[mwinstead]

Hello everyone. I'm hoping that someone can help me with a serious problem I'm having.

This morning my computer became infected with something called "Live Security Platinum." I wasn't able to open any .exe file, but it didn't block my internet connection. I could not uninstall the program.

After a little bit of googling I found this page: Malwaretips Live Security Platinum removal

I followed the steps on that removal guide (Except for Step 2: Removing the proxy, as my internet connection was working), all the way up to where I ran Malwarebytes in Safe Mode with Networking. Malwarebytes found about 9 problems and, when fixing them, said that it had to restart. The guide said this might happen, and instructed me to let Malwarebytes reboot the computer back into normal mode.

When it rebooted the windows screen came up, then the password screen like normal. I entered the password, and then the computer just went to a black screen that displays nothing but the mouse cursor, which I can control. I found that I could ctrl+alt+del and get the windows screen, where I could start the task manager, but this didn't help me at all.

I then restarted back into safe mode. I checked the installed programs, and "Live Security Platinum" was no longer there. I ran HitmanPro once, as the next step in my instructions said to do, and it found a few more malicious items, which it removed. Rebooting found the same black-screen issue.

I then restarted back into safe mode and ran the "RogueKiller" application. It found a few problems and fixed them. This was the end of the guide and, after rebooting, I still have the black screen problem.

I have since figure dout that I can get my regular desktop back by waiting for the computer to boot into the black screen, running task manager, ending the "explorer.exe" process that is running, and then going to new task and running explorer over again. This brings my desktop and applications back to normal, though things are not right. Rebooting brings me back to the black screen, and many programs can't be run. Malwarebytes is one of them, as is OTL.

Now I'm completely stuck. I have no idea what to do, and I can't run the OTL program on the machine to generate the information that you guys want me to display.

If anyone has any suggestions, I would really appreciate it. Here's the only relevant system information about the machine that I can think of to add. If you need more, please ask:

Machine: Gateway Laptop
OS: Windows 7

To recap the problem:

Booting normal goes through windows screen and password screen fine, but ends up at a blank, black screen with a controllable mouse cursor. ctrl+alt+del works and can be used to bring up the task manager. Ending explorer.exe process and restarting it brings the desktop back up looking like normal, but many programs can't be run at all.

Booting into safe mode with networking works fine. The desktop come sup like normal, and all programs start and run.

[Advertisements]

Hello mwinstead and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Because you can use your PC in Safe Mode with networking we will run all three scans from there.

Step 1

We need to disable malware processes on your system first

• Download TheKiller to your Desktop
• Note that TheKiller is renamed as explorer.exe
• Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times


Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Verify Driver Digital Signature
  • Detect TDLFS file system
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button

[maliprog]

Hello mwinstead and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:

• Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
• Absence of symptoms does not always mean the computer is clean
• Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
• Please DO NOT run any scans or fix on your own without my direction.
• Please read all of my response through at least once before attempting to follow the procedures described.
• If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
• You must reply within 3 days or your topic will be closed

Because you can use your PC in Safe Mode with networking we will run all three scans from there.

Step 1

We need to disable malware processes on your system first

• Download TheKiller to your Desktop
• Note that TheKiller is renamed as explorer.exe
• Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Press OK button after program finish
• Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times


Step 2

Download OTL to your Desktop

• Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan/Fixes box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Verify Driver Digital Signature
  • Detect TDLFS file system
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

• OTL log
• OTL Extras log
• TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button

[mwinstead]

Thanks for your reply. I followed your instructions, and I'll post the files you requested below.

I thought it would be worth noting that today I started my laptop and it seems to be working fine. The desktop boots up like normal, and I can start applications again. That obviously doesn't mean everything is ok, but I thought you should know.

[mwinstead]

OTL logfile created on: 8/23/2012 1:44:33 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Mahlon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 46.41% Memory free
7.36 Gb Paging File | 5.01 Gb Available in Paging File | 68.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 266.60 Gb Free Space | 59.03% Space Free | Partition Type: NTFS

Computer Name: MAHLONSLAPTOP | User Name: Mahlon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 13:41:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mahlon\Desktop\OTL.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 18:28:55 | 000,442,392 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppgooglenaclpluginchrome.dll
MOD - [2012/08/17 18:28:54 | 012,236,824 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/17 18:28:52 | 003,997,720 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 18:27:36 | 000,526,872 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll
MOD - [2012/08/17 18:27:35 | 000,104,984 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll
MOD - [2012/08/17 18:27:23 | 000,144,424 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 18:27:22 | 000,266,792 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 18:27:21 | 002,480,680 | ---- | M] () -- C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/11 18:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/11/02 16:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/08/22 10:54:03 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/14 15:38:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/19 05:49:26 | 000,403,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\softmon.exe -- (Softmon)
SRV - [2011/05/06 05:02:40 | 000,225,280 | ---- | M] (Kaneva, LLC.) [Auto | Stopped] -- C:\Program Files (x86)\Kaneva\Kaneva Platform\bin\kgpserver.exe -- (3dApp-MTWTestApp6)
SRV - [2011/05/06 05:02:40 | 000,225,280 | ---- | M] (Kaneva, LLC.) [Auto | Stopped] -- C:\Program Files (x86)\Kaneva\Kaneva Platform\bin\kgpserver.exe -- (3dApp-MTWTestApp5)
SRV - [2011/05/06 05:02:40 | 000,225,280 | ---- | M] (Kaneva, LLC.) [Auto | Stopped] -- C:\Program Files (x86)\Kaneva\Kaneva Platform\bin\kgpserver.exe -- (3dApp-MTWTestApp4)
SRV - [2011/05/06 04:59:14 | 000,147,456 | ---- | M] (Kaneva, LLC.) [Auto | Stopped] -- C:\Program Files (x86)\Kaneva\Kaneva Platform\bin\KGPController.exe -- (KGPController)
SRV - [2010/12/21 07:48:40 | 000,205,312 | ---- | M] (LANDesk Software, Inc. and its affiliates ) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2010/10/18 06:56:06 | 001,157,632 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2010/10/15 08:41:22 | 000,147,456 | ---- | M] (Avocent Corporation) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe -- (CBA8)
SRV - [2010/10/08 07:05:34 | 000,189,952 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2010/10/07 07:11:30 | 000,178,688 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe -- (LANDesk Targeted Multicast)
SRV - [2010/09/10 08:17:04 | 001,058,304 | ---- | M] (LANDesk Software, Inc. and its affiliates.) [Auto | Stopped] -- C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe -- (LANDesk®
SRV - [2010/08/10 05:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 19:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/04/13 13:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/09/10 22:36:50 | 005,808,128 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/08/31 09:13:00 | 000,032,825 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\Windows\SysWOW64\cba\pds.exe -- (Intel PDS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/04/08 19:41:37 | 000,311,968 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012/04/08 19:40:34 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012/03/30 13:26:46 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/07/09 01:32:08 | 000,769,816 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV:64bit: - [2011/05/06 12:31:34 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/21 05:45:56 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/06/17 05:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/15 09:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/11 06:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/13 13:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/13 06:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/23 16:01:12 | 000,020,480 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ldblank.sys -- (ldblank)
DRV:64bit: - [2009/11/23 16:01:12 | 000,006,656 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mirrorflt.sys -- (mirrorflt)
DRV:64bit: - [2009/11/23 16:01:12 | 000,005,120 | ---- | M] (Avocent Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ldmirror.sys -- (ldmirror)
DRV:64bit: - [2009/11/02 16:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 20:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ISODisk.sys -- (ISODisk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "www.my.yahoo.com"
FF - prefs.js..keyword.URL: "http://www.searchqu....id=413&sr=0&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mahlon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mahlon\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mahlon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/22 14:30:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/04 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/15 20:24:26 | 000,000,000 | ---D | M]

[2011/09/27 01:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahlon\AppData\Roaming\Mozilla\Extensions
[2012/08/22 14:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahlon\AppData\Roaming\Mozilla\Firefox\Profiles\ejhqefba.default\extensions
[2011/09/27 01:37:13 | 000,002,503 | ---- | M] () -- C:\Users\Mahlon\AppData\Roaming\Mozilla\Firefox\Profiles\ejhqefba.default\searchplugins\SearchResults.xml
[2012/04/04 17:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/22 14:12:05 | 000,336,277 | ---- | M] () (No name found) -- C:\USERS\MAHLON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EJHQEFBA.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/04/04 17:23:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/27 00:35:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/15 07:58:16 | 000,081,920 | ---- | M] (Kaneva, LLC.) -- C:\Program Files (x86)\mozilla firefox\plugins\npkanevapatch.dll
[2012/04/04 17:23:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/27 01:37:13 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/04/04 17:23:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://my.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://my.yahoo.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Kaneva WOK Patch Plugin for Mozilla 3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkanevapatch.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Mahlon\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mahlon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mahlon\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Kingdom Rush = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aijhmofidkkiacjefgflgilhklblpjcm\1.0_0\
CHR - Extension: NTCreature = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajjjmmfkfgoekjcjojdbnknokhllodmh\1.8.1_0\
CHR - Extension: Angry Birds = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Private Joe - Dungeons = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bddhcbcefccaggaloclldffhobmecjfj\1.4_0\
CHR - Extension: Turn Off the Lights = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\
CHR - Extension: WOT = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.1_0\
CHR - Extension: Stunt Dirt Bike = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbnpkmmbmniajjhocmmgblekhhmffge\1.5_0\
CHR - Extension: Office Mini Golf = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnecahfomcahannbpejkkalmmoeeihbg\1.0_0\
CHR - Extension: Shogun's Fate = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdliblldgjdficcbflpdknckckdfdkbo\1.0.9_0\
CHR - Extension: WGT Golf Challenge = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Read Later Fast = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.2_0\
CHR - Extension: Stopwatch = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh\3.5_0\
CHR - Extension: TiltShiftMaker = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: wikiHow Survival Kit = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: avast! WebRep = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Forecastfox = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Cycling the Alps = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihklobncbkangkiiamccfgnlihbmjhlh\4.9.0.0_0\
CHR - Extension: Handcraft = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpklhhhiiafnocfiikcpffkogjkdmki\1.1.4_0\
CHR - Extension: SparkChess = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.2.0.1_0\
CHR - Extension: Gravity Duck = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.2.0_0\
CHR - Extension: Alarm Clock Radio = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi\1.6_0\
CHR - Extension: Ping-Pong 3D = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldlffaeabegjbenmhfjonhlgaldogmeh\1.0_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Poppit = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: WGT Golf Game = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb\32.1.0_0\
CHR - Extension: CSS Playground = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlpdejbmhfkbmlhgigfldhlajpbcakkc\1.0_0\
CHR - Extension: Atari - Adventure = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oacddljgpcacoonoenpchddloknchghg\1.0_0\
CHR - Extension: Falling Sand = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggaepdghiamdelgbgolfggheakmdgon\2.2.1_0\
CHR - Extension: Canvas Rider = C:\Users\Mahlon\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mahlon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.28.240.113 168.28.240.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{028DD4EA-6D11-41B2-848F-A4B8EC393BCF}: DhcpNameServer = 168.28.240.113 168.28.240.116
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (maliprog @ Geekstogo)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/24 15:50:42 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\Shell - "" = AutoRun
O33 - MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\Shell - "" = AutoRun
O33 - MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 13:44:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mahlon\Desktop\OTL.exe
[2012/08/23 13:40:49 | 000,751,581 | ---- | C] (maliprog @ Geekstogo) -- C:\Users\Mahlon\Desktop\explorer.exe
[2012/08/23 00:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/22 20:36:23 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/08/22 20:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/22 16:24:41 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\Desktop\RK_Quarantine
[2012/08/22 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\Desktop\rkill
[2012/08/22 14:32:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/22 14:31:11 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/22 14:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/22 14:31:10 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/22 14:31:09 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/22 14:31:08 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/22 14:31:06 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/22 14:31:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/22 14:31:01 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/22 14:30:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/22 14:30:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/22 14:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/22 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/22 14:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC9202D3917780D995124F147CE7
[2012/08/22 14:12:23 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\AppData\Local\Macromedia
[2012/08/22 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/08/22 10:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012/08/21 13:45:33 | 000,000,000 | --SD | C] -- C:\Users\Mahlon\Google Drive
[2012/08/21 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/08/21 13:42:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/19 16:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/08/16 13:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012/08/16 13:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/08/16 13:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/08/16 13:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012/08/16 13:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/08/16 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2012/08/16 10:28:19 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\My Books
[2012/08/15 20:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012/08/14 18:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/08/14 17:50:31 | 000,000,000 | R--D | C] -- C:\Users\Mahlon\Dropbox
[2012/08/14 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/14 17:40:38 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\AppData\Roaming\Dropbox
[2012/08/13 15:06:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Programity
[2012/07/31 20:57:37 | 000,000,000 | ---D | C] -- C:\Users\Mahlon\AppData\Roaming\Programity
[2012/07/31 20:46:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2012/07/31 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/07/31 20:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008

