Space | 58.41% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.59 Gb Free Space | 38.14% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 18:05:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
PRC - [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
PRC - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 10:03:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
MOD - [2011/07/18 03:27:14 | 000,078,584 | ---- | M] () -- C:\Program Files (x86)\CE\nmsvTree.dll
MOD - [2011/07/18 03:27:12 | 000,644,856 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.dll
MOD - [2011/07/18 03:27:08 | 000,241,912 | ---- | M] () -- C:\Windows\SysWOW64\nmNsp.dll
MOD - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
MOD - [2011/07/18 03:27:02 | 000,182,520 | ---- | M] () -- C:\Windows\SysWOW64\CESpy.dll
MOD - [2011/07/18 03:19:12 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\CE\zlib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\authServer.exe -- (Auth Service)
SRV:64bit: - [2009/03/31 08:00:18 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/31 08:00:02 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/07/27 12:37:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 10:03:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\authServer.exe -- (Auth Service)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/12/08 13:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/12 12:18:20 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2010/12/08 13:12:30 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/11/04 15:54:06 | 000,049,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 15:47:38 | 000,040,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 11:32:26 | 000,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/03/31 09:53:54 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/31 09:48:56 | 010,275,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/31 08:00:28 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/31 07:19:00 | 000,225,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/19 16:02:00 | 000,311,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/30 19:00:22 | 000,172,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 10:26:28 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/12/19 19:24:48 | 000,041,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2008/08/31 11:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/31 11:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/20 19:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/20 19:57:40 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2007/06/20 19:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111149,6902,0,24,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/11 20:58:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]

[2010/01/08 12:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions
[2010/06/29 14:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 17:49:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\[email protected]
[2011/11/10 17:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/19 10:03:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/19 18:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/08/23 16:49:55 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/19 18:16:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\nmNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84722BE2-2DF7-4342-8A0B-614951F105E7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O24 - Desktop BackupWallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell - "" = AutoRun
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7cca3723-4ffc-11df-b443-00256443b61a}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs:64bit: BITS - C:\Windows\SysNative\svchost.exe ()

MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: TurboMeeting - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: TurboMeeting - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 06:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 06:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/02 06:41:47 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Doug\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 06:25:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\tdsskiller.exe
[2012/08/01 21:35:25 | 004,722,680 | ---- | C] (Swearware) -- C:\Users\Doug\Desktop\ComboFix(1).exe
[2012/08/01 20:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
[2012/08/01 18:05:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
[2012/08/01 17:24:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 17:24:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 17:24:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/01 14:08:21 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
[2012/08/01 13:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB130008337F004639176C44B161
[2012/07/29 06:57:50 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Rainbow Franchise All
[2012/07/29 06:45:56 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\A-Resumes

========== Files - Modified Within 30 Days ==========

[2012/08/02 07:37:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 07:32:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 07:28:51 | 000,061,440 | ---- | M] ( ) -- C:\Users\Doug\Desktop\VEW.exe
[2012/08/02 07:12:59 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/08/02 06:55:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 06:55:34 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 06:55:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 06:55:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 06:55:24 | 4253,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 06:43:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 06:42:02 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Doug\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 06:25:40 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\tdsskiller.exe
[2012/08/01 21:35:38 | 004,722,680 | ---- | M] (Swearware) -- C:\Users\Doug\Desktop\ComboFix(1).exe
[2012/08/01 21:26:30 | 000,000,512 | ---- | M] () -- C:\Users\Doug\Desktop\MBR.dat
[2012/08/01 20:58:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
[2012/08/01 20:55:29 | 000,006,080 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2012/08/01 20:53:41 | 000,274,226 | ---- | M] () -- C:\Users\Doug\Desktop\winsock2.reg
[2012/08/01 19:42:12 | 000,862,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 19:42:12 | 000,717,626 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/01 19:42:12 | 000,147,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/01 18:05:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
[2012/07/27 14:03:10 | 000,216,828 | ---- | M] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/07/27 12:37:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 12:37:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/18 18:23:11 | 000,000,732 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/08/02 07:28:51 | 000,061,440 | ---- | C] ( ) -- C:\Users\Doug\Desktop\VEW.exe
[2012/08/02 06:43:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 06:43:20 | 000,024,904 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/01 21:21:19 | 000,000,512 | ---- | C] () -- C:\Users\Doug\Desktop\MBR.dat
[2012/08/01 20:53:41 | 000,274,226 | ---- | C] () -- C:\Users\Doug\Desktop\winsock2.reg
[2012/07/27 14:03:09 | 000,216,828 | ---- | C] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/03/22 09:05:56 | 000,000,008 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\usb.dat
[2012/02/01 13:29:24 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/02/01 12:43:46 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/02/01 12:23:12 | 000,207,238 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/07/19 09:50:11 | 000,241,912 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
[2011/07/19 09:50:11 | 000,182,520 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
[2011/07/19 09:50:00 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\authServer.exe
[2011/07/01 17:55:51 | 000,000,732 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2010/03/03 11:40:34 | 000,026,311 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\UserTile.png
[2010/02/21 19:47:21 | 000,061,224 | ---- | C] () -- C:\Users\Doug\GoToAssistDownloadHelper.exe
[2009/12/01 02:42:49 | 000,006,080 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2009/11/27 18:29:17 | 000,007,680 | ---- | C] () -- C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HM320II
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 283.00GB
Starting Offset: 15770583040
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/11/19 08:42:18 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\33C9A
[2011/11/18 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
[2011/06/30 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Adobe
[2010/04/25 19:23:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Amazon
[2012/06/21 05:29:36 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Apple Computer
[2011/11/28 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CE
[2011/11/18 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
[2009/11/27 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Creative
[2009/12/06 15:49:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CyberLink
[2009/11/27 18:16:45 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Dell
[2011/11/18 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
[2011/11/18 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
[2012/02/16 13:26:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\F8333
[2011/04/14 12:31:31 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FLIR Systems
[2012/03/22 09:08:40 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\FreeFileViewer
[2010/03/29 15:16:03 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Google
[2012/02/01 13:51:46 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\HP
[2009/11/27 18:15:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Identities
[2009/11/29 19:15:24 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Macromedia
[2011/04/22 16:50:33 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Malwarebytes
[2006/11/02 08:07:25 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Media Center Programs
[2012/06/13 17:23:14 | 000,000,000 | --SD | M] -- C:\Users\Doug\AppData\Roaming\Microsoft
[2010/01/08 12:26:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Mozilla
[2011/11/18 16:50:44 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
[2011/11/19 06:29:59 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
[2010/03/03 11:40:34 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PeerNetworking
[2011/11/18 17:34:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
[2011/11/18 14:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
[2009/11/27 18:31:53 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Reallusion
[2011/11/18 18:22:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
[2011/04/14 12:24:02 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ThermaCAM Connect 3
[2011/11/18 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
[2011/11/18 14:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
[2011/11/18 14:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
[2009/12/13 11:19:21 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\Yahoo!
[2011/11/18 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
[2011/11/18 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
[2011/11/18 15:44:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] () MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/24 20:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX10\procs\explorer.exe
[2011/01/16 17:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX9\procs\explorer.exe
[2009/04/24 20:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 20:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 20:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 20:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 20:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX10\h\explorer.exe
[2005/08/16 03:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX9\h\explorer.exe
[2009/04/24 20:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/04/24 20:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 20:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 20:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 19:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 19:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] () MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\SysNative\mswsock.dll
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 00:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] () MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] () MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] () MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SysWOW64\services.exe
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 00:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] () MD5=BA539D2CE99C05A180EC518EA2040D6A -- C:\Windows\SysNative\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 20:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 19:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 19:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/05/26 20:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\winlogon.exe
[2008/01/20 19:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 19:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] () MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\SysWOW64\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] () MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/19 10:03:31 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/19 10:03:31 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/19 10:03:31 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2008/01/20 19:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2008/01/20 19:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2008/01/20 19:49:18 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/04/21 08:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2008/01/20 19:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2008/01/20 19:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2008/01/20 19:48:18 | 000,084,992 | ---- | M] ()
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/04/21 08:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6916 bytes -> C:\Users\Doug\Desktop\Seattle Remodeling LOGO2009.png:Q30lsldxJoudresxAaaqpcawXc

< End of report >
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/08/2012 7:34:04 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/08/2012 1:56:01 PM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 02/08/2012 1:57:08 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/08/2012 1:55:32 PM
Type: Warning Category: 0
Event: 0 Source: LeapFrog Connect Device Service
The event description cannot be found.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 20:59:22
-----------------------------
20:59:22.095 OS Version: Windows x64 6.0.6001 Service Pack 1
20:59:22.095 Number of processors: 2 586 0x170A
20:59:22.096 ComputerName: DOUGLT UserName: Doug
20:59:23.787 Initialize success
21:00:31.496 AVAST engine defs: 12080101
21:01:37.558 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:01:37.562 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3
21:01:37.580 Disk 0 MBR read successfully
21:01:37.584 Disk 0 MBR scan
21:01:37.591 Disk 0 Windows VISTA default MBR code
21:01:37.599 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:01:37.615 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:01:37.630 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
21:01:37.660 Disk 0 scanning C:\Windows\system32\drivers
21:01:47.582 Service scanning
21:02:19.307 Modules scanning
21:02:19.318 Disk 0 trace - called modules:
21:02:19.355 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:02:19.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048ff2c0]
21:02:19.719 3 CLASSPNP.SYS[fffffa6000d37b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004580050]
21:02:21.343 AVAST engine scan C:\Windows
21:02:24.775 AVAST engine scan C:\Windows\system32
21:06:34.140 AVAST engine scan C:\Windows\system32\drivers
21:07:11.342 AVAST engine scan C:\Users\Doug
21:21:19.604 Disk 0 MBR has been saved successfully to "C:\Users\Doug\Desktop\MBR.dat"
21:21:19.620 The log file has been saved successfully to "C:\Users\Doug\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 20:59:22
-----------------------------
20:59:22.095 OS Version: Windows x64 6.0.6001 Service Pack 1
20:59:22.095 Number of processors: 2 586 0x170A
20:59:22.096 ComputerName: DOUGLT UserName: Doug
20:59:23.787 Initialize success
21:00:31.496 AVAST engine defs: 12080101
21:01:37.558 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:01:37.562 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3
21:01:37.580 Disk 0 MBR read successfully
21:01:37.584 Disk 0 MBR scan
21:01:37.591 Disk 0 Windows VISTA default MBR code
21:01:37.599 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:01:37.615 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:01:37.630 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
21:01:37.660 Disk 0 scanning C:\Windows\system32\drivers
21:01:47.582 Service scanning
21:02:19.307 Modules scanning
21:02:19.318 Disk 0 trace - called modules:
21:02:19.355 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:02:19.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048ff2c0]
21:02:19.719 3 CLASSPNP.SYS[fffffa6000d37b3a] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004580050]
21:02:21.343 AVAST engine scan C:\Windows
21:02:24.775 AVAST engine scan C:\Windows\system32
21:06:34.140 AVAST engine scan C:\Windows\system32\drivers
21:07:11.342 AVAST engine scan C:\Users\Doug
21:21:19.604 Disk 0 MBR has been saved successfully to "C:\Users\Doug\Desktop\MBR.dat"
21:21:19.620 The log file has been saved successfully to "C:\Users\Doug\Desktop\aswMBR.txt"
21:21:22.764 AVAST engine scan C:\ProgramData
21:24:41.350 Scan finished successfully
21:26:30.635 Disk 0 MBR has been saved successfully to "C:\Users\Doug\Desktop\MBR.dat"
21:26:30.667 The log file has been saved successfully to "C:\Users\Doug\Desktop\aswMBR.txt"