========== Files - Modified Within 30 Days ==========

[2012/08/23 13:47:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/23 13:47:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/23 13:41:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mahlon\Desktop\OTL.exe
[2012/08/23 13:40:59 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) -- C:\Users\Mahlon\Desktop\explorer.exe
[2012/08/23 13:38:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 13:38:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 13:37:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/23 13:37:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133315707-2966105254-3010795139-1001UA.job
[2012/08/23 13:32:11 | 000,966,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/23 13:32:11 | 000,792,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/23 13:32:11 | 000,172,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/23 13:25:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 13:25:14 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 10:38:41 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-133315707-2966105254-3010795139-1001Core.job
[2012/08/23 00:15:39 | 000,021,706 | ---- | M] () -- C:\Users\Mahlon\Documents\cc_20120823_001530.reg
[2012/08/23 00:14:15 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/22 20:36:23 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/08/22 15:26:03 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 14:34:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/22 14:31:11 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/22 14:31:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/22 13:35:11 | 000,000,437 | ---- | M] () -- C:\Users\Mahlon\Desktop\cube.obj
[2012/08/21 18:08:25 | 000,014,781 | ---- | M] () -- C:\Users\Mahlon\Desktop\WOFDiagram.odg
[2012/08/21 13:50:35 | 000,001,029 | ---- | M] () -- C:\Users\Mahlon\Desktop\Applications.lnk
[2012/08/21 13:45:33 | 000,001,709 | ---- | M] () -- C:\Users\Mahlon\Desktop\Google Drive.lnk
[2012/08/21 11:21:10 | 000,964,466 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/21 05:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 05:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 05:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 05:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 05:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 05:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 05:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/19 16:25:18 | 000,004,924 | ---- | M] () -- C:\Users\Mahlon\Desktop\GameClient.cpp
[2012/08/17 15:55:40 | 000,318,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 17:41:20 | 000,001,063 | ---- | M] () -- C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

========== Files Created - No Company Name ==========

[2012/08/23 00:15:36 | 000,021,706 | ---- | C] () -- C:\Users\Mahlon\Documents\cc_20120823_001530.reg
[2012/08/23 00:14:15 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/22 15:26:03 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 14:31:11 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/22 14:31:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/22 13:35:17 | 000,000,437 | ---- | C] () -- C:\Users\Mahlon\Desktop\cube.obj
[2012/08/21 18:00:16 | 000,014,781 | ---- | C] () -- C:\Users\Mahlon\Desktop\WOFDiagram.odg
[2012/08/21 13:50:35 | 000,001,029 | ---- | C] () -- C:\Users\Mahlon\Desktop\Applications.lnk
[2012/08/21 13:45:33 | 000,001,709 | ---- | C] () -- C:\Users\Mahlon\Desktop\Google Drive.lnk
[2012/08/21 13:42:41 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 13:42:40 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 23:06:44 | 2351,316,992 | ---- | C] () -- C:\Users\Mahlon\Desktop\Visual_Studio2010_Professional_x86_x16-81637.img
[2012/08/14 18:50:35 | 000,004,924 | ---- | C] () -- C:\Users\Mahlon\Desktop\GameClient.cpp
[2012/08/14 17:41:20 | 000,001,063 | ---- | C] () -- C:\Users\Mahlon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/02 14:21:57 | 000,077,576 | ---- | C] () -- C:\Users\Mahlon\video-game-memes-cruel-god.jpg
[2012/04/22 11:59:12 | 000,046,188 | ---- | C] () -- C:\Users\Mahlon\crazy-parenting-fails-the-little-engine-that-could-but-wont-because-he-doesnt-want-to.jpg
[2012/04/16 19:09:48 | 000,328,609 | ---- | C] () -- C:\Users\Mahlon\pokmon-pokemon-skyrim-edition.png
[2012/04/06 21:49:22 | 000,000,242 | ---- | C] () -- C:\Windows\wininit.ini
[2012/02/09 20:44:21 | 000,000,600 | ---- | C] () -- C:\Users\Mahlon\AppData\Local\PUTTY.RND
[2012/02/09 12:10:31 | 000,343,040 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll
[2012/02/09 12:10:31 | 000,256,512 | ---- | C] () -- C:\Windows\SysWow64\glew32mx.dll
[2012/01/16 18:10:18 | 002,752,908 | ---- | C] () -- C:\Users\Mahlon\Z990_xUG_GLB_en.pdf
[2011/12/10 01:30:34 | 000,009,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\ISODisk.sys
[2011/11/30 17:51:29 | 000,000,284 | ---- | C] () -- C:\Users\Mahlon\deficiency.CLP
[2011/08/30 12:18:04 | 000,000,174 | ---- | C] () -- C:\Users\Mahlon\.packettracer
[2011/07/20 18:13:58 | 000,136,518 | ---- | C] () -- C:\Users\Mahlon\castle.xsp
[2011/06/09 22:37:11 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2011/05/30 00:08:20 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/07 19:17:55 | 000,000,109 | ---- | C] () -- C:\Users\Mahlon\webct_upload_applet.properties
[2011/05/06 23:14:31 | 000,000,217 | ---- | C] () -- C:\Windows\makedeploy.ini
[2011/05/05 17:06:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/05 16:41:05 | 000,001,253 | ---- | C] () -- C:\Users\Mahlon\Nullsoft Install System.lnk
[2011/05/05 16:15:27 | 000,964,466 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/07 18:24:31 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/03/07 18:24:31 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll
[2011/03/07 18:24:31 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2011/03/07 18:24:31 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe
[2011/03/07 18:24:31 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2011/03/07 18:24:31 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/11/15 23:07:48 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010/11/15 23:06:57 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/15 23:03:20 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/15 23:03:20 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/15 23:03:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/15 23:03:20 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/15 23:03:19 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== LOP Check ==========

[2012/05/02 21:49:10 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\.minecraft
[2011/05/06 12:26:52 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\acccore
[2011/05/07 23:59:18 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Blender Foundation
[2011/12/23 02:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Broad Intelligence
[2012/08/14 23:10:28 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\DAEMON Tools Lite
[2012/08/23 13:27:16 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Dropbox
[2012/05/11 22:59:27 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\e-academy Inc
[2012/05/05 02:51:22 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\FileZilla
[2012/03/08 12:39:45 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Firefly Studios
[2012/01/22 18:10:14 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\fltk.org
[2011/09/27 01:37:48 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\FreeFLVConverter
[2011/11/05 13:42:46 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\GetRightToGo
[2011/11/20 15:13:43 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\ImgBurn
[2011/11/23 22:03:51 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Kaneva
[2012/02/14 18:29:58 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\LANDesk
[2012/03/30 13:24:04 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\MotioninJoy
[2011/11/23 21:40:07 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Neverball
[2011/05/06 13:52:47 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Notepad++
[2012/01/18 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\openBVE
[2011/08/24 12:26:23 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\OpenOffice.org
[2012/07/31 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Programity
[2011/05/12 16:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\SNS
[2011/06/21 13:11:15 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Stellarium
[2012/04/06 21:37:29 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Sublime Text 2
[2012/04/09 23:20:26 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\SystemRequirementsLab
[2011/10/29 11:15:58 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\UDP Software
[2011/06/06 23:40:31 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Unity
[2012/02/25 12:39:58 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\uTorrent
[2012/01/24 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\webex
[2011/07/16 22:09:53 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\WildTangent
[2011/06/26 17:11:54 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Windows Live Writer
[2011/10/28 00:34:28 | 000,000,000 | ---D | M] -- C:\Users\Mahlon\AppData\Roaming\Wireshark
[2012/04/02 11:03:15 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/17 15:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/08/23 13:40:59 | 000,751,581 | ---- | M] (maliprog @ Geekstogo) MD5=68A2BFF920C4D32644F97942756FB2B4 -- C:\Users\Mahlon\Desktop\explorer.exe
[2010/02/04 06:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/17 15:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 06:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/17 15:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 06:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/17 15:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 06:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/17 15:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/07/17 15:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/07/17 15:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 931 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\View Baldur's Gate: Tales of The Sword Coast Readme.lnk
@Alternate Data Stream - 847 bytes -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Baldur's Gate: Tales of the Sword Coast.lnk

< End of report >

[mwinstead]

OTL Extras logfile created on: 8/23/2012 1:44:33 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Mahlon\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 46.41% Memory free
7.36 Gb Paging File | 5.01 Gb Available in Paging File | 68.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 266.60 Gb Free Space | 59.03% Space Free | Partition Type: NTFS

Computer Name: MAHLONSLAPTOP | User Name: Mahlon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0001C1FF-19F8-48CB-9301-B56E09241E65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{05B6F771-A817-4A7C-8ED9-B955FCBCCDE3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{12B3D6FF-3176-41A9-BD43-B427E9C0EBC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A2F7A0F-6200-4630-A4B9-E3377277050B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{210B0905-9B07-4700-A435-A6ACCFCD6641}" = lport=139 | protocol=6 | dir=in | app=system |
"{2256AE76-BEFB-4D94-86B4-0F9346FBE907}" = lport=25857 | protocol=17 | dir=in | name=game |
"{29706960-12E2-45C2-87DE-673B1BE3DE3E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37B04143-A52D-4D79-8209-1A954771812C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3C1795F1-6A48-49CD-BC2B-E84127AD0672}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D0F7958-17DC-4BAD-A20D-3BBC594DDCEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{4D33A380-E762-4500-9A29-BB3C3A0F3C14}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50DA6A9C-5536-4434-8D0A-258834439624}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D8A04BB-8A8E-4F3E-A9CE-6A9A2A96C2F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{60AB61FD-06AE-468E-BEA7-C574CB6E8CB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{643C5AD3-415B-4CD4-8047-B4B0FEDFB466}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6654656C-BF45-446D-B765-304B670DF131}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66979DBF-78BA-4D62-9843-7BAB69C524DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{743E400B-5BE1-41D3-B44D-50A23FF5D313}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75FAC5EE-BD2E-4FBD-A9BF-F57D3FABDACE}" = rport=445 | protocol=6 | dir=out | app=system |
"{77CEE8DE-2925-485A-94B6-0AF10CAE4D8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EACE4E6-04FE-47E1-BD77-186A10B9D5DE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{81ABBA60-CE72-47E3-A10F-A5F4ED5AB762}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{8C2BC70E-BFB8-407C-9912-514FA27673E7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C333394-C12B-43C2-8BC2-B4355E9828F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2095E1C-87D6-4845-A884-FD588428D48B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A41C52CD-F2C6-477B-8AC6-8F74948B7188}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3C43789-10CC-41FC-81B3-F7A2D5BC85E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B87C74CF-3895-49B6-90E6-D227F5A1F459}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFAA77E7-8899-42A2-A39B-9ED9CCA0DDE7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C5F019D7-BB00-432A-B6CA-D07053A0DD2B}" = lport=80 | protocol=17 | dir=in | name=http |
"{CC7FC010-74B4-4547-B40C-AF5A88884FBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D60D64CA-B8CB-4E9B-9776-8D8A47ACAD0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC325A77-3EF7-47F9-B512-1846C25050B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DC7278C1-FB37-45DB-83B6-33B7DAF6DC5B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4D82097-92DF-4650-AC22-73084D06389C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F0D1FCAA-D507-4104-AE91-A0DF2957FA2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0248DEE0-D378-4724-B962-7F56958451D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\cba\pds.exe |
"{03058A48-29BF-4F5C-9B21-0B59E77D4797}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{094BE3C2-29F9-4676-B594-9EBBBEAACE35}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{09E9C260-C6EF-4D39-A52C-AB41A1A9FB44}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{0E01F543-D545-43C2-9AD4-DE71104E30BB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0E5ED01F-22CD-46B2-9A4B-221E6E16E259}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{11E8DF70-5070-4A3C-A313-E1ADED473D25}" = protocol=1 | dir=in | [email protected],-28543 |
"{120447C7-E984-4A13-8479-10FDE9A17B00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1762F02C-3BEA-4D3D-A8A1-670C02F3CEA7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2720C468-3941-4F4D-BD3C-C654963CC63B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{2A634D3E-16B2-4D61-876B-16A9B4FDF75D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30BFB250-9132-40F4-8860-0BFA598BB1DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{345F179C-247E-47F2-BF5A-C362810EA9BA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3940FE37-1BFF-48FE-8DA4-73E37E573B66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{39DCF900-71EF-4F72-9A46-93A1BE075A58}" = protocol=58 | dir=in | [email protected],-28545 |
"{3C7B3CB6-1654-4F6E-A691-143210061DD8}" = protocol=17 | dir=in | app=c:\program files (x86)\landesk\ldclient\tmcsvc.exe |
"{3C95F4C5-C09B-4146-8599-706730ACF8AD}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{43066347-7382-423A-98D4-DFAC8350B6CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48294F81-E60F-4F37-8CA7-69427FAD6695}" = protocol=6 | dir=out | app=system |
"{4EE0775F-EEEB-437D-AF75-DB679E4C3583}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EF92513-E484-43C7-A93C-C09FE87F3E27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{591F23D1-6042-4D7E-9CE7-6D61017FE37B}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{5C611696-2E00-4600-B2D9-D890E38F04A7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{5D90B8C7-292A-4290-9A90-F2DDF58C0110}" = protocol=1 | dir=out | [email protected],-28544 |
"{5E8CA9AF-1510-49C6-A6B6-CEB2B3B46048}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5FE578E3-B72B-47F4-AD58-04E9A8130E4D}" = protocol=17 | dir=in | app=c:\program files (x86)\landesk\ldclient\issuser.exe |
"{69C8E48F-C745-4325-97E3-39F7E4CB6CB8}" = protocol=6 | dir=in | app=c:\windows\syswow64\msgsys.exe |
"{6E3B595D-CC29-464C-9CDF-89B3D6EAF389}" = protocol=6 | dir=in | app=c:\users\mahlon\appdata\roaming\dropbox\bin\dropbox.exe |
"{70003D91-9366-497E-B0C0-82E77B867367}" = dir=in | app=c:\program files (x86)\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{728F52CD-EE7F-4BDD-8492-B15E309ADF25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{734F6BFB-B6F4-455A-A029-45A7BF8539EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{73CDC5AE-F00B-484B-ACD6-91E899F4DAA2}" = protocol=17 | dir=in | app=c:\users\mahlon\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CE5D8FD-C207-414D-BB33-EB327945A479}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8068FB5F-E473-40FF-9B19-EF975770289E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evochron mercenary\evochronmercenary.exe |
"{8214550D-E321-4B15-B036-83F046FB2E23}" = protocol=6 | dir=in | app=c:\program files (x86)\landesk\ldclient\issuser.exe |
"{952FF56D-0FE3-49E5-A8B1-933691E4B175}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E2D9D41-98A6-486B-8224-BA9EAA435715}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{A02174AA-CBB3-4680-9E0C-A45FED7A32A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0EA1C02-AA91-4AD5-8786-2192CD93E5C9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{A2825AD2-403C-4FCB-8682-FB66263240A5}" = protocol=58 | dir=out | [email protected],-28546 |
"{A503B931-D898-4CF6-9AC6-3733F6E1B45D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A58A2857-C587-477B-92CC-D6DD39D4C8BF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A675FD6E-BBC3-4437-8F06-0CF6119B9752}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AD4D9BCE-72E2-4F14-B2D0-5671ADEE5F53}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{AF3E71FF-786D-457F-96CE-C40D09AE6EC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF5C0DB8-49B8-4564-B431-2D94537B58EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msgsys.exe |
"{C1D9D49A-D46C-42AB-B33D-D77EF2E3CEB3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{C1FFB300-BE17-42B4-82D8-F31B2277687B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C6E59C70-50F5-47CB-9ADE-BDDDA492EDF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CFE39EF4-0325-49C9-8581-F56A60E7AED3}" = protocol=6 | dir=in | app=c:\program files (x86)\landesk\ldclient\tmcsvc.exe |
"{D21843EE-1228-4098-80AE-52492C9DDA09}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D328A0F5-AA83-44C8-B75D-9A71FB35DFD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\evochron mercenary\evochronmercenary.exe |
"{D40E9865-45AC-4A44-88F2-3D099C5659D9}" = protocol=17 | dir=in | app=c:\program files (x86)\landesk\shared files\residentagent.exe |
"{E2ED3EA1-F162-488A-9593-C432CDD61C6B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe |
"{EBECF4C9-FDCB-4C99-80CD-3E2723B089E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\cba\pds.exe |
"{F0F72C0E-524E-498D-9EF9-8117187230F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F61BF52A-5AF1-4B3D-B658-DBC449E59AD5}" = dir=in | app=c:\program files (x86)\microsoft xna\xna game studio\v4.0\bin\xnaliveproxy.exe |
"{F98357F9-5A83-48EA-9CD0-7E41EF38F53A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FB36A240-3DF3-426F-9BC2-B61F0C16006F}" = protocol=6 | dir=in | app=c:\program files (x86)\landesk\shared files\residentagent.exe |
"TCP Query User{23209CDB-7DFC-487B-8716-A6F04DB8ACF8}C:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe |
"TCP Query User{26CAF105-BACE-4E01-A78D-0B3DB2625EBD}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\debug\server.vshost.exe" = protocol=6 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\debug\server.vshost.exe |
"TCP Query User{3B5290E5-FF35-4B34-84E6-579795EC9813}C:\programdata\cisco packet tracer 5.3.1\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\programdata\cisco packet tracer 5.3.1\bin\packettracer5.exe |
"TCP Query User{54FD882D-2DB5-4812-9373-D75BCF929A5C}C:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe |
"TCP Query User{6676C65A-AE89-4D69-BDCB-999504061FB4}C:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe |
"TCP Query User{849E9F37-B9BA-4DA7-BF60-235F2A733E50}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B34148D7-E130-42FC-992B-BBA9F4C10B0B}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{B8343520-E5B4-4C74-A189-4748C23D0BF1}C:\program files (x86)\kaneva\star\3296\kepclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaneva\star\3296\kepclient.exe |
"TCP Query User{BFF4975B-6F93-43BF-852E-07D25022824E}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe" = protocol=6 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe |
"TCP Query User{D108B97A-018C-46FD-9E42-9AE88DA4AEF2}C:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe |
"TCP Query User{E37C49BF-8F5E-490D-BB97-C99AE8AAD2FF}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe" = protocol=6 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe |
"UDP Query User{096ACAA2-18F3-4E74-8FB5-D7B2ECD52BAA}C:\program files (x86)\kaneva\star\3296\kepclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaneva\star\3296\kepclient.exe |
"UDP Query User{51EAE32C-CA15-49B4-BAA9-E94F3A92B29A}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe" = protocol=17 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe |
"UDP Query User{54337E31-E1B8-47BE-8270-D81785BE3BE0}C:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe |
"UDP Query User{5969407C-A567-4C5C-80E5-78F8EC669B01}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{68D47480-2EAC-4FF6-816D-0AFFEF4E4AAA}C:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe |
"UDP Query User{9A1D194A-A37F-4C9B-B4AE-89CA1601C77D}C:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\hfs\hfs.exe |
"UDP Query User{9C116238-B39B-474A-A43F-28724438D816}C:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kaneva\kaneva platform\bin\kgpserver.exe |
"UDP Query User{C3772CFB-598C-4E3C-9768-F634029ECF7C}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{DAB467D1-B89A-4A1B-B81D-189C9430E2E8}C:\programdata\cisco packet tracer 5.3.1\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\programdata\cisco packet tracer 5.3.1\bin\packettracer5.exe |
"UDP Query User{E3F77A53-072B-420B-8F0D-0A70C71B197E}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe" = protocol=17 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\release\server.vshost.exe |
"UDP Query User{E5245F52-CDBD-4DA2-A28B-FD5177F1100E}C:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\debug\server.vshost.exe" = protocol=17 | dir=in | app=c:\users\mahlon\documents\visual studio 2008\projects\server\server\bin\debug\server.vshost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = Microsoft SQL Server 2008 Database Engine Services
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}" = Microsoft SQL Server System CLR Types (x64)
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Blender" = Blender
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Ext2Fsd_is1" = Ext2Fsd 0.51
"Logitech Unifying" = Logitech Unifying Software 2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Sublime Text 2_is1" = Sublime Text 2 Build 2181
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}" = OpenAL 1.1 Core PC SDK (ver 3.05)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21152143-88C4-4BAF-A5BD-200D71FFEF93}" = MySQL Server 5.0
"{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{335B76D9-EDD2-4AFC-96D7-54007CD83AC2}" = Enterasys NAC Assessment Agent
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{45734758-4041-4EA8-8E62-DE661FC3879C}" = LANDesk® Common Base Agent 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66AACE4B-A3C8-4393-85B4-3650DD424083}" = CLIPS
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}" = LANDesk Advance Agent
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80FEC3DA-A0D2-4E37-B3D9-F4C5B377228A}" = Horizon Business Manager
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C143ECA-4787-410D-B345-AE5CA51CA900}" = Enterasys NAC Assessment Agent
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.7 MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate™ II - Throne of Bhaal ™
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25C502E-FF51-424C-8C38-8596FE47D0CD}" = Visual Studio 2010 SP1 Tools for SQL Server Compact 4.0 ENU
"{d4287985-5178-4ff8-ac5a-d8f855dfe90e}" = Nero 9 Essentials
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}" = Livestream Procaster
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161" = Visual C++ 2008 x64 Runtime - v9.0.30729.6161
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"3296" = World of Kaneva v4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"AIM_7" = AIM 7
"avast" = avast! Free Antivirus
"Baldur's Gate" = Baldur's Gate
"Baldur's Gate Tutu" = Baldur's Gate Tutu
"BN_DesktopReader" = NOOK for PC
"Cisco Packet Tracer 5.3.1_is1" = Cisco Packet Tracer 5.3.1
"ControlMK" = ControlMK 0.232
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.1.0
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"FreeType-2.3.5-1_is1" = GnuWin32: FreeType-2.3.5-1
"Gateway Game Console" = Gateway Game Console
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Icewind Dale" = Icewind Dale
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}" = OpenAL 1.1 Core PC SDK (ver 3.05)
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Kaneva STAR" = Kaneva Platform
"LManager" = Launch Manager
"Lua_is1" = Lua for Windows 5.1.4-40
"Mabinogi" = Mabinogi
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaCoder" = MediaCoder 2011
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MySQL-python-py2.4" = Python 2.4 MySQL-python-1.2.2
"Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.10.02
"Notepad++" = Notepad++
"NSIS" = Nullsoft Install System
"OpenAL" = OpenAL
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"STDU Viewer_is1" = STDU Viewer version 1.6.62.0
"Steam App 105600" = Terraria
"Steam App 47410" = Stronghold Kingdoms
"Steam App 71000" = Evochron Mercenary
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"VP Suite 5.3" = VP Suite 5.3
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.2
"WT088049" = Agatha Christie - Death on the Nile
"WT088062" = Bejeweled 2 Deluxe
"WT088067" = Build-a-lot 2
"WT088074" = Chuzzle Deluxe
"WT088080" = Diner Dash 2 Restaurant Rescue
"WT088115" = Jewel Quest Solitaire 2
"WT088135" = Plants vs. Zombies
"WT088375" = Blackhawk Striker 2
"WT088395" = Dora's Carnival Adventure
"WT088415" = FATE
"WT088447" = John Deere Drive Green
"WT088451" = Penguins!
"WT088455" = Polar Bowler
"WT088459" = Polar Golfer
"WT088507" = Virtual Villagers 4 - The Tree of Life
"WT088546" = Zuma's Revenge
"WT088651" = 18 Wheels of Steel - American Long Haul
"WT088655" = Jewel Quest - Heritage
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.0.1 (ansi) for Python 2.5
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BD5F3A9C-22D5-4C1D-AEA0-ED1BE83A1E67}_is1" = Ruby 1.9.2-p180
"ActiveTouchMeetingClient" = WebEx
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2011 2:59:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 2:59:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 2:59:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:33 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:33 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:33 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:33 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:01:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