06:26:18.0790 3044 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:26:19.0304 3044 ============================================================
06:26:19.0304 3044 Current date / time: 2012/08/02 06:26:19.0304
06:26:19.0304 3044 SystemInfo:
06:26:19.0304 3044
06:26:19.0304 3044 OS Version: 6.0.6001 ServicePack: 1.0
06:26:19.0304 3044 Product type: Workstation
06:26:19.0304 3044 ComputerName: DOUGLT
06:26:19.0304 3044 UserName: Doug
06:26:19.0304 3044 Windows directory: C:\Windows
06:26:19.0304 3044 System windows directory: C:\Windows
06:26:19.0304 3044 Running under WOW64
06:26:19.0304 3044 Processor architecture: Intel x64
06:26:19.0304 3044 Number of processors: 2
06:26:19.0304 3044 Page size: 0x1000
06:26:19.0304 3044 Boot type: Normal boot
06:26:19.0304 3044 ============================================================
06:26:19.0726 3044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:26:19.0741 3044 ============================================================
06:26:19.0741 3044 \Device\Harddisk0\DR0:
06:26:19.0741 3044 MBR partitions:
06:26:19.0741 3044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
06:26:19.0741 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
06:26:19.0741 3044 ============================================================
06:26:19.0804 3044 C: <-> \Device\Harddisk0\DR0\Partition1
06:26:19.0835 3044 E: <-> \Device\Harddisk0\DR0\Partition0
06:26:19.0835 3044 ============================================================
06:26:19.0835 3044 Initialize success
06:26:19.0835 3044 ============================================================
06:26:34.0936 3624 ============================================================
06:26:34.0936 3624 Scan started
06:26:34.0936 3624 Mode: Manual;
06:26:34.0936 3624 ============================================================
06:26:35.0341 3624 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
06:26:35.0341 3624 ACPI - ok
06:26:35.0528 3624 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:26:35.0528 3624 AdobeFlashPlayerUpdateSvc - ok
06:26:35.0606 3624 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
06:26:35.0606 3624 adp94xx - ok
06:26:35.0669 3624 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
06:26:35.0669 3624 adpahci - ok
06:26:35.0700 3624 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
06:26:35.0700 3624 adpu160m - ok
06:26:35.0731 3624 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
06:26:35.0731 3624 adpu320 - ok
06:26:35.0778 3624 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
06:26:35.0778 3624 AeLookupSvc - ok
06:26:35.0872 3624 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
06:26:35.0872 3624 AESTFilters - ok
06:26:35.0981 3624 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
06:26:35.0981 3624 AFD - ok
06:26:36.0028 3624 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
06:26:36.0028 3624 agp440 - ok
06:26:36.0074 3624 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
06:26:36.0090 3624 aic78xx - ok
06:26:36.0106 3624 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
06:26:36.0106 3624 ALG - ok
06:26:36.0137 3624 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
06:26:36.0137 3624 aliide - ok
06:26:36.0152 3624 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
06:26:36.0168 3624 amdide - ok
06:26:36.0199 3624 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
06:26:36.0215 3624 AmdK8 - ok
06:26:36.0277 3624 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:26:36.0277 3624 ApfiltrService - ok
06:26:36.0324 3624 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
06:26:36.0324 3624 Appinfo - ok
06:26:36.0371 3624 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
06:26:36.0371 3624 arc - ok
06:26:36.0418 3624 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
06:26:36.0418 3624 arcsas - ok
06:26:36.0449 3624 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
06:26:36.0449 3624 AsyncMac - ok
06:26:36.0480 3624 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
06:26:36.0480 3624 atapi - ok
06:26:36.0558 3624 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
06:26:36.0558 3624 AudioEndpointBuilder - ok
06:26:36.0574 3624 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
06:26:36.0574 3624 AudioSrv - ok
06:26:36.0636 3624 Auth Service (5fe758836d6654f818b478ce6934f66b) C:\Windows\system32\authServer.exe
06:26:36.0652 3624 Auth Service - ok
06:26:36.0761 3624 BcmSqlStartupSvc (2e552b658273b90251e0441631de2ca3) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
06:26:36.0761 3624 BcmSqlStartupSvc - ok
06:26:36.0839 3624 BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
06:26:36.0854 3624 BFE - ok
06:26:36.0886 3624 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
06:26:36.0886 3624 blbdrive - ok
06:26:36.0948 3624 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
06:26:36.0948 3624 bowser - ok
06:26:36.0979 3624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
06:26:36.0979 3624 BrFiltLo - ok
06:26:37.0010 3624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
06:26:37.0010 3624 BrFiltUp - ok
06:26:37.0042 3624 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
06:26:37.0042 3624 Browser - ok
06:26:37.0073 3624 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
06:26:37.0073 3624 Brserid - ok
06:26:37.0104 3624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
06:26:37.0104 3624 BrSerWdm - ok
06:26:37.0104 3624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
06:26:37.0104 3624 BrUsbMdm - ok
06:26:37.0120 3624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
06:26:37.0120 3624 BrUsbSer - ok
06:26:37.0151 3624 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
06:26:37.0151 3624 BTHMODEM - ok
06:26:37.0182 3624 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
06:26:37.0198 3624 cdfs - ok
06:26:37.0198 3624 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
06:26:37.0198 3624 cdrom - ok
06:26:37.0260 3624 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
06:26:37.0260 3624 CertPropSvc - ok
06:26:37.0276 3624 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
06:26:37.0276 3624 circlass - ok
06:26:37.0322 3624 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
06:26:37.0322 3624 CLFS - ok
06:26:37.0400 3624 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:26:37.0400 3624 clr_optimization_v2.0.50727_32 - ok
06:26:37.0478 3624 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:26:37.0478 3624 clr_optimization_v2.0.50727_64 - ok
06:26:37.0556 3624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:26:37.0572 3624 clr_optimization_v4.0.30319_32 - ok
06:26:37.0603 3624 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:26:37.0603 3624 clr_optimization_v4.0.30319_64 - ok
06:26:37.0666 3624 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
06:26:37.0666 3624 CmBatt - ok
06:26:37.0681 3624 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
06:26:37.0681 3624 cmdide - ok
06:26:37.0712 3624 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
06:26:37.0712 3624 Compbatt - ok
06:26:37.0728 3624 COMSysApp - ok
06:26:37.0853 3624 cpuz132 - ok
06:26:37.0853 3624 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
06:26:37.0868 3624 crcdisk - ok
06:26:37.0915 3624 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
06:26:37.0915 3624 CryptSvc - ok
06:26:37.0978 3624 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
06:26:37.0978 3624 CtClsFlt - ok
06:26:38.0056 3624 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
06:26:38.0071 3624 DcomLaunch - ok
06:26:38.0134 3624 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
06:26:38.0134 3624 DfsC - ok
06:26:38.0368 3624 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
06:26:38.0414 3624 DFSR - ok
06:26:38.0555 3624 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
06:26:38.0555 3624 Dhcp - ok
06:26:38.0617 3624 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
06:26:38.0617 3624 disk - ok
06:26:38.0680 3624 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
06:26:38.0680 3624 Dnscache - ok
06:26:38.0726 3624 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
06:26:38.0726 3624 dot3svc - ok
06:26:38.0773 3624 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
06:26:38.0773 3624 Dot4 - ok
06:26:38.0804 3624 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:26:38.0804 3624 Dot4Print - ok
06:26:38.0820 3624 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
06:26:38.0820 3624 dot4usb - ok
06:26:38.0836 3624 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
06:26:38.0836 3624 DPS - ok
06:26:38.0882 3624 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
06:26:38.0882 3624 drmkaud - ok
06:26:38.0960 3624 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
06:26:38.0976 3624 DXGKrnl - ok
06:26:39.0038 3624 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
06:26:39.0054 3624 e1express - ok
06:26:39.0085 3624 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
06:26:39.0085 3624 E1G60 - ok
06:26:39.0116 3624 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
06:26:39.0132 3624 EapHost - ok
06:26:39.0163 3624 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
06:26:39.0179 3624 Ecache - ok
06:26:39.0241 3624 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
06:26:39.0257 3624 ehRecvr - ok
06:26:39.0272 3624 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
06:26:39.0288 3624 ehSched - ok
06:26:39.0304 3624 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
06:26:39.0304 3624 ehstart - ok
06:26:39.0366 3624 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
06:26:39.0366 3624 elxstor - ok
06:26:39.0428 3624 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
06:26:39.0444 3624 EMDMgmt - ok
06:26:39.0460 3624 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
06:26:39.0460 3624 ErrDev - ok
06:26:39.0522 3624 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
06:26:39.0522 3624 EventSystem - ok
06:26:39.0553 3624 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
06:26:39.0553 3624 exfat - ok
06:26:39.0584 3624 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
06:26:39.0584 3624 fastfat - ok
06:26:39.0616 3624 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
06:26:39.0616 3624 fdc - ok
06:26:39.0647 3624 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
06:26:39.0647 3624 fdPHost - ok
06:26:39.0662 3624 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
06:26:39.0662 3624 FDResPub - ok
06:26:39.0678 3624 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
06:26:39.0678 3624 FileInfo - ok
06:26:39.0709 3624 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
06:26:39.0709 3624 Filetrace - ok
06:26:39.0725 3624 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:26:39.0725 3624 flpydisk - ok
06:26:39.0740 3624 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
06:26:39.0756 3624 FltMgr - ok
06:26:39.0803 3624 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
06:26:39.0803 3624 FlyUsb - ok
06:26:39.0912 3624 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:26:39.0912 3624 FontCache3.0.0.0 - ok
06:26:39.0943 3624 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
06:26:39.0943 3624 Fs_Rec - ok
06:26:39.0974 3624 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
06:26:39.0974 3624 gagp30kx - ok
06:26:40.0052 3624 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
06:26:40.0068 3624 gpsvc - ok
06:26:40.0193 3624 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:26:40.0208 3624 gupdate - ok
06:26:40.0255 3624 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:26:40.0255 3624 gupdatem - ok
06:26:40.0286 3624 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:26:40.0286 3624 HDAudBus - ok
06:26:40.0302 3624 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
06:26:40.0302 3624 HidBth - ok
06:26:40.0333 3624 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
06:26:40.0333 3624 HidIr - ok
06:26:40.0364 3624 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\System32\hidserv.dll
06:26:40.0364 3624 hidserv - ok
06:26:40.0380 3624 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
06:26:40.0380 3624 HidUsb - ok
06:26:40.0427 3624 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
06:26:40.0427 3624 hkmsvc - ok
06:26:40.0458 3624 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
06:26:40.0458 3624 HpCISSs - ok
06:26:40.0583 3624 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
06:26:40.0583 3624 hpqcxs08 - ok
06:26:40.0614 3624 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
06:26:40.0614 3624 hpqddsvc - ok
06:26:40.0723 3624 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:26:40.0739 3624 HPSLPSVC - ok
06:26:40.0910 3624 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
06:26:40.0910 3624 HTTP - ok
06:26:40.0942 3624 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
06:26:40.0942 3624 i2omp - ok
06:26:40.0973 3624 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
06:26:40.0973 3624 i8042prt - ok
06:26:41.0098 3624 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
06:26:41.0098 3624 IAANTMON - ok
06:26:41.0160 3624 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
06:26:41.0160 3624 iaStor - ok
06:26:41.0207 3624 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
06:26:41.0207 3624 iaStorV - ok
06:26:41.0363 3624 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:26:41.0378 3624 idsvc - ok
06:26:42.0049 3624 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:26:42.0268 3624 igfx - ok
06:26:42.0408 3624 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
06:26:42.0408 3624 iirsp - ok
06:26:42.0502 3624 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
06:26:42.0502 3624 IKEEXT - ok
06:26:42.0533 3624 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
06:26:42.0533 3624 intelide - ok
06:26:42.0564 3624 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
06:26:42.0564 3624 intelppm - ok
06:26:42.0580 3624 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
06:26:42.0580 3624 IPBusEnum - ok
06:26:42.0611 3624 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:26:42.0611 3624 IpFilterDriver - ok
06:26:42.0673 3624 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
06:26:42.0673 3624 iphlpsvc - ok
06:26:42.0689 3624 IpInIp - ok
06:26:42.0720 3624 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
06:26:42.0720 3624 IPMIDRV - ok
06:26:42.0751 3624 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
06:26:42.0767 3624 IPNAT - ok
06:26:42.0782 3624 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
06:26:42.0782 3624 IRENUM - ok
06:26:42.0814 3624 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
06:26:42.0814 3624 isapnp - ok
06:26:42.0860 3624 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
06:26:42.0860 3624 iScsiPrt - ok
06:26:42.0876 3624 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
06:26:42.0892 3624 iteatapi - ok
06:26:42.0892 3624 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
06:26:42.0892 3624 iteraid - ok
06:26:42.0923 3624 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
06:26:42.0923 3624 kbdclass - ok
06:26:42.0938 3624 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
06:26:42.0938 3624 kbdhid - ok
06:26:42.0970 3624 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:26:42.0970 3624 KeyIso - ok
06:26:43.0016 3624 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
06:26:43.0016 3624 KSecDD - ok
06:26:43.0032 3624 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
06:26:43.0032 3624 ksthunk - ok
06:26:43.0094 3624 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
06:26:43.0110 3624 KtmRm - ok
06:26:43.0157 3624 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
06:26:43.0157 3624 LanmanServer - ok
06:26:43.0219 3624 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
06:26:43.0219 3624 LanmanWorkstation - ok
06:26:43.0656 3624 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:26:43.0718 3624 LeapFrog Connect Device Service - ok
06:26:43.0859 3624 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
06:26:43.0859 3624 lltdio - ok
06:26:43.0906 3624 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
06:26:43.0921 3624 lltdsvc - ok
06:26:43.0937 3624 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
06:26:43.0937 3624 lmhosts - ok
06:26:44.0046 3624 LMIGuardianSvc (108c2e48b280a7cc38bad76165715647) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
06:26:44.0046 3624 LMIGuardianSvc - ok
06:26:44.0077 3624 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
06:26:44.0077 3624 LMIInfo - ok
06:26:44.0108 3624 LMIMaint (4fa9fb8819e8e6f012853d4bbc9592a7) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
06:26:44.0108 3624 LMIMaint - ok
06:26:44.0140 3624 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
06:26:44.0140 3624 lmimirr - ok
06:26:44.0140 3624 LMIRfsClientNP - ok
06:26:44.0155 3624 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
06:26:44.0155 3624 LMIRfsDriver - ok
06:26:44.0218 3624 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
06:26:44.0233 3624 LogMeIn - ok
06:26:44.0280 3624 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
06:26:44.0280 3624 LSI_FC - ok
06:26:44.0296 3624 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
06:26:44.0296 3624 LSI_SAS - ok
06:26:44.0342 3624 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
06:26:44.0342 3624 LSI_SCSI - ok
06:26:44.0358 3624 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
06:26:44.0374 3624 luafv - ok
06:26:44.0420 3624 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
06:26:44.0420 3624 MBAMProtector - ok
06:26:44.0545 3624 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:26:44.0561 3624 MBAMService - ok
06:26:44.0623 3624 McAfee SiteAdvisor Service - ok