Error - 11/6/2011 3:31:34 AM | Computer Name = MahlonsLaptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: The data is invalid. .

[ System Events ]
Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7034
Description = The LANDesk® Software Monitoring Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7034
Description = The MySQL service terminated unexpectedly. It has done this 1 time(s).

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7034
Description = The Intel® Rapid Storage Technology service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7034
Description = The Intel® Management & Security Application User Notification Service
service terminated unexpectedly. It has done this 1 time(s).

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 8/23/2012 1:42:39 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 8/23/2012 1:42:40 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7034
Description = The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/23/2012 1:43:09 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Search service, but
this action failed with the following error: %%1056

Error - 8/23/2012 1:44:01 PM | Computer Name = MahlonsLaptop | Source = Service Control Manager | ID = 7000
Description = The KGPController service failed to start due to the following error:
%%5


< End of report >

[mwinstead]

14:17:23.0932 4900 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
14:17:24.0486 4900 ============================================================
14:17:24.0486 4900 Current date / time: 2012/08/23 14:17:24.0486
14:17:24.0486 4900 SystemInfo:
14:17:24.0486 4900
14:17:24.0486 4900 OS Version: 6.1.7600 ServicePack: 0.0
14:17:24.0486 4900 Product type: Workstation
14:17:24.0486 4900 ComputerName: MAHLONSLAPTOP
14:17:24.0487 4900 UserName: Mahlon
14:17:24.0487 4900 Windows directory: C:\Windows
14:17:24.0487 4900 System windows directory: C:\Windows
14:17:24.0487 4900 Running under WOW64
14:17:24.0487 4900 Processor architecture: Intel x64
14:17:24.0487 4900 Number of processors: 4
14:17:24.0487 4900 Page size: 0x1000
14:17:24.0487 4900 Boot type: Normal boot
14:17:24.0487 4900 ============================================================
14:17:25.0058 4900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:17:25.0064 4900 ============================================================
14:17:25.0064 4900 \Device\Harddisk0\DR0:
14:17:25.0064 4900 MBR partitions:
14:17:25.0064 4900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
14:17:25.0064 4900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x38753000
14:17:25.0064 4900 ============================================================
14:17:25.0108 4900 C: <-> \Device\Harddisk0\DR0\Partition2
14:17:25.0108 4900 ============================================================
14:17:25.0108 4900 Initialize success
14:17:25.0108 4900 ============================================================
14:17:53.0381 2272 ============================================================
14:17:53.0381 2272 Scan started
14:17:53.0381 2272 Mode: Manual; SigCheck; TDLFS;
14:17:53.0381 2272 ============================================================
14:17:53.0888 2272 ================ Scan system memory ========================
14:17:53.0888 2272 System memory - ok
14:17:53.0888 2272 ================ Scan services =============================
14:17:54.0103 2272 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:17:54.0336 2272 1394ohci - ok
14:17:54.0470 2272 3dApp-MTWTestApp4 - ok
14:17:54.0495 2272 3dApp-MTWTestApp5 - ok
14:17:54.0501 2272 3dApp-MTWTestApp6 - ok
14:17:54.0525 2272 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
14:17:54.0544 2272 ACPI - ok
14:17:54.0588 2272 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
14:17:54.0661 2272 AcpiPmi - ok
14:17:54.0756 2272 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:17:54.0771 2272 AdobeARMservice - ok
14:17:54.0921 2272 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:17:54.0937 2272 AdobeFlashPlayerUpdateSvc - ok
14:17:54.0986 2272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:17:55.0007 2272 adp94xx - ok
14:17:55.0057 2272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:17:55.0078 2272 adpahci - ok
14:17:55.0111 2272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:17:55.0127 2272 adpu320 - ok
14:17:55.0162 2272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:17:55.0325 2272 AeLookupSvc - ok
14:17:55.0403 2272 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
14:17:55.0481 2272 AFD - ok
14:17:55.0525 2272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
14:17:55.0539 2272 agp440 - ok
14:17:55.0580 2272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:17:55.0637 2272 ALG - ok
14:17:55.0681 2272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
14:17:55.0694 2272 aliide - ok
14:17:55.0869 2272 ALSysIO - ok
14:17:55.0913 2272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
14:17:55.0926 2272 amdide - ok
14:17:55.0955 2272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:17:56.0012 2272 AmdK8 - ok
14:17:56.0023 2272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:17:56.0039 2272 AmdPPM - ok
14:17:56.0083 2272 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:17:56.0098 2272 amdsata - ok
14:17:56.0153 2272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:17:56.0170 2272 amdsbs - ok
14:17:56.0197 2272 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:17:56.0210 2272 amdxata - ok
14:17:56.0263 2272 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
14:17:56.0365 2272 AppID - ok
14:17:56.0407 2272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:17:56.0473 2272 AppIDSvc - ok
14:17:56.0544 2272 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
14:17:56.0581 2272 Appinfo - ok
14:17:56.0611 2272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:17:56.0625 2272 arc - ok
14:17:56.0634 2272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:17:56.0647 2272 arcsas - ok
14:17:56.0774 2272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:17:56.0787 2272 aspnet_state - ok
14:17:56.0831 2272 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:17:56.0970 2272 aswFsBlk - ok
14:17:57.0032 2272 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:17:57.0047 2272 aswMonFlt - ok
14:17:57.0090 2272 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:17:57.0102 2272 aswRdr - ok
14:17:57.0193 2272 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:17:57.0226 2272 aswSnx - ok
14:17:57.0255 2272 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:17:57.0273 2272 aswSP - ok
14:17:57.0277 2272 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:17:57.0289 2272 aswTdi - ok
14:17:57.0330 2272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:57.0375 2272 AsyncMac - ok
14:17:57.0423 2272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
14:17:57.0435 2272 atapi - ok
14:17:57.0516 2272 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:17:57.0604 2272 athr - ok
14:17:57.0683 2272 [ 1FD0FA6618B31FAD14385740D0F6C333 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:17:57.0703 2272 atksgt - ok
14:17:57.0762 2272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:17:57.0849 2272 AudioEndpointBuilder - ok
14:17:57.0860 2272 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:17:57.0902 2272 AudioSrv - ok
14:17:58.0038 2272 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:17:58.0055 2272 avast! Antivirus - ok
14:17:58.0097 2272 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:17:58.0176 2272 AxInstSV - ok
14:17:58.0230 2272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:17:58.0289 2272 b06bdrv - ok
14:17:58.0323 2272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:17:58.0376 2272 b57nd60a - ok
14:17:58.0449 2272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:17:58.0489 2272 BDESVC - ok
14:17:58.0515 2272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:17:58.0589 2272 Beep - ok
14:17:58.0654 2272 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
14:17:58.0702 2272 BFE - ok
14:17:58.0744 2272 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
14:17:58.0822 2272 BITS - ok
14:17:58.0865 2272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:17:58.0898 2272 blbdrive - ok
14:17:58.0942 2272 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:17:59.0003 2272 bowser - ok
14:17:59.0031 2272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:17:59.0067 2272 BrFiltLo - ok
14:17:59.0103 2272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:17:59.0122 2272 BrFiltUp - ok
14:17:59.0161 2272 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
14:17:59.0217 2272 Browser - ok
14:17:59.0238 2272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:17:59.0276 2272 Brserid - ok
14:17:59.0293 2272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:17:59.0330 2272 BrSerWdm - ok
14:17:59.0348 2272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:17:59.0392 2272 BrUsbMdm - ok
14:17:59.0411 2272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:17:59.0446 2272 BrUsbSer - ok
14:17:59.0473 2272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:17:59.0517 2272 BTHMODEM - ok
14:17:59.0594 2272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:17:59.0657 2272 bthserv - ok
14:17:59.0765 2272 [ 81BDC21BC71E03D6233CEDD1C0C4BB7E ] CBA8 C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
14:17:59.0789 2272 CBA8 ( UnsignedFile.Multi.Generic ) - warning
14:17:59.0789 2272 CBA8 - detected UnsignedFile.Multi.Generic (1)
14:17:59.0822 2272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:17:59.0881 2272 cdfs - ok
14:17:59.0922 2272 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:17:59.0958 2272 cdrom - ok
14:18:00.0000 2272 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
14:18:00.0056 2272 CertPropSvc - ok
14:18:00.0094 2272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:18:00.0137 2272 circlass - ok
14:18:00.0170 2272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:18:00.0191 2272 CLFS - ok
14:18:00.0248 2272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:18:00.0262 2272 clr_optimization_v2.0.50727_32 - ok
14:18:00.0300 2272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:18:00.0312 2272 clr_optimization_v2.0.50727_64 - ok
14:18:00.0426 2272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:18:00.0444 2272 clr_optimization_v4.0.30319_32 - ok
14:18:00.0461 2272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:18:00.0473 2272 clr_optimization_v4.0.30319_64 - ok
14:18:00.0506 2272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:18:00.0542 2272 CmBatt - ok
14:18:00.0566 2272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
14:18:00.0579 2272 cmdide - ok
14:18:00.0629 2272 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
14:18:00.0694 2272 CNG - ok
14:18:00.0747 2272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:18:00.0760 2272 Compbatt - ok
14:18:00.0782 2272 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:18:00.0817 2272 CompositeBus - ok
14:18:00.0826 2272 COMSysApp - ok
14:18:00.0842 2272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:18:00.0856 2272 crcdisk - ok
14:18:00.0903 2272 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:18:00.0953 2272 CryptSvc - ok
14:18:01.0018 2272 CrystalSysInfo - ok
14:18:01.0060 2272 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:18:01.0137 2272 DcomLaunch - ok
14:18:01.0175 2272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:18:01.0241 2272 defragsvc - ok
14:18:01.0278 2272 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:18:01.0330 2272 DfsC - ok
14:18:01.0357 2272 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
14:18:01.0455 2272 Dhcp - ok
14:18:01.0514 2272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:18:01.0589 2272 discache - ok
14:18:01.0638 2272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:18:01.0654 2272 Disk - ok
14:18:01.0693 2272 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:18:01.0727 2272 Dnscache - ok
14:18:01.0779 2272 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
14:18:01.0830 2272 dot3svc - ok
14:18:01.0850 2272 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
14:18:01.0896 2272 DPS - ok
14:18:01.0918 2272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:18:01.0951 2272 drmkaud - ok
14:18:02.0032 2272 [ 9CF46FDF163E06B83D03FF929EF2296C ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:18:02.0051 2272 DsiWMIService - ok
14:18:02.0099 2272 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:18:02.0115 2272 dtsoftbus01 - ok
14:18:02.0177 2272 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:18:02.0211 2272 DXGKrnl - ok
14:18:02.0251 2272 EagleX64 - ok
14:18:02.0275 2272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:18:02.0324 2272 EapHost - ok
14:18:02.0409 2272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:18:02.0507 2272 ebdrv - ok
14:18:02.0545 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
14:18:02.0593 2272 EFS - ok
14:18:02.0663 2272 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:18:02.0708 2272 ehRecvr - ok
14:18:02.0742 2272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:18:02.0760 2272 ehSched - ok
14:18:02.0807 2272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:18:02.0831 2272 elxstor - ok
14:18:02.0919 2272 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
14:18:02.0950 2272 ePowerSvc - ok
14:18:02.0971 2272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
14:18:03.0003 2272 ErrDev - ok
14:18:03.0050 2272 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
14:18:03.0068 2272 ETD - ok
14:18:03.0106 2272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:18:03.0159 2272 EventSystem - ok
14:18:03.0186 2272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:18:03.0242 2272 exfat - ok
14:18:03.0325 2272 [ 86B0FBC17425B0A00D431B3C8F4D2F9D ] Ext2Fsd C:\Windows\system32\drivers\Ext2Fsd.sys
14:18:03.0353 2272 Ext2Fsd - ok
14:18:03.0397 2272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:18:03.0466 2272 fastfat - ok
14:18:03.0531 2272 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
14:18:03.0588 2272 Fax - ok
14:18:03.0618 2272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:18:03.0642 2272 fdc - ok
14:18:03.0657 2272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:18:03.0697 2272 fdPHost - ok
14:18:03.0725 2272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:18:03.0784 2272 FDResPub - ok
14:18:03.0829 2272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:18:03.0845 2272 FileInfo - ok
14:18:03.0866 2272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:18:03.0924 2272 Filetrace - ok
14:18:03.0967 2272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:18:03.0998 2272 flpydisk - ok
14:18:04.0018 2272 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:18:04.0035 2272 FltMgr - ok
14:18:04.0095 2272 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
14:18:04.0192 2272 FontCache - ok
14:18:04.0245 2272 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:18:04.0257 2272 FontCache3.0.0.0 - ok
14:18:04.0269 2272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:18:04.0282 2272 FsDepends - ok
14:18:04.0317 2272 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:18:04.0330 2272 Fs_Rec - ok
14:18:04.0380 2272 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:18:04.0397 2272 fvevol - ok
14:18:04.0438 2272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:18:04.0452 2272 gagp30kx - ok
14:18:04.0531 2272 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
14:18:04.0549 2272 GameConsoleService - ok
14:18:04.0596 2272 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
14:18:04.0646 2272 gpsvc - ok
14:18:04.0688 2272 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
14:18:04.0700 2272 GREGService - ok
14:18:04.0765 2272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:18:04.0779 2272 gupdate - ok
14:18:04.0801 2272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:18:04.0811 2272 gupdatem - ok
14:18:04.0830 2272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:18:04.0896 2272 hcw85cir - ok
14:18:04.0924 2272 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:18:04.0954 2272 HdAudAddService - ok
14:18:04.0977 2272 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:18:05.0003 2272 HDAudBus - ok
14:18:05.0042 2272 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:18:05.0054 2272 HECIx64 - ok
14:18:05.0075 2272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:18:05.0092 2272 HidBatt - ok
14:18:05.0130 2272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:18:05.0174 2272 HidBth - ok
14:18:05.0216 2272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:18:05.0256 2272 HidIr - ok
14:18:05.0282 2272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:18:05.0340 2272 hidserv - ok
14:18:05.0389 2272 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:18:05.0426 2272 HidUsb - ok
14:18:05.0464 2272 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:18:05.0530 2272 hkmsvc - ok
14:18:05.0570 2272 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:18:05.0616 2272 HomeGroupListener - ok
14:18:05.0652 2272 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:18:05.0672 2272 HomeGroupProvider - ok
14:18:05.0698 2272 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
14:18:05.0712 2272 HpSAMD - ok
14:18:05.0748 2272 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:18:05.0809 2272 HTTP - ok
14:18:05.0829 2272 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:18:05.0841 2272 hwpolicy - ok
14:18:05.0878 2272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:18:05.0896 2272 i8042prt - ok
14:18:05.0961 2272 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:18:05.0980 2272 iaStor - ok
14:18:06.0045 2272 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:18:06.0055 2272 IAStorDataMgrSvc - ok
14:18:06.0086 2272 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:18:06.0106 2272 iaStorV - ok
14:18:06.0155 2272 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:18:06.0182 2272 idsvc - ok
14:18:06.0408 2272 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:18:06.0708 2272 igfx - ok
14:18:06.0747 2272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:18:06.0761 2272 iirsp - ok
14:18:06.0805 2272 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
14:18:06.0895 2272 IKEEXT - ok
14:18:06.0940 2272 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
14:18:06.0975 2272 Impcd - ok
14:18:07.0060 2272 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:18:07.0149 2272 IntcAzAudAddService - ok
14:18:07.0192 2272 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:18:07.0225 2272 IntcDAud - ok
14:18:07.0324 2272 [ AD1E8DCDD8F0356AAB773D3416EFF834 ] Intel Local Scheduler Service C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
14:18:07.0354 2272 Intel Local Scheduler Service ( UnsignedFile.Multi.Generic ) - warning
14:18:07.0354 2272 Intel Local Scheduler Service - detected UnsignedFile.Multi.Generic (1)
14:18:07.0364 2272 Intel PDS - ok
14:18:07.0402 2272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
14:18:07.0416 2272 intelide - ok
14:18:07.0438 2272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:18:07.0464 2272 intelppm - ok
14:18:07.0488 2272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:18:07.0543 2272 IPBusEnum - ok
14:18:07.0561 2272 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:18:07.0621 2272 IpFilterDriver - ok
14:18:07.0690 2272 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:18:07.0749 2272 iphlpsvc - ok
14:18:07.0767 2272 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:18:07.0794 2272 IPMIDRV - ok
14:18:07.0805 2272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:18:07.0860 2272 IPNAT - ok
14:18:07.0902 2272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:18:07.0920 2272 IRENUM - ok
14:18:07.0934 2272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
14:18:07.0947 2272 isapnp - ok
14:18:07.0969 2272 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:18:07.0987 2272 iScsiPrt - ok
14:18:08.0012 2272 ISODisk - ok
14:18:08.0021 2272 ISSUSER - ok
14:18:08.0082 2272 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:18:08.0100 2272 k57nd60a - ok
14:18:08.0117 2272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:18:08.0130 2272 kbdclass - ok
14:18:08.0183 2272 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:18:08.0215 2272 kbdhid - ok
14:18:08.0255 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
14:18:08.0272 2272 KeyIso - ok
14:18:08.0395 2272 [ D6E42EE5273921FCFF440E96D04953D0 ] KGPController C:\Program Files (x86)\Kaneva\Kaneva Platform\bin\KGPController.exe
14:18:08.0424 2272 KGPController ( UnsignedFile.Multi.Generic ) - warning
14:18:08.0424 2272 KGPController - detected UnsignedFile.Multi.Generic (1)
14:18:08.0460 2272 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:18:08.0474 2272 KSecDD - ok
14:18:08.0496 2272 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:18:08.0512 2272 KSecPkg - ok
14:18:08.0544 2272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:18:08.0595 2272 ksthunk - ok
14:18:08.0635 2272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:18:08.0705 2272 KtmRm - ok
14:18:08.0769 2272 [ 602859ACEE9A2941F3E50FC34D4651FE ] LANDesk Policy Invoker C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
14:18:08.0800 2272 LANDesk Policy Invoker ( UnsignedFile.Multi.Generic ) - warning
14:18:08.0800 2272 LANDesk Policy Invoker - detected UnsignedFile.Multi.Generic (1)
14:18:08.0831 2272 [ 1A34E04E00E3B9417CC8C5C2F7C64CFF ] LANDesk Targeted Multicast C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
14:18:08.0847 2272 LANDesk Targeted Multicast ( UnsignedFile.Multi.Generic ) - warning
14:18:08.0847 2272 LANDesk Targeted Multicast - detected UnsignedFile.Multi.Generic (1)
14:18:08.0875 2272 [ E89C61D025A60B2895E19D6D88D37626 ] LANDesk® Out-of-Band Monitor Service C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
14:18:08.0912 2272 LANDesk® Out-of-Band Monitor Service ( UnsignedFile.Multi.Generic ) - warning
14:18:08.0912 2272 LANDesk® Out-of-Band Monitor Service - detected UnsignedFile.Multi.Generic (1)
14:18:08.0940 2272 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:18:08.0989 2272 LanmanServer - ok
14:18:09.0030 2272 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:18:09.0089 2272 LanmanWorkstation - ok
14:18:09.0124 2272 [ 07AEE92FD10BD36F48B01FC8C609E78B ] ldblank C:\Windows\system32\DRIVERS\ldblank.sys
14:18:09.0174 2272 ldblank - ok
14:18:09.0206 2272 [ AF7EE29E43DC2909B855EAD8747E24A9 ] ldmirror C:\Windows\system32\DRIVERS\ldmirror.sys
14:18:09.0243 2272 ldmirror - ok
14:18:09.0302 2272 [ 5EA407821BB3104C31A705175AB4F309 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:18:09.0314 2272 lirsgt - ok
14:18:09.0360 2272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:18:09.0415 2272 lltdio - ok
14:18:09.0450 2272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:18:09.0511 2272 lltdsvc - ok
14:18:09.0537 2272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:18:09.0586 2272 lmhosts - ok
14:18:09.0643 2272 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:18:09.0658 2272 LMS - ok
14:18:09.0686 2272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:18:09.0700 2272 LSI_FC - ok
14:18:09.0725 2272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:18:09.0740 2272 LSI_SAS - ok
14:18:09.0766 2272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:18:09.0780 2272 LSI_SAS2 - ok
14:18:09.0794 2272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:18:09.0808 2272 LSI_SCSI - ok
14:18:09.0839 2272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:18:09.0899 2272 luafv - ok
14:18:09.0929 2272 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:18:09.0966 2272 Mcx2Svc - ok
14:18:10.0002 2272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:18:10.0016 2272 megasas - ok
14:18:10.0030 2272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:18:10.0047 2272 MegaSR - ok
14:18:10.0062 2272 [ 541A10534DA3D78414674D1BE164B2AA ] mirrorflt C:\Windows\system32\DRIVERS\mirrorflt.sys
14:18:10.0100 2272 mirrorflt - ok
14:18:10.0140 2272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:18:10.0179 2272 MMCSS - ok
14:18:10.0200 2272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:18:10.0251 2272 Modem - ok
14:18:10.0284 2272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:18:10.0311 2272 monitor - ok
14:18:10.0354 2272 [ EB03D4164E7F10B601D280413655ADE4 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
14:18:10.0369 2272 MotioninJoyXFilter - ok
14:18:10.0404 2272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:18:10.0419 2272 mouclass - ok
14:18:10.0452 2272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:18:10.0488 2272 mouhid - ok
14:18:10.0523 2272 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:18:10.0537 2272 mountmgr - ok
14:18:10.0562 2272 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
14:18:10.0577 2272 mpio - ok
14:18:10.0591 2272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:18:10.0629 2272 mpsdrv - ok
14:18:10.0660 2272 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:18:10.0735 2272 MpsSvc - ok
14:18:10.0763 2272 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:18:10.0806 2272 MRxDAV - ok
14:18:10.0842 2272 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:18:10.0894 2272 mrxsmb - ok
14:18:10.0938 2272 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:18:10.0970 2272 mrxsmb10 - ok
14:18:10.0980 2272 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:18:11.0016 2272 mrxsmb20 - ok
14:18:11.0055 2272 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
14:18:11.0068 2272 msahci - ok
14:18:11.0143 2272 [ AAAC4B494DE45836121A40AEC980B631 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
14:18:11.0156 2272 MsDepSvc - ok
14:18:11.0176 2272 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
14:18:11.0190 2272 msdsm - ok
14:18:11.0211 2272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:18:11.0254 2272 MSDTC - ok
14:18:11.0316 2272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:18:11.0356 2272 Msfs - ok
14:18:11.0389 2272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:18:11.0449 2272 mshidkmdf - ok
14:18:11.0470 2272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:18:11.0482 2272 msisadrv - ok
14:18:11.0524 2272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:18:11.0582 2272 MSiSCSI - ok
14:18:11.0586 2272 msiserver - ok
14:18:11.0637 2272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:18:11.0685 2272 MSKSSRV - ok