06:26:44.0654 3624 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
06:26:44.0654 3624 Mcx2Svc - ok
06:26:44.0701 3624 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
06:26:44.0717 3624 megasas - ok
06:26:44.0779 3624 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
06:26:44.0779 3624 MegaSR - ok
06:26:44.0810 3624 mfebopk (2064b902db521a23fca30dc256c2acca) C:\Windows\system32\drivers\mfebopk.sys
06:26:44.0810 3624 mfebopk - ok
06:26:44.0842 3624 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
06:26:44.0842 3624 mferkdk - ok
06:26:44.0873 3624 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
06:26:44.0888 3624 mfesmfk - ok
06:26:44.0920 3624 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:26:44.0920 3624 MMCSS - ok
06:26:44.0935 3624 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
06:26:44.0935 3624 Modem - ok
06:26:44.0966 3624 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
06:26:44.0966 3624 monitor - ok
06:26:44.0982 3624 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
06:26:44.0998 3624 motccgp - ok
06:26:45.0013 3624 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
06:26:45.0013 3624 motccgpfl - ok
06:26:45.0060 3624 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
06:26:45.0060 3624 motmodem - ok
06:26:45.0076 3624 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
06:26:45.0076 3624 motport - ok
06:26:45.0091 3624 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
06:26:45.0091 3624 mouclass - ok
06:26:45.0138 3624 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
06:26:45.0138 3624 mouhid - ok
06:26:45.0154 3624 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
06:26:45.0154 3624 MountMgr - ok
06:26:45.0247 3624 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:26:45.0263 3624 MozillaMaintenance - ok
06:26:45.0310 3624 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
06:26:45.0310 3624 MPFP - ok
06:26:45.0341 3624 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
06:26:45.0356 3624 mpio - ok
06:26:45.0372 3624 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
06:26:45.0372 3624 mpsdrv - ok
06:26:45.0388 3624 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
06:26:45.0388 3624 Mraid35x - ok
06:26:45.0419 3624 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
06:26:45.0419 3624 MRxDAV - ok
06:26:45.0497 3624 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:26:45.0497 3624 mrxsmb - ok
06:26:45.0528 3624 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:26:45.0544 3624 mrxsmb10 - ok
06:26:45.0559 3624 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:26:45.0559 3624 mrxsmb20 - ok
06:26:45.0606 3624 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
06:26:45.0606 3624 msahci - ok
06:26:45.0622 3624 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
06:26:45.0622 3624 msdsm - ok
06:26:45.0668 3624 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
06:26:45.0668 3624 MSDTC - ok
06:26:45.0700 3624 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
06:26:45.0700 3624 Msfs - ok
06:26:45.0731 3624 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
06:26:45.0731 3624 msisadrv - ok
06:26:45.0762 3624 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
06:26:45.0778 3624 MSiSCSI - ok
06:26:45.0778 3624 msiserver - ok
06:26:45.0809 3624 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
06:26:45.0809 3624 MSKSSRV - ok
06:26:45.0824 3624 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
06:26:45.0824 3624 MSPCLOCK - ok
06:26:45.0840 3624 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
06:26:45.0840 3624 MSPQM - ok
06:26:45.0887 3624 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
06:26:45.0887 3624 MsRPC - ok
06:26:45.0918 3624 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
06:26:45.0918 3624 mssmbios - ok
06:26:46.0012 3624 MSSQL$MSSMLBIZ - ok
06:26:46.0058 3624 MSSQL$XACTWARE - ok
06:26:46.0090 3624 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
06:26:46.0090 3624 MSSQLServerADHelper - ok
06:26:46.0183 3624 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
06:26:46.0183 3624 MSSQLServerADHelper100 - ok
06:26:46.0214 3624 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
06:26:46.0214 3624 MSTEE - ok
06:26:46.0246 3624 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
06:26:46.0261 3624 Mup - ok
06:26:46.0308 3624 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
06:26:46.0324 3624 napagent - ok
06:26:46.0355 3624 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
06:26:46.0370 3624 NativeWifiP - ok
06:26:46.0448 3624 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
06:26:46.0464 3624 NDIS - ok
06:26:46.0480 3624 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
06:26:46.0480 3624 NdisTapi - ok
06:26:46.0511 3624 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
06:26:46.0511 3624 Ndisuio - ok
06:26:46.0558 3624 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
06:26:46.0573 3624 NdisWan - ok
06:26:46.0573 3624 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
06:26:46.0589 3624 NDProxy - ok
06:26:46.0636 3624 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
06:26:46.0636 3624 Net Driver HPZ12 - ok
06:26:46.0651 3624 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
06:26:46.0651 3624 NetBIOS - ok
06:26:46.0682 3624 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
06:26:46.0682 3624 netbt - ok
06:26:46.0729 3624 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:26:46.0729 3624 Netlogon - ok
06:26:46.0776 3624 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
06:26:46.0792 3624 Netman - ok
06:26:46.0823 3624 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
06:26:46.0838 3624 netprofm - ok
06:26:46.0948 3624 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:26:46.0948 3624 NetTcpPortSharing - ok
06:26:47.0260 3624 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
06:26:47.0353 3624 NETw5v64 - ok
06:26:47.0494 3624 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
06:26:47.0494 3624 nfrd960 - ok
06:26:47.0525 3624 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
06:26:47.0540 3624 NlaSvc - ok
06:26:47.0618 3624 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
06:26:47.0618 3624 nosGetPlusHelper - ok
06:26:47.0650 3624 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
06:26:47.0650 3624 Npfs - ok
06:26:47.0665 3624 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
06:26:47.0665 3624 nsi - ok
06:26:47.0712 3624 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
06:26:47.0712 3624 nsiproxy - ok
06:26:47.0806 3624 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
06:26:47.0837 3624 Ntfs - ok
06:26:47.0977 3624 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
06:26:47.0977 3624 Null - ok
06:26:48.0008 3624 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
06:26:48.0008 3624 nvraid - ok
06:26:48.0040 3624 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
06:26:48.0040 3624 nvstor - ok
06:26:48.0055 3624 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
06:26:48.0055 3624 nv_agp - ok
06:26:48.0071 3624 NwlnkFlt - ok
06:26:48.0071 3624 NwlnkFwd - ok
06:26:48.0118 3624 OA009Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA009Ufd.sys
06:26:48.0118 3624 OA009Ufd - ok
06:26:48.0149 3624 OA009Vid (d460884eb05b90d06b35a1dbc31928df) C:\Windows\system32\DRIVERS\OA009Vid.sys
06:26:48.0164 3624 OA009Vid - ok
06:26:48.0196 3624 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
06:26:48.0211 3624 ohci1394 - ok
06:26:48.0305 3624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:26:48.0305 3624 ose - ok
06:26:48.0710 3624 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:26:48.0742 3624 osppsvc - ok
06:26:48.0944 3624 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:26:48.0960 3624 p2pimsvc - ok
06:26:48.0976 3624 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:26:48.0991 3624 p2psvc - ok
06:26:49.0054 3624 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
06:26:49.0054 3624 Parport - ok
06:26:49.0085 3624 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
06:26:49.0085 3624 partmgr - ok
06:26:49.0132 3624 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
06:26:49.0132 3624 PcaSvc - ok
06:26:49.0147 3624 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
06:26:49.0178 3624 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
06:26:49.0178 3624 pci - ok
06:26:49.0194 3624 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
06:26:49.0194 3624 pciide - ok
06:26:49.0241 3624 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
06:26:49.0241 3624 pcmcia - ok
06:26:49.0303 3624 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
06:26:49.0303 3624 PEAUTH - ok
06:26:49.0397 3624 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
06:26:49.0397 3624 PerfHost - ok
06:26:49.0522 3624 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
06:26:49.0553 3624 pla - ok
06:26:49.0615 3624 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
06:26:49.0615 3624 PlugPlay - ok
06:26:49.0662 3624 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
06:26:49.0662 3624 Pml Driver HPZ12 - ok
06:26:49.0740 3624 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:26:49.0740 3624 PNRPAutoReg - ok
06:26:49.0756 3624 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:26:49.0771 3624 PNRPsvc - ok
06:26:49.0834 3624 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
06:26:49.0834 3624 PolicyAgent - ok
06:26:49.0912 3624 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
06:26:49.0927 3624 PptpMiniport - ok
06:26:49.0943 3624 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
06:26:49.0943 3624 Processor - ok
06:26:49.0974 3624 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
06:26:49.0990 3624 ProfSvc - ok
06:26:50.0021 3624 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:26:50.0021 3624 ProtectedStorage - ok
06:26:50.0036 3624 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
06:26:50.0036 3624 PSched - ok
06:26:50.0099 3624 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
06:26:50.0099 3624 PxHlpa64 - ok
06:26:50.0208 3624 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
06:26:50.0224 3624 ql2300 - ok
06:26:50.0239 3624 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
06:26:50.0239 3624 ql40xx - ok
06:26:50.0302 3624 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
06:26:50.0302 3624 QWAVE - ok
06:26:50.0317 3624 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
06:26:50.0317 3624 QWAVEdrv - ok
06:26:50.0520 3624 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
06:26:50.0551 3624 R300 - ok
06:26:50.0692 3624 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
06:26:50.0692 3624 RasAcd - ok
06:26:50.0723 3624 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
06:26:50.0723 3624 RasAuto - ok
06:26:50.0754 3624 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:26:50.0754 3624 Rasl2tp - ok
06:26:50.0801 3624 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
06:26:50.0801 3624 RasMan - ok
06:26:50.0832 3624 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
06:26:50.0832 3624 RasPppoe - ok
06:26:50.0848 3624 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
06:26:50.0848 3624 RasSstp - ok
06:26:50.0894 3624 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
06:26:50.0894 3624 rdbss - ok
06:26:50.0894 3624 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:26:50.0910 3624 RDPCDD - ok
06:26:50.0957 3624 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
06:26:50.0957 3624 rdpdr - ok
06:26:50.0957 3624 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
06:26:50.0972 3624 RDPENCDD - ok
06:26:51.0004 3624 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
06:26:51.0004 3624 RDPWD - ok
06:26:51.0035 3624 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
06:26:51.0035 3624 RemoteAccess - ok
06:26:51.0097 3624 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
06:26:51.0097 3624 RemoteRegistry - ok
06:26:51.0113 3624 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
06:26:51.0113 3624 RpcLocator - ok
06:26:51.0191 3624 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
06:26:51.0191 3624 RpcSs - ok
06:26:51.0222 3624 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
06:26:51.0238 3624 rspndr - ok
06:26:51.0269 3624 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
06:26:51.0269 3624 RTSTOR - ok
06:26:51.0300 3624 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:26:51.0300 3624 SamSs - ok
06:26:51.0316 3624 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
06:26:51.0331 3624 sbp2port - ok
06:26:51.0362 3624 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
06:26:51.0362 3624 SCardSvr - ok
06:26:51.0456 3624 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
06:26:51.0472 3624 Schedule - ok
06:26:51.0503 3624 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
06:26:51.0518 3624 SCPolicySvc - ok
06:26:51.0534 3624 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
06:26:51.0534 3624 SDRSVC - ok
06:26:51.0565 3624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:26:51.0565 3624 secdrv - ok
06:26:51.0612 3624 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
06:26:51.0612 3624 seclogon - ok
06:26:51.0659 3624 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
06:26:51.0659 3624 SENS - ok
06:26:51.0659 3624 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
06:26:51.0674 3624 Serenum - ok
06:26:51.0690 3624 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
06:26:51.0690 3624 Serial - ok
06:26:51.0706 3624 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
06:26:51.0706 3624 sermouse - ok
06:26:51.0752 3624 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
06:26:51.0752 3624 SessionEnv - ok
06:26:51.0784 3624 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
06:26:51.0784 3624 sffdisk - ok
06:26:51.0799 3624 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
06:26:51.0799 3624 sffp_mmc - ok
06:26:51.0815 3624 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
06:26:51.0815 3624 sffp_sd - ok
06:26:51.0830 3624 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
06:26:51.0830 3624 sfloppy - ok
06:26:51.0877 3624 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
06:26:51.0877 3624 ShellHWDetection - ok
06:26:51.0908 3624 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
06:26:51.0908 3624 SiSRaid2 - ok
06:26:51.0940 3624 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
06:26:51.0940 3624 SiSRaid4 - ok
06:26:52.0096 3624 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
06:26:52.0142 3624 slsvc - ok
06:26:52.0267 3624 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
06:26:52.0267 3624 SLUINotify - ok
06:26:52.0330 3624 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
06:26:52.0330 3624 Smb - ok
06:26:52.0345 3624 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
06:26:52.0361 3624 SNMPTRAP - ok
06:26:52.0361 3624 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
06:26:52.0361 3624 spldr - ok
06:26:52.0408 3624 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
06:26:52.0423 3624 Spooler - ok
06:26:52.0564 3624 SQLAgent$MSSMLBIZ (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
06:26:52.0579 3624 SQLAgent$MSSMLBIZ - ok
06:26:52.0657 3624 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
06:26:52.0657 3624 SQLBrowser - ok
06:26:52.0735 3624 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:26:52.0735 3624 SQLWriter - ok
06:26:52.0829 3624 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
06:26:52.0844 3624 srv - ok
06:26:52.0907 3624 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
06:26:52.0922 3624 srv2 - ok
06:26:52.0938 3624 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
06:26:52.0938 3624 srvnet - ok
06:26:52.0985 3624 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
06:26:52.0985 3624 SSDPSRV - ok
06:26:53.0032 3624 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
06:26:53.0032 3624 SstpSvc - ok
06:26:53.0125 3624 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
06:26:53.0141 3624 STacSV - ok
06:26:53.0203 3624 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
06:26:53.0203 3624 STHDA - ok
06:26:53.0250 3624 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
06:26:53.0250 3624 StillCam - ok
06:26:53.0328 3624 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
06:26:53.0328 3624 stisvc - ok
06:26:53.0437 3624 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
06:26:53.0437 3624 stllssvr - ok
06:26:53.0468 3624 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
06:26:53.0468 3624 swenum - ok
06:26:53.0531 3624 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
06:26:53.0546 3624 swprv - ok
06:26:53.0562 3624 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
06:26:53.0562 3624 Symc8xx - ok
06:26:53.0624 3624 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
06:26:53.0624 3624 Sym_hi - ok
06:26:53.0640 3624 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
06:26:53.0640 3624 Sym_u3 - ok
06:26:53.0734 3624 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
06:26:53.0749 3624 SysMain - ok
06:26:53.0780 3624 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
06:26:53.0780 3624 TabletInputService - ok
06:26:53.0812 3624 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
06:26:53.0812 3624 TapiSrv - ok
06:26:53.0843 3624 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
06:26:53.0858 3624 TBS - ok
06:26:53.0968 3624 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
06:26:53.0999 3624 Tcpip - ok
06:26:54.0014 3624 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
06:26:54.0030 3624 Tcpip6 - ok
06:26:54.0061 3624 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