14:18:11.0700 2272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:18:11.0738 2272 MSPCLOCK - ok
14:18:11.0758 2272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:18:11.0811 2272 MSPQM - ok
14:18:11.0829 2272 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:18:11.0848 2272 MsRPC - ok
14:18:11.0860 2272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:18:11.0873 2272 mssmbios - ok
14:18:12.0028 2272 MSSQL$SQLEXPRESS - ok
14:18:12.0140 2272 MSSQL$SQLHORIZONMW - ok
14:18:12.0278 2272 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:18:12.0294 2272 MSSQLServerADHelper100 - ok
14:18:12.0328 2272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:18:12.0385 2272 MSTEE - ok
14:18:12.0584 2272 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
14:18:12.0740 2272 msvsmon90 - ok
14:18:12.0771 2272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:18:12.0797 2272 MTConfig - ok
14:18:12.0811 2272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:18:12.0823 2272 Mup - ok
14:18:12.0858 2272 MySQL - ok
14:18:12.0887 2272 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
14:18:12.0959 2272 napagent - ok
14:18:13.0002 2272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:18:13.0031 2272 NativeWifiP - ok
14:18:13.0078 2272 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:18:13.0111 2272 NDIS - ok
14:18:13.0130 2272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:18:13.0186 2272 NdisCap - ok
14:18:13.0217 2272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:18:13.0255 2272 NdisTapi - ok
14:18:13.0276 2272 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:18:13.0333 2272 Ndisuio - ok
14:18:13.0358 2272 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:18:13.0400 2272 NdisWan - ok
14:18:13.0416 2272 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:18:13.0478 2272 NDProxy - ok
14:18:13.0567 2272 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:18:13.0606 2272 Nero BackItUp Scheduler 4.0 - ok
14:18:13.0633 2272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:18:13.0692 2272 NetBIOS - ok
14:18:13.0730 2272 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:18:13.0790 2272 NetBT - ok
14:18:13.0823 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
14:18:13.0839 2272 Netlogon - ok
14:18:13.0883 2272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:18:13.0937 2272 Netman - ok
14:18:13.0984 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:13.0998 2272 NetMsmqActivator - ok
14:18:14.0002 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:14.0014 2272 NetPipeActivator - ok
14:18:14.0045 2272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:18:14.0109 2272 netprofm - ok
14:18:14.0138 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:14.0152 2272 NetTcpActivator - ok
14:18:14.0155 2272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:18:14.0167 2272 NetTcpPortSharing - ok
14:18:14.0204 2272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:18:14.0217 2272 nfrd960 - ok
14:18:14.0252 2272 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:18:14.0295 2272 NlaSvc - ok
14:18:14.0354 2272 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
14:18:14.0365 2272 NPF - ok
14:18:14.0369 2272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:18:14.0426 2272 Npfs - ok
14:18:14.0443 2272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:18:14.0507 2272 nsi - ok
14:18:14.0547 2272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:18:14.0604 2272 nsiproxy - ok
14:18:14.0669 2272 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:18:14.0742 2272 Ntfs - ok
14:18:14.0790 2272 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
14:18:14.0805 2272 NTI IScheduleSvc - ok
14:18:14.0829 2272 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:18:14.0840 2272 NTIDrvr - ok
14:18:14.0846 2272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:18:14.0899 2272 Null - ok
14:18:14.0922 2272 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:18:14.0938 2272 nvraid - ok
14:18:14.0978 2272 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:18:14.0995 2272 nvstor - ok
14:18:15.0017 2272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:18:15.0031 2272 nv_agp - ok
14:18:15.0047 2272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:18:15.0078 2272 ohci1394 - ok
14:18:15.0141 2272 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:18:15.0156 2272 ose - ok
14:18:15.0192 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:18:15.0243 2272 p2pimsvc - ok
14:18:15.0272 2272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:18:15.0294 2272 p2psvc - ok
14:18:15.0325 2272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:18:15.0343 2272 Parport - ok
14:18:15.0377 2272 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:18:15.0392 2272 partmgr - ok
14:18:15.0397 2272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:18:15.0439 2272 PcaSvc - ok
14:18:15.0452 2272 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
14:18:15.0467 2272 pci - ok
14:18:15.0495 2272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:18:15.0507 2272 pciide - ok
14:18:15.0527 2272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:18:15.0543 2272 pcmcia - ok
14:18:15.0553 2272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:18:15.0566 2272 pcw - ok
14:18:15.0583 2272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:18:15.0637 2272 PEAUTH - ok
14:18:15.0744 2272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:18:15.0772 2272 PerfHost - ok
14:18:15.0827 2272 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
14:18:15.0911 2272 pla - ok
14:18:15.0966 2272 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:18:16.0013 2272 PlugPlay - ok
14:18:16.0046 2272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:18:16.0085 2272 PNRPAutoReg - ok
14:18:16.0114 2272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:18:16.0133 2272 PNRPsvc - ok
14:18:16.0159 2272 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:18:16.0226 2272 PolicyAgent - ok
14:18:16.0259 2272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:18:16.0318 2272 Power - ok
14:18:16.0364 2272 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:18:16.0423 2272 PptpMiniport - ok
14:18:16.0442 2272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:18:16.0476 2272 Processor - ok
14:18:16.0518 2272 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
14:18:16.0573 2272 ProfSvc - ok
14:18:16.0600 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:18:16.0616 2272 ProtectedStorage - ok
14:18:16.0650 2272 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:18:16.0690 2272 Psched - ok
14:18:16.0754 2272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:18:16.0811 2272 ql2300 - ok
14:18:16.0839 2272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:18:16.0855 2272 ql40xx - ok
14:18:16.0885 2272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:18:16.0916 2272 QWAVE - ok
14:18:16.0928 2272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:18:16.0974 2272 QWAVEdrv - ok
14:18:17.0013 2272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:18:17.0067 2272 RasAcd - ok
14:18:17.0101 2272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:18:17.0140 2272 RasAgileVpn - ok
14:18:17.0172 2272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:18:17.0221 2272 RasAuto - ok
14:18:17.0241 2272 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:18:17.0307 2272 Rasl2tp - ok
14:18:17.0360 2272 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
14:18:17.0412 2272 RasMan - ok
14:18:17.0432 2272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:18:17.0480 2272 RasPppoe - ok
14:18:17.0493 2272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:18:17.0540 2272 RasSstp - ok
14:18:17.0573 2272 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:18:17.0643 2272 rdbss - ok
14:18:17.0663 2272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:18:17.0692 2272 rdpbus - ok
14:18:17.0722 2272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:18:17.0761 2272 RDPCDD - ok
14:18:17.0775 2272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:18:17.0836 2272 RDPENCDD - ok
14:18:17.0864 2272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:18:17.0902 2272 RDPREFMP - ok
14:18:17.0934 2272 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:18:17.0979 2272 RDPWD - ok
14:18:18.0006 2272 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:18:18.0024 2272 rdyboost - ok
14:18:18.0051 2272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:18:18.0117 2272 RemoteAccess - ok
14:18:18.0153 2272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:18:18.0203 2272 RemoteRegistry - ok
14:18:18.0252 2272 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
14:18:18.0265 2272 rpcapd - ok
14:18:18.0294 2272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:18:18.0362 2272 RpcEptMapper - ok
14:18:18.0396 2272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:18:18.0436 2272 RpcLocator - ok
14:18:18.0482 2272 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
14:18:18.0526 2272 RpcSs - ok
14:18:18.0587 2272 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
14:18:18.0609 2272 RsFx0103 - ok
14:18:18.0655 2272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:18:18.0714 2272 rspndr - ok
14:18:18.0766 2272 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
14:18:18.0783 2272 RSUSBSTOR - ok
14:18:18.0800 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
14:18:18.0816 2272 SamSs - ok
14:18:18.0826 2272 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:18:18.0840 2272 sbp2port - ok
14:18:18.0877 2272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:18:18.0919 2272 SCardSvr - ok
14:18:18.0949 2272 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:18:18.0993 2272 scfilter - ok
14:18:19.0049 2272 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
14:18:19.0113 2272 Schedule - ok
14:18:19.0133 2272 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:18:19.0171 2272 SCPolicySvc - ok
14:18:19.0199 2272 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:18:19.0251 2272 SDRSVC - ok
14:18:19.0291 2272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:18:19.0349 2272 secdrv - ok
14:18:19.0380 2272 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
14:18:19.0436 2272 seclogon - ok
14:18:19.0458 2272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:18:19.0496 2272 SENS - ok
14:18:19.0507 2272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:18:19.0537 2272 SensrSvc - ok
14:18:19.0558 2272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:18:19.0582 2272 Serenum - ok
14:18:19.0627 2272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:18:19.0645 2272 Serial - ok
14:18:19.0685 2272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:18:19.0717 2272 sermouse - ok
14:18:19.0773 2272 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
14:18:19.0816 2272 SessionEnv - ok
14:18:19.0838 2272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:18:19.0881 2272 sffdisk - ok
14:18:19.0895 2272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:18:19.0927 2272 sffp_mmc - ok
14:18:19.0945 2272 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:18:19.0986 2272 sffp_sd - ok
14:18:20.0015 2272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:18:20.0052 2272 sfloppy - ok
14:18:20.0099 2272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:18:20.0157 2272 SharedAccess - ok
14:18:20.0191 2272 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:18:20.0223 2272 ShellHWDetection - ok
14:18:20.0255 2272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:18:20.0269 2272 SiSRaid2 - ok
14:18:20.0287 2272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:18:20.0302 2272 SiSRaid4 - ok
14:18:20.0324 2272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:18:20.0382 2272 Smb - ok
14:18:20.0430 2272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:18:20.0467 2272 SNMPTRAP - ok
14:18:20.0587 2272 [ 3ED2EBB31EF3F23B4F84B5A2EE251108 ] Softmon C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
14:18:20.0610 2272 Softmon - ok
14:18:20.0645 2272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:18:20.0659 2272 spldr - ok
14:18:20.0704 2272 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
14:18:20.0729 2272 Spooler - ok
14:18:20.0827 2272 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
14:18:20.0925 2272 sppsvc - ok
14:18:20.0938 2272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:18:20.0991 2272 sppuinotify - ok
14:18:21.0184 2272 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:18:21.0203 2272 SQLAgent$SQLEXPRESS - ok
14:18:21.0319 2272 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLHORIZONMW c:\Program Files\Microsoft SQL Server\MSSQL10.SQLHORIZONMW\MSSQL\Binn\SQLAGENT.EXE
14:18:21.0341 2272 SQLAgent$SQLHORIZONMW - ok
14:18:21.0465 2272 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:18:21.0480 2272 SQLBrowser - ok
14:18:21.0557 2272 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:18:21.0571 2272 SQLWriter - ok
14:18:21.0614 2272 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:18:21.0689 2272 srv - ok
14:18:21.0724 2272 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:18:21.0785 2272 srv2 - ok
14:18:21.0808 2272 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:18:21.0835 2272 srvnet - ok
14:18:21.0865 2272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:18:21.0928 2272 SSDPSRV - ok
14:18:21.0951 2272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:18:22.0010 2272 SstpSvc - ok
14:18:22.0066 2272 Steam Client Service - ok
14:18:22.0092 2272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:18:22.0105 2272 stexstor - ok
14:18:22.0147 2272 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
14:18:22.0193 2272 stisvc - ok
14:18:22.0202 2272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:18:22.0215 2272 swenum - ok
14:18:22.0260 2272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:18:22.0306 2272 swprv - ok
14:18:22.0359 2272 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
14:18:22.0431 2272 SysMain - ok
14:18:22.0441 2272 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:18:22.0489 2272 TabletInputService - ok
14:18:22.0518 2272 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
14:18:22.0560 2272 TapiSrv - ok
14:18:22.0573 2272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:18:22.0614 2272 TBS - ok
14:18:22.0682 2272 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:18:22.0756 2272 Tcpip - ok
14:18:22.0804 2272 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:18:22.0842 2272 TCPIP6 - ok
14:18:22.0867 2272 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:18:22.0906 2272 tcpipreg - ok
14:18:22.0921 2272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:18:22.0962 2272 TDPIPE - ok
14:18:22.0998 2272 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:18:23.0026 2272 TDTCP - ok
14:18:23.0059 2272 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:18:23.0108 2272 tdx - ok
14:18:23.0122 2272 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:18:23.0135 2272 TermDD - ok
14:18:23.0173 2272 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
14:18:23.0244 2272 TermService - ok
14:18:23.0274 2272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:18:23.0297 2272 Themes - ok
14:18:23.0328 2272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:18:23.0368 2272 THREADORDER - ok
14:18:23.0406 2272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:18:23.0475 2272 TrkWks - ok
14:18:23.0540 2272 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:18:23.0560 2272 TrustedInstaller - ok
14:18:23.0599 2272 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:18:23.0639 2272 tssecsrv - ok
14:18:23.0679 2272 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:18:23.0740 2272 tunnel - ok
14:18:23.0781 2272 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
14:18:23.0794 2272 TurboB - ok
14:18:23.0823 2272 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:18:23.0838 2272 TurboBoost - ok
14:18:23.0868 2272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:18:23.0883 2272 uagp35 - ok
14:18:23.0898 2272 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:18:23.0909 2272 UBHelper - ok
14:18:23.0920 2272 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:18:23.0980 2272 udfs - ok
14:18:24.0018 2272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:18:24.0038 2272 UI0Detect - ok
14:18:24.0050 2272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:18:24.0063 2272 uliagpkx - ok
14:18:24.0078 2272 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:18:24.0094 2272 umbus - ok
14:18:24.0121 2272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:18:24.0154 2272 UmPass - ok
14:18:24.0246 2272 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:18:24.0335 2272 UNS - ok
14:18:24.0381 2272 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
14:18:24.0397 2272 Updater Service - ok
14:18:24.0427 2272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:18:24.0489 2272 upnphost - ok
14:18:24.0539 2272 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:18:24.0578 2272 usbaudio - ok
14:18:24.0630 2272 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:18:24.0669 2272 usbccgp - ok
14:18:24.0717 2272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:18:24.0744 2272 usbcir - ok
14:18:24.0780 2272 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:18:24.0811 2272 usbehci - ok
14:18:24.0853 2272 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:18:24.0873 2272 usbhub - ok
14:18:24.0899 2272 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:18:24.0926 2272 usbohci - ok
14:18:24.0966 2272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:18:24.0997 2272 usbprint - ok
14:18:25.0032 2272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:18:25.0059 2272 usbscan - ok
14:18:25.0076 2272 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:18:25.0133 2272 USBSTOR - ok
14:18:25.0173 2272 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:18:25.0209 2272 usbuhci - ok
14:18:25.0243 2272 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:18:25.0303 2272 usbvideo - ok
14:18:25.0326 2272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:18:25.0392 2272 UxSms - ok
14:18:25.0433 2272 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
14:18:25.0449 2272 VaultSvc - ok
14:18:25.0517 2272 [ C30F3D43CEB6F79ADE9B805387E5F63C ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
14:18:25.0532 2272 VBoxDrv - ok
14:18:25.0577 2272 [ 8ACF22B86CE4E85C23E3E9513BF45C37 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
14:18:25.0593 2272 VBoxNetAdp - ok
14:18:25.0634 2272 [ 7B657669C53A0E6583F07EBAA303D9EA ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
14:18:25.0648 2272 VBoxNetFlt - ok
14:18:25.0710 2272 [ CF3EE68CD9723E9F21E3198A0F690400 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
14:18:25.0724 2272 VBoxUSBMon - ok
14:18:25.0752 2272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:18:25.0765 2272 vdrvroot - ok
14:18:25.0802 2272 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
14:18:25.0834 2272 vds - ok
14:18:25.0856 2272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:18:25.0874 2272 vga - ok
14:18:25.0889 2272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:18:25.0937 2272 VgaSave - ok
14:18:25.0969 2272 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:18:25.0984 2272 vhdmp - ok
14:18:26.0005 2272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:18:26.0017 2272 viaide - ok
14:18:26.0030 2272 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:18:26.0043 2272 volmgr - ok
14:18:26.0062 2272 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:18:26.0080 2272 volmgrx - ok
14:18:26.0098 2272 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:18:26.0115 2272 volsnap - ok
14:18:26.0135 2272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:18:26.0151 2272 vsmraid - ok
14:18:26.0210 2272 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
14:18:26.0264 2272 VSS - ok
14:18:26.0271 2272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:18:26.0298 2272 vwifibus - ok
14:18:26.0308 2272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:18:26.0347 2272 vwififlt - ok
14:18:26.0390 2272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:18:26.0436 2272 W32Time - ok
14:18:26.0456 2272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:18:26.0487 2272 WacomPen - ok
14:18:26.0528 2272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:18:26.0588 2272 WANARP - ok
14:18:26.0592 2272 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:18:26.0627 2272 Wanarpv6 - ok
14:18:26.0730 2272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:18:26.0785 2272 WatAdminSvc - ok
14:18:26.0837 2272 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
14:18:26.0911 2272 wbengine - ok
14:18:26.0930 2272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:18:26.0954 2272 WbioSrvc - ok
14:18:26.0992 2272 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:18:27.0039 2272 wcncsvc - ok
14:18:27.0061 2272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:18:27.0089 2272 WcsPlugInService - ok
14:18:27.0112 2272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:18:27.0126 2272 Wd - ok
14:18:27.0167 2272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:18:27.0195 2272 Wdf01000 - ok
14:18:27.0208 2272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:18:27.0256 2272 WdiServiceHost - ok
14:18:27.0259 2272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:18:27.0282 2272 WdiSystemHost - ok
14:18:27.0317 2272 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
14:18:27.0362 2272 WebClient - ok
14:18:27.0395 2272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:18:27.0438 2272 Wecsvc - ok
14:18:27.0454 2272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:18:27.0521 2272 wercplsupport - ok
14:18:27.0560 2272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:18:27.0601 2272 WerSvc - ok
14:18:27.0627 2272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:18:27.0663 2272 WfpLwf - ok
14:18:27.0691 2272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:18:27.0703 2272 WIMMount - ok
14:18:27.0722 2272 WinDefend - ok
14:18:27.0737 2272 WinHttpAutoProxySvc - ok
14:18:27.0808 2272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:18:27.0862 2272 Winmgmt - ok
14:18:27.0924 2272 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
14:18:28.0035 2272 WinRM - ok
14:18:28.0095 2272 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:18:28.0115 2272 WinUsb - ok
14:18:28.0176 2272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:18:28.0234 2272 Wlansvc - ok
14:18:28.0284 2272 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:18:28.0297 2272 wlcrasvc - ok
14:18:28.0412 2272 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:18:28.0496 2272 wlidsvc - ok
14:18:28.0517 2272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:18:28.0532 2272 WmiAcpi - ok
14:18:28.0568 2272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:18:28.0597 2272 wmiApSrv - ok
14:18:28.0649 2272 WMPNetworkSvc - ok
14:18:28.0679 2272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:18:28.0709 2272 WPCSvc - ok
14:18:28.0731 2272 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:18:28.0775 2272 WPDBusEnum - ok
14:18:28.0799 2272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:18:28.0857 2272 ws2ifsl - ok
14:18:28.0900 2272 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
14:18:28.0958 2272 wscsvc - ok
14:18:28.0961 2272 WSearch - ok
14:18:29.0043 2272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:18:29.0133 2272 wuauserv - ok
14:18:29.0160 2272 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:18:29.0198 2272 WudfPf - ok
14:18:29.0228 2272 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:29.0269 2272 WUDFRd - ok
14:18:29.0289 2272 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:18:29.0342 2272 wudfsvc - ok
14:18:29.0362 2272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:18:29.0406 2272 WwanSvc - ok
14:18:29.0456 2272 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
14:18:29.0468 2272 xusb21 - ok
14:18:29.0490 2272 ================ Scan global ===============================
14:18:29.0523 2272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:18:29.0552 2272 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:18:29.0562 2272 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
14:18:29.0583 2272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:18:29.0622 2272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:18:29.0626 2272 [Global] - ok
14:18:29.0627 2272 ================ Scan MBR ==================================
14:18:29.0646 2272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:18:30.0075 2272 \Device\Harddisk0\DR0 - ok
14:18:30.0076 2272 ================ Scan VBR ==================================
14:18:30.0078 2272 [ 59EF366E041BC2EFB63AA45E6F7364AA ] \Device\Harddisk0\DR0\Partition1
14:18:30.0080 2272 \Device\Harddisk0\DR0\Partition1 - ok
14:18:30.0109 2272 [ 18EC9288CD83184D3AEEB537D8F9BF64 ] \Device\Harddisk0\DR0\Partition2
14:18:30.0111 2272 \Device\Harddisk0\DR0\Partition2 - ok
14:18:30.0111 2272 ============================================================
14:18:30.0111 2272 Scan finished
14:18:30.0111 2272 ============================================================
14:18:30.0120 3820 Detected object count: 6
14:18:30.0120 3820 Actual detected object count: 6
14:20:22.0391 3820 CBA8 ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0391 3820 CBA8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:22.0391 3820 Intel Local Scheduler Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0392 3820 Intel Local Scheduler Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:22.0394 3820 KGPController ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0394 3820 KGPController ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:22.0394 3820 LANDesk Policy Invoker ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0394 3820 LANDesk Policy Invoker ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:22.0395 3820 LANDesk Targeted Multicast ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0395 3820 LANDesk Targeted Multicast ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:22.0396 3820 LANDesk® Out-of-Band Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:22.0396 3820 LANDesk® Out-of-Band Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:21:40.0215 6544 Deinitialize success