06:26:54.0061 3624 tcpipreg - ok
06:26:54.0092 3624 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
06:26:54.0092 3624 TDPIPE - ok
06:26:54.0108 3624 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
06:26:54.0108 3624 TDTCP - ok
06:26:54.0139 3624 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
06:26:54.0139 3624 tdx - ok
06:26:54.0155 3624 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
06:26:54.0155 3624 TermDD - ok
06:26:54.0217 3624 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
06:26:54.0233 3624 TermService - ok
06:26:54.0264 3624 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
06:26:54.0264 3624 Themes - ok
06:26:54.0311 3624 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:26:54.0311 3624 THREADORDER - ok
06:26:54.0342 3624 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
06:26:54.0342 3624 TrkWks - ok
06:26:54.0389 3624 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
06:26:54.0389 3624 TrustedInstaller - ok
06:26:54.0420 3624 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:26:54.0420 3624 tssecsrv - ok
06:26:54.0451 3624 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
06:26:54.0451 3624 tunmp - ok
06:26:54.0498 3624 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
06:26:54.0498 3624 tunnel - ok
06:26:54.0529 3624 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
06:26:54.0529 3624 uagp35 - ok
06:26:54.0576 3624 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
06:26:54.0576 3624 udfs - ok
06:26:54.0638 3624 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
06:26:54.0638 3624 UI0Detect - ok
06:26:54.0670 3624 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
06:26:54.0670 3624 uliagpkx - ok
06:26:54.0716 3624 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
06:26:54.0716 3624 uliahci - ok
06:26:54.0748 3624 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
06:26:54.0748 3624 UlSata - ok
06:26:54.0779 3624 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
06:26:54.0779 3624 ulsata2 - ok
06:26:54.0794 3624 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
06:26:54.0794 3624 umbus - ok
06:26:54.0857 3624 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
06:26:54.0857 3624 upnphost - ok
06:26:54.0904 3624 usbaudio (471474efa0640b426e9f8aa5a5fc2673) C:\Windows\system32\drivers\usbaudio.sys
06:26:54.0919 3624 usbaudio - ok
06:26:54.0966 3624 usbccgp (ae3dea342f01249317b2bb3df0424238) C:\Windows\system32\DRIVERS\usbccgp.sys
06:26:54.0966 3624 usbccgp - ok
06:26:54.0997 3624 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
06:26:54.0997 3624 usbcir - ok
06:26:55.0028 3624 usbehci (b89f9fe9fc1e7c9cb03acb8819eb511d) C:\Windows\system32\DRIVERS\usbehci.sys
06:26:55.0028 3624 usbehci - ok
06:26:55.0075 3624 usbhub (f2c1d8eff9c7cf84ff0235408acd3f4b) C:\Windows\system32\DRIVERS\usbhub.sys
06:26:55.0075 3624 usbhub - ok
06:26:55.0122 3624 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
06:26:55.0122 3624 usbohci - ok
06:26:55.0153 3624 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
06:26:55.0153 3624 usbprint - ok
06:26:55.0200 3624 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
06:26:55.0200 3624 usbscan - ok
06:26:55.0231 3624 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:26:55.0247 3624 USBSTOR - ok
06:26:55.0262 3624 usbuhci (225e107785315874ba5c1abc7dda7bfc) C:\Windows\system32\DRIVERS\usbuhci.sys
06:26:55.0262 3624 usbuhci - ok
06:26:55.0309 3624 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
06:26:55.0309 3624 usbvideo - ok
06:26:55.0356 3624 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
06:26:55.0356 3624 usb_rndisx - ok
06:26:55.0387 3624 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
06:26:55.0387 3624 UxSms - ok
06:26:55.0434 3624 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
06:26:55.0450 3624 vds - ok
06:26:55.0481 3624 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
06:26:55.0481 3624 vga - ok
06:26:55.0512 3624 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
06:26:55.0512 3624 VgaSave - ok
06:26:55.0528 3624 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
06:26:55.0528 3624 viaide - ok
06:26:55.0559 3624 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
06:26:55.0559 3624 volmgr - ok
06:26:55.0590 3624 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
06:26:55.0606 3624 volmgrx - ok
06:26:55.0621 3624 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
06:26:55.0637 3624 volsnap - ok
06:26:55.0684 3624 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
06:26:55.0699 3624 vsmraid - ok
06:26:55.0808 3624 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
06:26:55.0840 3624 VSS - ok
06:26:55.0886 3624 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
06:26:55.0886 3624 W32Time - ok
06:26:55.0949 3624 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
06:26:55.0949 3624 WacomPen - ok
06:26:55.0980 3624 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
06:26:55.0980 3624 Wanarp - ok
06:26:55.0996 3624 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
06:26:55.0996 3624 Wanarpv6 - ok
06:26:56.0058 3624 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
06:26:56.0074 3624 wcncsvc - ok
06:26:56.0089 3624 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
06:26:56.0089 3624 WcsPlugInService - ok
06:26:56.0136 3624 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
06:26:56.0136 3624 Wd - ok
06:26:56.0183 3624 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
06:26:56.0183 3624 WDC_SAM - ok
06:26:56.0245 3624 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
06:26:56.0261 3624 Wdf01000 - ok
06:26:56.0276 3624 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:26:56.0276 3624 WdiServiceHost - ok
06:26:56.0292 3624 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:26:56.0292 3624 WdiSystemHost - ok
06:26:56.0339 3624 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
06:26:56.0354 3624 WebClient - ok
06:26:56.0401 3624 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
06:26:56.0401 3624 Wecsvc - ok
06:26:56.0417 3624 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
06:26:56.0417 3624 wercplsupport - ok
06:26:56.0448 3624 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
06:26:56.0464 3624 WerSvc - ok
06:26:56.0510 3624 WinDefend - ok
06:26:56.0526 3624 WinHttpAutoProxySvc - ok
06:26:56.0588 3624 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
06:26:56.0588 3624 Winmgmt - ok
06:26:56.0744 3624 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
06:26:56.0776 3624 WinRM - ok
06:26:56.0932 3624 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
06:26:56.0947 3624 Wlansvc - ok
06:26:57.0010 3624 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:26:57.0010 3624 WmiAcpi - ok
06:26:57.0088 3624 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
06:26:57.0088 3624 wmiApSrv - ok
06:26:57.0134 3624 WMPNetworkSvc - ok
06:26:57.0181 3624 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
06:26:57.0181 3624 WPCSvc - ok
06:26:57.0212 3624 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
06:26:57.0212 3624 WPDBusEnum - ok
06:26:57.0400 3624 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:26:57.0415 3624 WPFFontCache_v0400 - ok
06:26:57.0462 3624 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
06:26:57.0462 3624 ws2ifsl - ok
06:26:57.0509 3624 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
06:26:57.0509 3624 wscsvc - ok
06:26:57.0509 3624 WSearch - ok
06:26:57.0696 3624 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
06:26:57.0727 3624 wuauserv - ok
06:26:57.0883 3624 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:26:57.0883 3624 WUDFRd - ok
06:26:57.0914 3624 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
06:26:57.0914 3624 wudfsvc - ok
06:26:57.0946 3624 yksvc - ok
06:26:57.0992 3624 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
06:26:57.0992 3624 yukonx64 - ok
06:26:58.0024 3624 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
06:26:58.0585 3624 \Device\Harddisk0\DR0 - ok
06:26:58.0601 3624 Boot (0x1200) (369490361fd77503299eb2caecb2e6ed) \Device\Harddisk0\DR0\Partition0
06:26:58.0601 3624 \Device\Harddisk0\DR0\Partition0 - ok
06:26:58.0616 3624 Boot (0x1200) (40bb0420a4aab2904e919c66049fee8e) \Device\Harddisk0\DR0\Partition1
06:26:58.0616 3624 \Device\Harddisk0\DR0\Partition1 - ok
06:26:58.0616 3624 ============================================================
06:26:58.0616 3624 Scan finished
06:26:58.0616 3624 ============================================================
06:26:58.0648 0604 Detected object count: 0
06:26:58.0648 0604 Actual detected object count: 0
06:27:28.0912 5444 ============================================================
06:27:28.0912 5444 Scan started
06:27:28.0912 5444 Mode: Manual; SigCheck; TDLFS;
06:27:28.0912 5444 ============================================================
06:27:29.0099 5444 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
06:27:29.0270 5444 ACPI - ok
06:27:29.0426 5444 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:27:29.0442 5444 AdobeFlashPlayerUpdateSvc - ok
06:27:29.0504 5444 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
06:27:29.0536 5444 adp94xx - ok
06:27:29.0567 5444 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
06:27:29.0598 5444 adpahci - ok
06:27:29.0645 5444 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
06:27:29.0660 5444 adpu160m - ok
06:27:29.0692 5444 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
06:27:29.0707 5444 adpu320 - ok
06:27:29.0785 5444 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
06:27:29.0941 5444 AeLookupSvc - ok
06:27:30.0019 5444 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
06:27:30.0097 5444 AESTFilters - ok
06:27:30.0175 5444 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
06:27:30.0269 5444 AFD - ok
06:27:30.0300 5444 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
06:27:30.0316 5444 agp440 - ok
06:27:30.0347 5444 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
06:27:30.0362 5444 aic78xx - ok
06:27:30.0378 5444 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
06:27:30.0456 5444 ALG - ok
06:27:30.0487 5444 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
06:27:30.0487 5444 aliide - ok
06:27:30.0518 5444 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
06:27:30.0534 5444 amdide - ok
06:27:30.0565 5444 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
06:27:30.0643 5444 AmdK8 - ok
06:27:30.0674 5444 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:27:30.0846 5444 ApfiltrService - ok
06:27:30.0877 5444 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
06:27:30.0955 5444 Appinfo - ok
06:27:31.0002 5444 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
06:27:31.0018 5444 arc - ok
06:27:31.0033 5444 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
06:27:31.0049 5444 arcsas - ok
06:27:31.0064 5444 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
06:27:31.0127 5444 AsyncMac - ok
06:27:31.0158 5444 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
06:27:31.0174 5444 atapi - ok
06:27:31.0220 5444 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
06:27:31.0298 5444 AudioEndpointBuilder - ok
06:27:31.0314 5444 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
06:27:31.0376 5444 AudioSrv - ok
06:27:31.0439 5444 Auth Service (5fe758836d6654f818b478ce6934f66b) C:\Windows\system32\authServer.exe
06:27:31.0454 5444 Auth Service ( UnsignedFile.Multi.Generic ) - warning
06:27:31.0454 5444 Auth Service - detected UnsignedFile.Multi.Generic (1)
06:27:31.0548 5444 BcmSqlStartupSvc (2e552b658273b90251e0441631de2ca3) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
06:27:31.0564 5444 BcmSqlStartupSvc - ok
06:27:31.0657 5444 BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
06:27:31.0751 5444 BFE - ok
06:27:31.0813 5444 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
06:27:31.0876 5444 blbdrive - ok
06:27:31.0938 5444 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
06:27:32.0000 5444 bowser - ok
06:27:32.0016 5444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
06:27:32.0078 5444 BrFiltLo - ok
06:27:32.0094 5444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
06:27:32.0156 5444 BrFiltUp - ok
06:27:32.0172 5444 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
06:27:32.0266 5444 Browser - ok
06:27:32.0312 5444 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
06:27:32.0531 5444 Brserid - ok
06:27:32.0562 5444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
06:27:32.0671 5444 BrSerWdm - ok
06:27:32.0702 5444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
06:27:32.0796 5444 BrUsbMdm - ok
06:27:32.0812 5444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
06:27:32.0921 5444 BrUsbSer - ok
06:27:32.0936 5444 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
06:27:33.0046 5444 BTHMODEM - ok
06:27:33.0061 5444 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
06:27:33.0139 5444 cdfs - ok
06:27:33.0155 5444 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
06:27:33.0233 5444 cdrom - ok
06:27:33.0264 5444 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
06:27:33.0342 5444 CertPropSvc - ok
06:27:33.0373 5444 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
06:27:33.0451 5444 circlass - ok
06:27:33.0498 5444 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
06:27:33.0514 5444 CLFS - ok
06:27:33.0592 5444 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:27:33.0607 5444 clr_optimization_v2.0.50727_32 - ok
06:27:33.0716 5444 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:27:33.0732 5444 clr_optimization_v2.0.50727_64 - ok
06:27:33.0779 5444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:27:33.0794 5444 clr_optimization_v4.0.30319_32 - ok
06:27:33.0841 5444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:27:33.0857 5444 clr_optimization_v4.0.30319_64 - ok
06:27:33.0888 5444 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
06:27:33.0966 5444 CmBatt - ok
06:27:33.0997 5444 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
06:27:34.0013 5444 cmdide - ok
06:27:34.0028 5444 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
06:27:34.0044 5444 Compbatt - ok
06:27:34.0044 5444 COMSysApp - ok
06:27:34.0153 5444 cpuz132 - ok
06:27:34.0169 5444 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
06:27:34.0184 5444 crcdisk - ok
06:27:34.0216 5444 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
06:27:34.0309 5444 CryptSvc - ok
06:27:34.0340 5444 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
06:27:34.0372 5444 CtClsFlt - ok
06:27:34.0450 5444 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
06:27:34.0559 5444 DcomLaunch - ok
06:27:34.0621 5444 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
06:27:34.0684 5444 DfsC - ok
06:27:34.0996 5444 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
06:27:35.0136 5444 DFSR - ok
06:27:35.0261 5444 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
06:27:35.0354 5444 Dhcp - ok
06:27:35.0401 5444 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
06:27:35.0417 5444 disk - ok
06:27:35.0479 5444 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
06:27:35.0542 5444 Dnscache - ok
06:27:35.0588 5444 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
06:27:35.0682 5444 dot3svc - ok
06:27:35.0729 5444 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
06:27:35.0807 5444 Dot4 - ok
06:27:35.0822 5444 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:27:35.0885 5444 Dot4Print - ok
06:27:35.0900 5444 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
06:27:35.0963 5444 dot4usb - ok
06:27:36.0010 5444 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
06:27:36.0103 5444 DPS - ok
06:27:36.0134 5444 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
06:27:36.0197 5444 drmkaud - ok
06:27:36.0290 5444 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
06:27:36.0368 5444 DXGKrnl - ok
06:27:36.0431 5444 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
06:27:36.0509 5444 e1express - ok
06:27:36.0524 5444 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
06:27:36.0602 5444 E1G60 - ok
06:27:36.0634 5444 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
06:27:36.0696 5444 EapHost - ok
06:27:36.0727 5444 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
06:27:36.0743 5444 Ecache - ok
06:27:36.0805 5444 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
06:27:36.0836 5444 ehRecvr - ok
06:27:36.0883 5444 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
06:27:36.0914 5444 ehSched - ok
06:27:36.0946 5444 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
06:27:36.0992 5444 ehstart - ok
06:27:37.0055 5444 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
06:27:37.0070 5444 elxstor - ok
06:27:37.0133 5444 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
06:27:37.0226 5444 EMDMgmt - ok
06:27:37.0242 5444 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
06:27:37.0304 5444 ErrDev - ok
06:27:37.0367 5444 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
06:27:37.0429 5444 EventSystem - ok
06:27:37.0492 5444 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
06:27:37.0538 5444 exfat - ok
06:27:37.0585 5444 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
06:27:37.0648 5444 fastfat - ok
06:27:37.0663 5444 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
06:27:37.0741 5444 fdc - ok
06:27:37.0772 5444 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
06:27:37.0835 5444 fdPHost - ok
06:27:37.0850 5444 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
06:27:37.0944 5444 FDResPub - ok
06:27:37.0960 5444 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
06:27:37.0975 5444 FileInfo - ok
06:27:38.0006 5444 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
06:27:38.0053 5444 Filetrace - ok
06:27:38.0069 5444 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:27:38.0147 5444 flpydisk - ok
06:27:38.0194 5444 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
06:27:38.0209 5444 FltMgr - ok
06:27:38.0240 5444 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
06:27:38.0287 5444 FlyUsb - ok
06:27:38.0350 5444 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:27:38.0365 5444 FontCache3.0.0.0 - ok
06:27:38.0381 5444 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
06:27:38.0443 5444 Fs_Rec - ok
06:27:38.0474 5444 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
06:27:38.0490 5444 gagp30kx - ok
06:27:38.0568 5444 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
06:27:38.0630 5444 gpsvc - ok
06:27:38.0755 5444 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:27:38.0771 5444 gupdate - ok
06:27:38.0771 5444 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:27:38.0786 5444 gupdatem - ok
06:27:38.0818 5444 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:27:38.0896 5444 HDAudBus - ok
06:27:38.0911 5444 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
06:27:39.0005 5444 HidBth - ok
06:27:39.0036 5444 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
06:27:39.0130 5444 HidIr - ok
06:27:39.0161 5444 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\System32\hidserv.dll
06:27:39.0208 5444 hidserv - ok
06:27:39.0223 5444 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
06:27:39.0301 5444 HidUsb - ok
06:27:39.0332 5444 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
06:27:39.0410 5444 hkmsvc - ok
06:27:39.0426 5444 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
06:27:39.0442 5444 HpCISSs - ok
06:27:39.0566 5444 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
06:27:39.0598 5444 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
06:27:39.0598 5444 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
06:27:39.0644 5444 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
06:27:39.0660 5444 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
06:27:39.0660 5444 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
06:27:39.0754 5444 HPSLPSVC (d972f48d0ce396759b788693cd665926) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:27:39.0847 5444 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
06:27:39.0847 5444 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
06:27:40.0019 5444 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
06:27:40.0112 5444 HTTP - ok
06:27:40.0159 5444 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
06:27:40.0175 5444 i2omp - ok
06:27:40.0206 5444 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
06:27:40.0268 5444 i8042prt - ok
06:27:40.0424 5444 IAANTMON (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
06:27:40.0440 5444 IAANTMON - ok
06:27:40.0502 5444 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\drivers\iastor.sys
06:27:40.0518 5444 iaStor - ok
06:27:40.0596 5444 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
06:27:40.0612 5444 iaStorV - ok
06:27:40.0752 5444 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:27:40.0799 5444 idsvc - ok
06:27:41.0430 5444 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
06:27:41.0778 5444 igfx - ok
06:27:41.0929 5444 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
06:27:41.0944 5444 iirsp - ok
06:27:42.0007 5444 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
06:27:42.0087 5444 IKEEXT - ok
06:27:42.0129 5444 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
06:27:42.0143 5444 intelide - ok
06:27:42.0166 5444 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
06:27:42.0216 5444 intelppm - ok
06:27:42.0251 5444 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
06:27:42.0305 5444 IPBusEnum - ok
06:27:42.0326 5444 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:27:42.0363 5444 IpFilterDriver - ok
06:27:42.0400 5444 iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
06:27:42.0438 5444 iphlpsvc - ok
06:27:42.0442 5444 IpInIp - ok
06:27:42.0478 5444 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
06:27:42.0515 5444 IPMIDRV - ok
06:27:42.0558 5444 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
06:27:42.0606 5444 IPNAT - ok
06:27:42.0621 5444 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
06:27:42.0674 5444 IRENUM - ok
06:27:42.0695 5444 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
06:27:42.0704 5444 isapnp - ok
06:27:42.0756 5444 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
06:27:42.0769 5444 iScsiPrt - ok
06:27:42.0795 5444 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
06:27:42.0803 5444 iteatapi - ok
06:27:42.0809 5444 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
06:27:42.0819 5444 iteraid - ok
06:27:42.0831 5444 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
06:27:42.0841 5444 kbdclass - ok
06:27:42.0855 5444 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
06:27:42.0937 5444 kbdhid - ok
06:27:42.0972 5444 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:27:43.0018 5444 KeyIso - ok
06:27:43.0069 5444 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
06:27:43.0099 5444 KSecDD - ok
06:27:43.0139 5444 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
06:27:43.0214 5444 ksthunk - ok
06:27:43.0278 5444 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
06:27:43.0361 5444 KtmRm - ok
06:27:43.0414 5444 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
06:27:43.0481 5444 LanmanServer - ok
06:27:43.0513 5444 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
06:27:43.0561 5444 LanmanWorkstation - ok
06:27:44.0012 5444 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:27:44.0196 5444 LeapFrog Connect Device Service - ok
06:27:44.0347 5444 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
06:27:44.0414 5444 lltdio - ok
06:27:44.0467 5444 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
06:27:44.0546 5444 lltdsvc - ok
06:27:44.0568 5444 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
06:27:44.0648 5444 lmhosts - ok
06:27:44.0781 5444 LMIGuardianSvc (108c2e48b280a7cc38bad76165715647) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
06:27:44.0802 5444 LMIGuardianSvc - ok
06:27:44.0808 5444 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
06:27:44.0819 5444 LMIInfo - ok
06:27:44.0852 5444 LMIMaint (4fa9fb8819e8e6f012853d4bbc9592a7) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
06:27:44.0865 5444 LMIMaint - ok
06:27:44.0880 5444 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
06:27:44.0890 5444 lmimirr - ok
06:27:44.0896 5444 LMIRfsClientNP - ok
06:27:44.0916 5444 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
06:27:44.0928 5444 LMIRfsDriver - ok
06:27:44.0975 5444 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
06:27:44.0995 5444 LogMeIn - ok
06:27:45.0044 5444 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
06:27:45.0060 5444 LSI_FC - ok
06:27:45.0077 5444 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
06:27:45.0093 5444 LSI_SAS - ok
06:27:45.0122 5444 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
06:27:45.0138 5444 LSI_SCSI - ok
06:27:45.0162 5444 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
06:27:45.0231 5444 luafv - ok
06:27:45.0261 5444 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
06:27:45.0276 5444 MBAMProtector - ok
06:27:45.0393 5444 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:27:45.0424 5444 MBAMService - ok
06:27:45.0473 5444 McAfee SiteAdvisor Service - ok
06:27:45.0554 5444 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
06:27:45.0590 5444 Mcx2Svc - ok
06:27:45.0623 5444 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
06:27:45.0638 5444 megasas - ok
06:27:45.0682 5444 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
06:27:45.0711 5444 MegaSR - ok
06:27:45.0742 5444 mfebopk (2064b902db521a23fca30dc256c2acca) C:\Windows\system32\drivers\mfebopk.sys
06:27:45.0754 5444 mfebopk - ok
06:27:45.0803 5444 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
06:27:45.0813 5444 mferkdk - ok
06:27:45.0859 5444 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
06:27:45.0870 5444 mfesmfk - ok
06:27:45.0895 5444 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:27:45.0968 5444 MMCSS - ok
06:27:45.0999 5444 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
06:27:46.0071 5444 Modem - ok
06:27:46.0105 5444 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
06:27:46.0159 5444 monitor - ok
06:27:46.0201 5444 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
06:27:46.0242 5444 motccgp - ok
06:27:46.0264 5444 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
06:27:46.0288 5444 motccgpfl - ok
06:27:46.0313 5444 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
06:27:46.0360 5444 motmodem - ok
06:27:46.0376 5444 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
06:27:46.0400 5444 motport - ok
06:27:46.0430 5444 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
06:27:46.0444 5444 mouclass - ok
06:27:46.0510 5444 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
06:27:46.0583 5444 mouhid - ok
06:27:46.0616 5444 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
06:27:46.0633 5444 MountMgr - ok
06:27:46.0730 5444 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:27:46.0740 5444 MozillaMaintenance - ok
06:27:46.0772 5444 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
06:27:46.0781 5444 MPFP - ok
06:27:46.0825 5444 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
06:27:46.0835 5444 mpio - ok
06:27:46.0858 5444 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
06:27:46.0917 5444 mpsdrv - ok
06:27:46.0937 5444 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
06:27:46.0950 5444 Mraid35x - ok
06:27:46.0976 5444 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
06:27:47.0047 5444 MRxDAV - ok
06:27:47.0090 5444 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:27:47.0149 5444 mrxsmb - ok
06:27:47.0203 5444 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:27:47.0249 5444 mrxsmb10 - ok
06:27:47.0260 5444 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:27:47.0280 5444 mrxsmb20 - ok
06:27:47.0323 5444 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
06:27:47.0338 5444 msahci - ok
06:27:47.0358 5444 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
06:27:47.0375 5444 msdsm - ok
06:27:47.0412 5444 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
06:27:47.0481 5444 MSDTC - ok
06:27:47.0509 5444 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
06:27:47.0576 5444 Msfs - ok
06:27:47.0595 5444 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
06:27:47.0610 5444 msisadrv - ok
06:27:47.0647 5444 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
06:27:47.0714 5444 MSiSCSI - ok
06:27:47.0721 5444 msiserver - ok
06:27:47.0740 5444 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
06:27:47.0813 5444 MSKSSRV - ok
06:27:47.0829 5444 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
06:27:47.0894 5444 MSPCLOCK - ok
06:27:47.0916 5444 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
06:27:47.0970 5444 MSPQM - ok
06:27:48.0020 5444 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
06:27:48.0041 5444 MsRPC - ok
06:27:48.0058 5444 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
06:27:48.0073 5444 mssmbios - ok
06:27:48.0166 5444 MSSQL$MSSMLBIZ - ok
06:27:48.0200 5444 MSSQL$XACTWARE - ok
06:27:48.0244 5444 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
06:27:48.0256 5444 MSSQLServerADHelper - ok
06:27:48.0355 5444 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
06:27:48.0368 5444 MSSQLServerADHelper100 - ok
06:27:48.0394 5444 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
06:27:48.0465 5444 MSTEE - ok
06:27:48.0508 5444 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
06:27:48.0523 5444 Mup - ok
06:27:48.0577 5444 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
06:27:48.0705 5444 napagent - ok
06:27:48.0745 5444 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
06:27:48.0765 5444 NativeWifiP - ok
06:27:48.0840 5444 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
06:27:48.0876 5444 NDIS - ok
06:27:48.0913 5444 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
06:27:48.0963 5444 NdisTapi - ok
06:27:48.0991 5444 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
06:27:49.0058 5444 Ndisuio - ok
06:27:49.0087 5444 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
06:27:49.0159 5444 NdisWan - ok
06:27:49.0168 5444 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
06:27:49.0224 5444 NDProxy - ok
06:27:49.0254 5444 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
06:27:49.0261 5444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:27:49.0261 5444 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:27:49.0283 5444 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
06:27:49.0338 5444 NetBIOS - ok
06:27:49.0370 5444 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
06:27:49.0451 5444 netbt - ok
06:27:49.0471 5444 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:27:49.0490 5444 Netlogon - ok
06:27:49.0536 5444 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
06:27:49.0618 5444 Netman - ok
06:27:49.0660 5444 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
06:27:49.0738 5444 netprofm - ok
06:27:49.0842 5444 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:27:49.0856 5444 NetTcpPortSharing - ok
06:27:50.0167 5444 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
06:27:50.0341 5444 NETw5v64 - ok
06:27:50.0499 5444 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
06:27:50.0514 5444 nfrd960 - ok
06:27:50.0550 5444 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
06:27:50.0631 5444 NlaSvc - ok
06:27:50.0708 5444 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll
06:27:50.0720 5444 nosGetPlusHelper - ok
06:27:50.0739 5444 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
06:27:50.0808 5444 Npfs - ok
06:27:50.0834 5444 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
06:27:50.0905 5444 nsi - ok
06:27:50.0940 5444 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
06:27:50.0987 5444 nsiproxy - ok
06:27:51.0097 5444 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
06:27:51.0155 5444 Ntfs - ok
06:27:51.0311 5444 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
06:27:51.0387 5444 Null - ok
06:27:51.0413 5444 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
06:27:51.0431 5444 nvraid - ok
06:27:51.0466 5444 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
06:27:51.0481 5444 nvstor - ok
06:27:51.0504 5444 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
06:27:51.0520 5444 nv_agp - ok
06:27:51.0526 5444 NwlnkFlt - ok
06:27:51.0533 5444 NwlnkFwd - ok
06:27:51.0575 5444 OA009Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA009Ufd.sys
06:27:51.0610 5444 OA009Ufd - ok
06:27:51.0653 5444 OA009Vid (d460884eb05b90d06b35a1dbc31928df) C:\Windows\system32\DRIVERS\OA009Vid.sys
06:27:51.0692 5444 OA009Vid - ok
06:27:51.0735 5444 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
06:27:51.0836 5444 ohci1394 - ok
06:27:51.0928 5444 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:27:51.0942 5444 ose - ok
06:27:52.0334 5444 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:27:52.0499 5444 osppsvc - ok
06:27:52.0684 5444 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:27:52.0763 5444 p2pimsvc - ok
06:27:52.0776 5444 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:27:52.0815 5444 p2psvc - ok
06:27:52.0876 5444 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
06:27:52.0979 5444 Parport - ok
06:27:53.0008 5444 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
06:27:53.0023 5444 partmgr - ok
06:27:53.0058 5444 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
06:27:53.0099 5444 PcaSvc - ok
06:27:53.0128 5444 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
06:27:53.0163 5444 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
06:27:53.0182 5444 pci - ok
06:27:53.0200 5444 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
06:27:53.0213 5444 pciide - ok
06:27:53.0245 5444 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
06:27:53.0263 5444 pcmcia - ok
06:27:53.0327 5444 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
06:27:53.0484 5444 PEAUTH - ok
06:27:53.0567 5444 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
06:27:53.0638 5444 PerfHost - ok
06:27:53.0773 5444 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
06:27:53.0867 5444 pla - ok
06:27:53.0917 5444 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
06:27:53.0995 5444 PlugPlay - ok
06:27:54.0034 5444 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
06:27:54.0057 5444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:27:54.0057 5444 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
06:27:54.0146 5444 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:27:54.0181 5444 PNRPAutoReg - ok
06:27:54.0195 5444 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
06:27:54.0230 5444 PNRPsvc - ok
06:27:54.0306 5444 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
06:27:54.0361 5444 PolicyAgent - ok
06:27:54.0427 5444 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
06:27:54.0495 5444 PptpMiniport - ok
06:27:54.0508 5444 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
06:27:54.0576 5444 Processor - ok
06:27:54.0611 5444 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
06:27:54.0684 5444 ProfSvc - ok
06:27:54.0724 5444 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:27:54.0736 5444 ProtectedStorage - ok
06:27:54.0794 5444 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