[maliprog]

Glad to hear that. Let's finish cleaning your system.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413
  IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = http://www.searchqu....q={searchTerms}
  FF - prefs.js..keyword.URL: "http://www.searchqu....id=413&sr=0&q="
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  O33 - MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\Shell - "" = AutoRun
  O33 - MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
  O33 - MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\Shell - "" = AutoRun
  O33 - MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\Shell\AutoRun\command - "" = E:\autorun.exe
  
  :Commands
  [purity]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3

Please don't forget to include these items in your reply:

• OTL fix log
• VRT log

It would be helpful if you could post each log in separate post using "Add Reply" button

[mwinstead]

Ok, here we go. I'm including the OTL log but not the other one, because the virus remover tool found nothing and would not generate a report.

[mwinstead]

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}\ not found.
Prefs.js: "http://www.searchqu....id=413&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a053576-92d8-11e1-ab0b-e4b3e5591c7a}\ not found.
File F:\TL_Bootstrap.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c869250-77fd-11e0-9e00-1c7508dd0583}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c869250-77fd-11e0-9e00-1c7508dd0583}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c869250-77fd-11e0-9e00-1c7508dd0583}\ not found.
File E:\autorun.exe not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.58.1 log created on 08232012_160921

[maliprog]

Nice. Restart your system and test it. Let me know results.

[mwinstead]

Just restarted it, and everything seems perfect.

[mwinstead]

The only odd thing I've noticed is that there are two files on my desktop with the same name, both called "desktop.ini." If I try to delete either of them, it warns me that doing so may cause windows or another program to not work correctly.

[maliprog]

Hi mwinstead,

desktop.ini is system file. It's usually hidden from users. Let's hide it again so it doesn't bother you.

• Right Click Start
• Select Explore
• Select Organize
• Select Folder and Search Options
• Select the View tab
• Under the Hidden files and folders heading deselect Show hidden files and folders.
• Check the Hide protected operating system files (recommended) option.
• Click yes to confirm that you really want to do this.
• Click Apply
• Click OK

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [clearallrestorepoints]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.