06:27:54.0831 5444 PSched - ok
06:27:54.0868 5444 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
06:27:54.0881 5444 PxHlpa64 - ok
06:27:54.0989 5444 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
06:27:55.0038 5444 ql2300 - ok
06:27:55.0063 5444 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
06:27:55.0079 5444 ql40xx - ok
06:27:55.0127 5444 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
06:27:55.0170 5444 QWAVE - ok
06:27:55.0195 5444 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
06:27:55.0216 5444 QWAVEdrv - ok
06:27:55.0385 5444 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
06:27:55.0595 5444 R300 - ok
06:27:55.0733 5444 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
06:27:55.0805 5444 RasAcd - ok
06:27:55.0848 5444 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
06:27:55.0904 5444 RasAuto - ok
06:27:55.0928 5444 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:27:55.0980 5444 Rasl2tp - ok
06:27:56.0007 5444 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
06:27:56.0050 5444 RasMan - ok
06:27:56.0068 5444 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
06:27:56.0122 5444 RasPppoe - ok
06:27:56.0131 5444 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
06:27:56.0212 5444 RasSstp - ok
06:27:56.0255 5444 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
06:27:56.0334 5444 rdbss - ok
06:27:56.0355 5444 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:27:56.0409 5444 RDPCDD - ok
06:27:56.0449 5444 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
06:27:56.0509 5444 rdpdr - ok
06:27:56.0515 5444 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
06:27:56.0570 5444 RDPENCDD - ok
06:27:56.0602 5444 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
06:27:56.0678 5444 RDPWD - ok
06:27:56.0714 5444 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
06:27:56.0776 5444 RemoteAccess - ok
06:27:56.0824 5444 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
06:27:56.0894 5444 RemoteRegistry - ok
06:27:56.0919 5444 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
06:27:56.0960 5444 RpcLocator - ok
06:27:57.0029 5444 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
06:27:57.0065 5444 RpcSs - ok
06:27:57.0103 5444 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
06:27:57.0158 5444 rspndr - ok
06:27:57.0200 5444 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
06:27:57.0233 5444 RTSTOR - ok
06:27:57.0268 5444 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
06:27:57.0287 5444 SamSs - ok
06:27:57.0310 5444 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
06:27:57.0325 5444 sbp2port - ok
06:27:57.0364 5444 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
06:27:57.0421 5444 SCardSvr - ok
06:27:57.0507 5444 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
06:27:57.0614 5444 Schedule - ok
06:27:57.0653 5444 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
06:27:57.0709 5444 SCPolicySvc - ok
06:27:57.0744 5444 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
06:27:57.0814 5444 SDRSVC - ok
06:27:57.0842 5444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:27:57.0925 5444 secdrv - ok
06:27:57.0935 5444 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
06:27:58.0005 5444 seclogon - ok
06:27:58.0028 5444 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
06:27:58.0106 5444 SENS - ok
06:27:58.0131 5444 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
06:27:58.0234 5444 Serenum - ok
06:27:58.0260 5444 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
06:27:58.0360 5444 Serial - ok
06:27:58.0393 5444 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
06:27:58.0448 5444 sermouse - ok
06:27:58.0496 5444 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
06:27:58.0574 5444 SessionEnv - ok
06:27:58.0596 5444 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
06:27:58.0666 5444 sffdisk - ok
06:27:58.0697 5444 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
06:27:58.0772 5444 sffp_mmc - ok
06:27:58.0791 5444 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
06:27:58.0845 5444 sffp_sd - ok
06:27:58.0858 5444 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
06:27:58.0957 5444 sfloppy - ok
06:27:59.0008 5444 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
06:27:59.0060 5444 ShellHWDetection - ok
06:27:59.0080 5444 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
06:27:59.0095 5444 SiSRaid2 - ok
06:27:59.0124 5444 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
06:27:59.0140 5444 SiSRaid4 - ok
06:27:59.0299 5444 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
06:27:59.0402 5444 slsvc - ok
06:27:59.0509 5444 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
06:27:59.0578 5444 SLUINotify - ok
06:27:59.0649 5444 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
06:27:59.0737 5444 Smb - ok
06:27:59.0759 5444 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
06:27:59.0790 5444 SNMPTRAP - ok
06:27:59.0816 5444 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
06:27:59.0830 5444 spldr - ok
06:27:59.0879 5444 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
06:27:59.0937 5444 Spooler - ok
06:28:00.0075 5444 SQLAgent$MSSMLBIZ (a687b5b326afcfcf182c4931d1ff9771) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
06:28:00.0098 5444 SQLAgent$MSSMLBIZ - ok
06:28:00.0161 5444 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
06:28:00.0179 5444 SQLBrowser - ok
06:28:00.0251 5444 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:28:00.0266 5444 SQLWriter - ok
06:28:00.0348 5444 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
06:28:00.0428 5444 srv - ok
06:28:00.0501 5444 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
06:28:00.0523 5444 srv2 - ok
06:28:00.0547 5444 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
06:28:00.0569 5444 srvnet - ok
06:28:00.0609 5444 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
06:28:00.0669 5444 SSDPSRV - ok
06:28:00.0687 5444 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
06:28:00.0745 5444 SstpSvc - ok
06:28:00.0860 5444 STacSV (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
06:28:00.0906 5444 STacSV - ok
06:28:00.0974 5444 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
06:28:01.0001 5444 STHDA - ok
06:28:01.0031 5444 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
06:28:01.0091 5444 StillCam - ok
06:28:01.0162 5444 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
06:28:01.0211 5444 stisvc - ok
06:28:01.0329 5444 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
06:28:01.0341 5444 stllssvr - ok
06:28:01.0379 5444 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
06:28:01.0393 5444 swenum - ok
06:28:01.0461 5444 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
06:28:01.0561 5444 swprv - ok
06:28:01.0613 5444 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
06:28:01.0627 5444 Symc8xx - ok
06:28:01.0646 5444 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
06:28:01.0660 5444 Sym_hi - ok
06:28:01.0675 5444 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
06:28:01.0690 5444 Sym_u3 - ok
06:28:01.0781 5444 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
06:28:01.0871 5444 SysMain - ok
06:28:01.0911 5444 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
06:28:01.0984 5444 TabletInputService - ok
06:28:02.0027 5444 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
06:28:02.0105 5444 TapiSrv - ok
06:28:02.0135 5444 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
06:28:02.0198 5444 TBS - ok
06:28:02.0323 5444 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
06:28:02.0381 5444 Tcpip - ok
06:28:02.0405 5444 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
06:28:02.0463 5444 Tcpip6 - ok
06:28:02.0499 5444 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
06:28:02.0556 5444 tcpipreg - ok
06:28:02.0574 5444 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
06:28:02.0631 5444 TDPIPE - ok
06:28:02.0643 5444 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
06:28:02.0707 5444 TDTCP - ok
06:28:02.0733 5444 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
06:28:02.0816 5444 tdx - ok
06:28:02.0848 5444 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
06:28:02.0864 5444 TermDD - ok
06:28:02.0924 5444 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
06:28:03.0010 5444 TermService - ok
06:28:03.0063 5444 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
06:28:03.0090 5444 Themes - ok
06:28:03.0123 5444 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
06:28:03.0179 5444 THREADORDER - ok
06:28:03.0216 5444 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
06:28:03.0290 5444 TrkWks - ok
06:28:03.0336 5444 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
06:28:03.0414 5444 TrustedInstaller - ok
06:28:03.0445 5444 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:28:03.0501 5444 tssecsrv - ok
06:28:03.0532 5444 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
06:28:03.0597 5444 tunmp - ok
06:28:03.0628 5444 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
06:28:03.0666 5444 tunnel - ok
06:28:03.0685 5444 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
06:28:03.0705 5444 uagp35 - ok
06:28:03.0749 5444 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
06:28:03.0834 5444 udfs - ok
06:28:03.0891 5444 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
06:28:03.0948 5444 UI0Detect - ok
06:28:03.0989 5444 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
06:28:04.0005 5444 uliagpkx - ok
06:28:04.0039 5444 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
06:28:04.0060 5444 uliahci - ok
06:28:04.0080 5444 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
06:28:04.0096 5444 UlSata - ok
06:28:04.0139 5444 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
06:28:04.0156 5444 ulsata2 - ok
06:28:04.0175 5444 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
06:28:04.0247 5444 umbus - ok
06:28:04.0296 5444 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
06:28:04.0376 5444 upnphost - ok
06:28:04.0419 5444 usbaudio (471474efa0640b426e9f8aa5a5fc2673) C:\Windows\system32\drivers\usbaudio.sys
06:28:04.0452 5444 usbaudio - ok
06:28:04.0482 5444 usbccgp (ae3dea342f01249317b2bb3df0424238) C:\Windows\system32\DRIVERS\usbccgp.sys
06:28:04.0525 5444 usbccgp - ok
06:28:04.0569 5444 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
06:28:04.0674 5444 usbcir - ok
06:28:04.0702 5444 usbehci (b89f9fe9fc1e7c9cb03acb8819eb511d) C:\Windows\system32\DRIVERS\usbehci.sys
06:28:04.0737 5444 usbehci - ok
06:28:04.0796 5444 usbhub (f2c1d8eff9c7cf84ff0235408acd3f4b) C:\Windows\system32\DRIVERS\usbhub.sys
06:28:04.0836 5444 usbhub - ok
06:28:04.0857 5444 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
06:28:04.0957 5444 usbohci - ok
06:28:04.0997 5444 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
06:28:05.0030 5444 usbprint - ok
06:28:05.0074 5444 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
06:28:05.0129 5444 usbscan - ok
06:28:05.0167 5444 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:28:05.0222 5444 USBSTOR - ok
06:28:05.0258 5444 usbuhci (225e107785315874ba5c1abc7dda7bfc) C:\Windows\system32\DRIVERS\usbuhci.sys
06:28:05.0287 5444 usbuhci - ok
06:28:05.0325 5444 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
06:28:05.0393 5444 usbvideo - ok
06:28:05.0424 5444 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
06:28:05.0502 5444 usb_rndisx - ok
06:28:05.0540 5444 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
06:28:05.0618 5444 UxSms - ok
06:28:05.0675 5444 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
06:28:05.0763 5444 vds - ok
06:28:05.0803 5444 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
06:28:05.0858 5444 vga - ok
06:28:05.0885 5444 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
06:28:05.0955 5444 VgaSave - ok
06:28:05.0983 5444 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
06:28:05.0996 5444 viaide - ok
06:28:06.0005 5444 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
06:28:06.0022 5444 volmgr - ok
06:28:06.0075 5444 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
06:28:06.0101 5444 volmgrx - ok
06:28:06.0132 5444 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
06:28:06.0155 5444 volsnap - ok
06:28:06.0197 5444 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
06:28:06.0214 5444 vsmraid - ok
06:28:06.0329 5444 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
06:28:06.0452 5444 VSS - ok
06:28:06.0515 5444 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
06:28:06.0581 5444 W32Time - ok
06:28:06.0651 5444 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
06:28:06.0737 5444 WacomPen - ok
06:28:06.0769 5444 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
06:28:06.0845 5444 Wanarp - ok
06:28:06.0850 5444 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
06:28:06.0905 5444 Wanarpv6 - ok
06:28:06.0967 5444 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
06:28:07.0024 5444 wcncsvc - ok
06:28:07.0065 5444 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
06:28:07.0106 5444 WcsPlugInService - ok
06:28:07.0142 5444 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
06:28:07.0157 5444 Wd - ok
06:28:07.0195 5444 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
06:28:07.0221 5444 WDC_SAM - ok
06:28:07.0301 5444 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
06:28:07.0341 5444 Wdf01000 - ok
06:28:07.0365 5444 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:28:07.0421 5444 WdiServiceHost - ok
06:28:07.0426 5444 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
06:28:07.0484 5444 WdiSystemHost - ok
06:28:07.0528 5444 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
06:28:07.0576 5444 WebClient - ok
06:28:07.0625 5444 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
06:28:07.0693 5444 Wecsvc - ok
06:28:07.0713 5444 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
06:28:07.0755 5444 wercplsupport - ok
06:28:07.0784 5444 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
06:28:07.0848 5444 WerSvc - ok
06:28:07.0880 5444 WinDefend - ok
06:28:07.0896 5444 WinHttpAutoProxySvc - ok
06:28:07.0961 5444 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
06:28:08.0032 5444 Winmgmt - ok
06:28:08.0184 5444 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
06:28:08.0248 5444 WinRM - ok
06:28:08.0434 5444 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
06:28:08.0496 5444 Wlansvc - ok
06:28:08.0564 5444 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:28:08.0583 5444 WmiAcpi - ok
06:28:08.0650 5444 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
06:28:08.0727 5444 wmiApSrv - ok
06:28:08.0779 5444 WMPNetworkSvc - ok
06:28:08.0821 5444 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
06:28:08.0874 5444 WPCSvc - ok
06:28:08.0904 5444 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
06:28:08.0971 5444 WPDBusEnum - ok
06:28:09.0159 5444 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
06:28:09.0199 5444 WPFFontCache_v0400 - ok
06:28:09.0279 5444 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
06:28:09.0333 5444 ws2ifsl - ok
06:28:09.0374 5444 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
06:28:09.0410 5444 wscsvc - ok
06:28:09.0415 5444 WSearch - ok
06:28:09.0608 5444 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
06:28:09.0692 5444 wuauserv - ok
06:28:09.0847 5444 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:28:09.0920 5444 WUDFRd - ok
06:28:09.0956 5444 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
06:28:10.0013 5444 wudfsvc - ok
06:28:10.0025 5444 yksvc - ok
06:28:10.0081 5444 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
06:28:10.0131 5444 yukonx64 - ok
06:28:10.0174 5444 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
06:28:10.0819 5444 \Device\Harddisk0\DR0 - ok
06:28:10.0854 5444 Boot (0x1200) (369490361fd77503299eb2caecb2e6ed) \Device\Harddisk0\DR0\Partition0
06:28:10.0857 5444 \Device\Harddisk0\DR0\Partition0 - ok
06:28:10.0869 5444 Boot (0x1200) (40bb0420a4aab2904e919c66049fee8e) \Device\Harddisk0\DR0\Partition1
06:28:10.0871 5444 \Device\Harddisk0\DR0\Partition1 - ok
06:28:10.0872 5444 ============================================================
06:28:10.0872 5444 Scan finished
06:28:10.0872 5444 ============================================================
06:28:10.0887 3012 Detected object count: 6
06:28:10.0887 3012 Actual detected object count: 6
06:28:52.0553 3012 Auth Service ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0553 3012 Auth Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:28:52.0559 3012 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0559 3012 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:28:52.0562 3012 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0562 3012 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:28:52.0563 3012 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0563 3012 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:28:52.0566 3012 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0566 3012 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:28:52.0569 3012 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:28:52.0569 3012 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/08/2012 7:31:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2012 1:55:30 PM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 02/08/2012 1:55:34 PM
Type: Error Category: 0
Event: 19 Source: Microsoft-Windows-PrintSpooler
The print spooler failed to share printer TurboMeeting Printer with shared resource name TurboMeeting Printer. Error 1753. The printer cannot be used by others on the network.

Log: 'System' Date/Time: 02/08/2012 1:57:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/08/2012 1:57:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/08/2012 1:57:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The USB RNDIS Adapter service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 02/08/2012 1:57:09 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

Log: 'System' Date/Time: 02/08/2012 1:57:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/08/2012 1:54:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.07

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Doug :: DOUGLT [administrator]

8/2/2012 6:44:11 AM
mbam-log-2012-08-02 (06-44-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197234
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
RKinner
Posted 02 August 2012 - 11:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
[2011/11/19 08:42:18 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\33C9A
[2011/11/18 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\aCwkUVrlOtPySiD
[2011/11/18 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\CibDonGHs7E8Tq
[2011/11/18 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\DxA0ucS2iDpGaHs
[2011/11/18 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\euvS2ibF3n5Q6W
[2012/02/16 13:26:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\F8333
[2011/11/18 16:50:44 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\nmH5sWdEL
[2011/11/19 06:29:59 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\offRRZ99hTwjUe
[2011/11/18 17:34:39 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\PL9hTXqjUeIrOyA
[2011/11/18 14:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\QrllONtxx0uc1b
[2011/11/18 18:22:05 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\rivD3onF4m5W7E8
[2011/11/18 17:34:38 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\wG5aQJ6dW8
[2011/11/18 14:18:12 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\XzPPNyycA1uv2
[2011/11/18 14:18:19 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\y2iibDp4aQHsWE9
[2011/11/18 18:22:04 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\yELgTZqhYVlBx0c
[2011/11/18 14:18:13 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\ynGG55aQH6dWKf
[2011/11/18 15:44:10 | 000,000,000 | ---D | M] -- C:\Users\Doug\AppData\Roaming\YZqjYCwkIr

:files
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\SysNative\services.exe|C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

I don't see an anti-virus so download the free Avast!
http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
Look in C:\ProgramData\Avast Software\Avast\report\aswboot.txt or C:\ProgramData\Alwil Software\Avast5\report\aswboot.txt for a text version of the log which you can copy and paste into a reply.


Copy the text in the code box:

/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#5
Dougrbi
Posted 02 August 2012 - 12:18 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
First OTL run did not create any log files. I searched and can't find them after the reboot. I am moving forward
  • 0

#6
Dougrbi
Posted 02 August 2012 - 03:28 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
10 Items found in the avast scan

08/02/2012 11:32
Scan of all local drives

File C:\Users\Doug\AppData\Local\Temp\plugtmp-15\plugin-7u6AtMb1k is infected by JS:Pdfka-gen [Expl], Moved to chest
File C:\Users\Doug\Desktop\RK_Quarantine\0C1CFB130008337F004639176C44B161.exe.vir is infected by Win32:Trojan-gen, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S566FNR\b1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0X12SAV\in[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0A03Q05\b1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0A03Q05\moobor_com[1].htm is infected by HTML:Script-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVXIRHPW\in[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\_OTL\MovedFiles\08012012_205341\C_Users\Doug\AppData\Local\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\n is infected by Win64:Sirefef-F [Rtk], Moved to chest
File C:\_OTL\MovedFiles\08012012_205341\C_Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\U\80000000.@ is infected by Win32:Malware-gen, Moved to chest
File C:\_OTL\MovedFiles\08012012_205341\C_Windows\Installer\{f7f755c7-13a9-a124-4638-54c5b7cf8b78}\U\800000cb.@ is infected by Win32:Malware-gen, Moved to chest
Number of searched folders: 32739
Number of tested files: 619361
Number of infected files: 10
  • 0

#7
Dougrbi
Posted 02 August 2012 - 03:44 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
OTL Log is done

OTL logfile created on: 8/2/2012 2:30:00 PM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.14% Memory free
8.13 Gb Paging File | 6.20 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 163.67 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.57 Gb Free Space | 38.02% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 18:05:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
PRC - [2012/07/19 10:03:32 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
PRC - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
PRC - [2011/04/08 05:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 15:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/19 10:03:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2011/07/18 03:27:14 | 001,299,192 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.exe
MOD - [2011/07/18 03:27:14 | 000,078,584 | ---- | M] () -- C:\Program Files (x86)\CE\nmsvTree.dll
MOD - [2011/07/18 03:27:12 | 000,644,856 | ---- | M] () -- C:\Program Files (x86)\CE\nmSvc.dll
MOD - [2011/07/18 03:27:08 | 000,241,912 | ---- | M] () -- C:\Windows\SysWOW64\nmNsp.dll
MOD - [2011/07/18 03:27:06 | 000,291,064 | ---- | M] () -- C:\Program Files (x86)\CE\nmFlt.exe
MOD - [2011/07/18 03:27:02 | 000,182,520 | ---- | M] () -- C:\Windows\SysWOW64\CESpy.dll
MOD - [2011/07/18 03:19:12 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\CE\zlib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\authServer.exe -- (Auth Service)
SRV:64bit: - [2009/03/31 08:00:18 | 000,268,288 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/31 08:00:02 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/07/27 12:37:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 10:03:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/07/18 03:17:56 | 000,290,816 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\authServer.exe -- (Auth Service)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/12/08 13:12:10 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2010/12/08 13:12:04 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/25 05:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/05/21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 09:21:52 | 000,958,400 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 09:21:52 | 000,355,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 09:21:52 | 000,071,064 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 09:21:52 | 000,059,728 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 09:21:52 | 000,044,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/07/03 09:21:51 | 000,025,232 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/11/12 12:18:20 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2010/12/08 13:12:30 | 000,087,456 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/11/04 15:54:06 | 000,049,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 15:47:38 | 000,040,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/07/16 11:32:26 | 000,176,144 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/03/31 09:53:54 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2009/03/31 09:48:56 | 010,275,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/03/31 08:00:28 | 000,477,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/31 07:19:00 | 000,225,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/03/19 16:02:00 | 000,311,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2009/03/06 06:33:58 | 000,159,840 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/12/30 19:00:22 | 000,172,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/21 10:26:28 | 004,735,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/12/19 19:24:48 | 000,041,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2008/08/31 11:19:24 | 000,392,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/08/31 11:15:58 | 000,395,288 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/21 23:50:32 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)
DRV:64bit: - [2008/08/21 23:50:02 | 000,009,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2008/01/20 19:46:52 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/20 19:57:40 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motport.sys -- (motport)
DRV:64bit: - [2007/06/20 19:57:36 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)
DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111149,6902,0,24,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "yahoo.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/11 20:58:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/02 11:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 10:03:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/10 17:25:24 | 000,000,000 | ---D | M]

[2010/01/08 12:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Extensions
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions
[2010/06/29 14:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/19 17:49:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/05/23 05:49:41 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\gpgxkw9l.default\extensions\[email protected]
[2011/11/10 17:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/02 11:22:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/19 10:03:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/19 18:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/08/23 16:49:55 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/06/19 18:16:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: SiteAdvisor = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: avast! WebRep = C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NMSVC] C:\Program Files (x86)\CE\nmSvc.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\nmNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - CCESpy.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - CCESpy.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\nmNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\SysWOW64\nmNsp.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84722BE2-2DF7-4342-8A0B-614951F105E7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O24 - Desktop BackupWallPaper: C:\Users\Doug\Pictures\Personnal Pictures\2011-11-07\022.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell - "" = AutoRun
O33 - MountPoints2\{123537dd-36b6-11e0-b7e3-00256443b61a}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7cca3723-4ffc-11df-b443-00256443b61a}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 11:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/02 11:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/02 11:22:05 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/02 11:22:04 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/02 11:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/02 11:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/02 06:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 06:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/02 06:41:47 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Doug\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 06:25:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\tdsskiller.exe
[2012/08/01 21:35:25 | 004,722,680 | ---- | C] (Swearware) -- C:\Users\Doug\Desktop\ComboFix(1).exe
[2012/08/01 20:58:11 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
[2012/08/01 18:05:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
[2012/08/01 17:24:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 17:24:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 17:24:06 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/01 14:08:21 | 000,000,000 | ---D | C] -- C:\Users\Doug\Desktop\RK_Quarantine
[2012/08/01 13:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB130008337F004639176C44B161
[2012/07/29 06:57:50 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\Rainbow Franchise All
[2012/07/29 06:45:56 | 000,000,000 | ---D | C] -- C:\Users\Doug\Documents\A-Resumes

========== Files - Modified Within 30 Days ==========

[2012/08/02 14:32:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 13:53:15 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:53:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 13:53:11 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 13:52:52 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/08/02 13:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 11:32:16 | 4253,405,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 11:28:19 | 000,002,011 | ---- | M] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/02 11:23:46 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/02 11:23:10 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/02 11:23:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/02 11:20:29 | 089,340,632 | ---- | M] () -- C:\Users\Doug\Desktop\avast_free_antivirus_setup.exe
[2012/08/02 10:39:48 | 000,862,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 10:39:48 | 000,717,626 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 10:39:48 | 000,147,038 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 10:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 07:28:51 | 000,061,440 | ---- | M] ( ) -- C:\Users\Doug\Desktop\VEW.exe
[2012/08/02 06:43:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 06:42:02 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Doug\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 06:25:40 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Doug\Desktop\tdsskiller.exe
[2012/08/01 21:35:38 | 004,722,680 | ---- | M] (Swearware) -- C:\Users\Doug\Desktop\ComboFix(1).exe
[2012/08/01 21:26:30 | 000,000,512 | ---- | M] () -- C:\Users\Doug\Desktop\MBR.dat
[2012/08/01 20:58:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Doug\Desktop\aswMBR.exe
[2012/08/01 20:55:29 | 000,006,080 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2012/08/01 20:53:41 | 000,274,226 | ---- | M] () -- C:\Users\Doug\Desktop\winsock2.reg
[2012/08/01 18:05:28 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Doug\Desktop\OTL(1).exe
[2012/07/27 14:03:10 | 000,216,828 | ---- | M] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/07/27 12:37:14 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 12:37:14 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/18 18:23:11 | 000,000,732 | ---- | M] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat

========== Files Created - No Company Name ==========

[2012/08/02 11:23:46 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/02 11:23:46 | 000,002,011 | ---- | C] () -- C:\Users\Doug\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/02 11:23:10 | 000,355,856 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/02 11:23:10 | 000,025,232 | ---- | C] () -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/02 11:23:10 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/02 11:23:08 | 000,059,728 | ---- | C] () -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/02 11:23:08 | 000,044,272 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/08/02 11:23:06 | 000,958,400 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/02 11:23:06 | 000,071,064 | ---- | C] () -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/02 11:23:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/02 11:23:05 | 000,285,328 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2012/08/02 11:19:52 | 089,340,632 | ---- | C] () -- C:\Users\Doug\Desktop\avast_free_antivirus_setup.exe
[2012/08/02 07:28:51 | 000,061,440 | ---- | C] ( ) -- C:\Users\Doug\Desktop\VEW.exe
[2012/08/02 06:43:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 06:43:20 | 000,024,904 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/01 21:21:19 | 000,000,512 | ---- | C] () -- C:\Users\Doug\Desktop\MBR.dat
[2012/08/01 20:53:41 | 000,274,226 | ---- | C] () -- C:\Users\Doug\Desktop\winsock2.reg
[2012/07/27 14:03:09 | 000,216,828 | ---- | C] () -- C:\Users\Doug\Desktop\Douglas Dewing Resume.pdf
[2012/03/22 09:05:56 | 000,000,008 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\usb.dat
[2012/02/01 13:29:24 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/02/01 12:43:46 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/02/01 12:23:12 | 000,207,238 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/07/19 09:50:11 | 000,241,912 | ---- | C] () -- C:\Windows\SysWow64\nmNsp.dll
[2011/07/19 09:50:11 | 000,182,520 | ---- | C] () -- C:\Windows\SysWow64\CESpy.dll
[2011/07/19 09:50:00 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\authServer.exe
[2011/07/01 17:55:51 | 000,000,732 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps64.dat
[2010/03/03 11:40:34 | 000,026,311 | ---- | C] () -- C:\Users\Doug\AppData\Roaming\UserTile.png
[2010/02/21 19:47:21 | 000,061,224 | ---- | C] () -- C:\Users\Doug\GoToAssistDownloadHelper.exe
[2009/12/01 02:42:49 | 000,006,080 | ---- | C] () -- C:\Users\Doug\AppData\Local\d3d9caps.dat
[2009/11/27 18:29:17 | 000,007,680 | ---- | C] () -- C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/24 20:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] () MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/24 20:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX10\procs\explorer.exe
[2011/01/16 17:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Doug\AppData\Local\Temp\RarSFX9\procs\explorer.exe
[2009/04/24 20:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2009/04/24 20:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 20:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 20:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 00:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 20:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX10\h\explorer.exe
[2005/08/16 03:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Doug\AppData\Local\Temp\RarSFX9\h\explorer.exe
[2009/04/24 20:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2009/04/24 20:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 20:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 20:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 19:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 19:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] () MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\SysNative\mswsock.dll
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 23:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\SysWOW64\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 00:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] () MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] () MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] () MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\SysWOW64\services.exe
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 00:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] () MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\SysNative\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] () MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
[2009/05/26 20:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 19:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008/01/20 19:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/05/26 20:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Doug\AppData\Local\Temp\RarSFX5\winlogon.exe
[2008/01/20 19:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008/01/20 19:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] () MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/10 23:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\SysWOW64\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] () MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 6916 bytes -> C:\Users\Doug\Desktop\Seattle Remodeling LOGO2009.png:Q30lsldxJoudresxAaaqpcawXc

< End of report >


Extras lot
OTL Extras logfile created on: 8/2/2012 2:30:00 PM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Doug\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.14% Memory free
8.13 Gb Paging File | 6.20 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 163.67 Gb Free Space | 57.75% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.57 Gb Free Space | 38.02% Space Free | Partition Type: NTFS

Computer Name: DOUGLT | User Name: Doug | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe ()
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe ()
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE ()
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe ()
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe ()
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe ()
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" ()
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 ()
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 ()
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* ()
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\SysWOW64\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{04F693CE-1C19-4DED-8418-31A9E79212D2}" = Xactimate 25
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (XACTWARE)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AC5ED2E-2936-4B54-A429-703F9034938E}" = Covenant Eyes
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast" = avast! Free Antivirus
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trusted Software Assistant_is1" = File Type Assistant
"TurboMeeting" = TurboMeeting
"UPCShell" = LeapFrog Connect
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2012 9:56:01 AM | Computer Name = DougLT | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 8/2/2012 9:57:08 AM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 2:13:52 PM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 4:54:35 PM | Computer Name = DougLT | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 4:55:47 PM | Computer Name = DougLT | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/19/2012 9:48:37 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 8:12:32 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 6:25:50 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 1:47:44 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:33:04 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 3:11:34 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 11:04:48 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/1/2012 8:43:51 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/2/2012 12:06:26 AM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/2/2012 2:05:47 PM | Computer Name = DougLT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 8/2/2012 2:28:43 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 2:29:13 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 2:29:13 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 4:52:44 PM | Computer Name = DougLT | Source = HTTP | ID = 15016
Description =

Error - 8/2/2012 4:54:36 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 4:54:36 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 4:54:36 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 4:54:36 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7023
Description =

Error - 8/2/2012 4:54:36 PM | Computer Name = DougLT | Source = Service Control Manager | ID = 7000
Description =

Error - 8/2/2012 4:54:52 PM | Computer Name = DougLT | Source = Print | ID = 19
Description = The print spooler failed to share printer TurboMeeting Printer with
shared resource name TurboMeeting Printer. Error 1753. The printer cannot be used
by others on the network.


< End of report >
  • 0

#8
RKinner
Posted 02 August 2012 - 05:19 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks a lot better now.

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free tho it won't be the default.

Unless you are seeing a problem I think we are done.

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
Dougrbi
Posted 04 August 2012 - 09:48 PM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thank you much everything is working great except I can't get the combo fix to uninstall it says unknown file or path.
  • 0

#10
RKinner
Posted 04 August 2012 - 10:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
C:\Users\Doug\Desktop\ComboFix(1).exe /uninstall
  • 0

#11
Dougrbi
Posted 07 August 2012 - 07:50 AM

Dougrbi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Just a quick not that everything is running good with the exception of a more frequent then normal crash of Firefox, Also should I be useing Malwarebytes and Avast at the same time?
Thanks for all your help.
  • 0

#12
RKinner
Posted 07 August 2012 - 01:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Malwarebytes and Avast are OK.

Try running Firefox in safe mode without add-ons:

http://support.mozil...using-safe-mode

See if it runs better without the add-ons. If so then reenable a few at a time until you find the cause of the problem.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP