OK! Here goes...
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 16:30:06
-----------------------------
16:30:06.473 OS Version: Windows x64 6.1.7601 Service Pack 1
16:30:06.473 Number of processors: 4 586 0x403
16:30:06.473 ComputerName: JUSTIN-PC UserName: Justin
16:30:10.263 Initialize success
16:31:45.325 AVAST engine defs: 12082700
16:31:58.632 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:31:58.632 Disk 0 Vendor: WDC_WD15EARS-00Z5B1 80.00A80 Size: 1430799MB BusType: 3
16:31:58.647 Disk 0 MBR read successfully
16:31:58.647 Disk 0 MBR scan
16:31:58.647 Disk 0 Windows 7 default MBR code
16:31:58.647 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:31:58.663 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1430697 MB offset 206848
16:31:58.678 Disk 0 scanning C:\windows\system32\drivers
16:32:09.318 Service scanning
16:32:23.919 Modules scanning
16:32:27.133 AVAST engine scan C:\windows
16:32:29.769 AVAST engine scan C:\windows\system32
16:34:46.878 AVAST engine scan C:\windows\system32\drivers
16:34:57.205 AVAST engine scan C:\Users\Justin
16:38:40.566 AVAST engine scan C:\ProgramData
16:40:58.642 Scan finished successfully
16:42:03.725 Disk 0 MBR has been saved successfully to "C:\Users\Justin\Desktop\MBR.dat"
16:42:03.741 The log file has been saved successfully to "C:\Users\Justin\Desktop\aswMBR.txt"
ComboFix 12-08-25.04 - Justin 08/27/2012 16:56:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5959 [GMT -4:00]
Running from: C:\Users\Justin\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\SPL5F7E.tmp
C:\ProgramData\SPL64BD.tmp
C:\ProgramData\SPL9C50.tmp
C:\ProgramData\SPLA75D.tmp
C:\ProgramData\SPLB010.tmp
C:\Users\Justin\AppData\Roaming\PriceGong
C:\Users\Justin\AppData\Roaming\PriceGong\Data\1.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\a.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\b.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\c.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\d.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\e.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\f.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\g.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\h.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\i.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\J.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\k.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\l.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\m.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\mru.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\n.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\o.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\p.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\q.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\r.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\s.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\t.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\u.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\v.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\w.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\x.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\y.xml
C:\Users\Justin\AppData\Roaming\PriceGong\Data\z.xml
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
2012-08-27 21:01:01 . 2012-08-27 21:01:01 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-27 20:17:43 . 2012-08-27 20:17:43 -------- d-----w- C:\_OTL
2012-08-27 20:11:39 . 2012-08-27 20:11:39 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-08-27 20:11:21 . 2012-08-27 20:10:57 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-08-27 20:11:12 . 2012-08-27 20:10:58 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 14:01:17 . 2012-08-26 14:01:17 -------- d-----w- C:\ProgramData\W3i
2012-08-26 14:00:31 . 2012-08-26 15:19:43 -------- d-----w- C:\ProgramData\WeCareReminder
2012-08-26 13:59:54 . 2012-08-26 13:59:55 -------- d-----w- C:\Program Files (x86)\Free Offers from Freeze.com
2012-08-26 13:58:11 . 2012-08-26 15:03:47 -------- d-----r- C:\Users\Justin\4Sync
2012-08-26 13:55:50 . 2012-08-26 13:55:50 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-26 13:55:46 . 2012-08-26 13:55:46 -------- d-----w- C:\ProgramData\McAfee
2012-08-26 13:55:41 . 2012-08-26 13:55:41 -------- d-----w- C:\Users\Justin\AppData\Local\CRE
2012-08-26 13:55:29 . 2012-08-26 13:55:29 -------- d-----w- C:\ProgramData\4Sync
2012-08-15 23:33:49 . 2012-05-05 08:36:55 503808 ----a-w- C:\windows\system32\srcore.dll
2012-08-15 23:33:49 . 2012-05-05 07:46:52 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-15 23:33:48 . 2012-07-04 22:16:43 73216 ----a-w- C:\windows\system32\netapi32.dll
2012-08-15 23:33:48 . 2012-07-04 22:13:27 59392 ----a-w- C:\windows\system32\browcli.dll
2012-08-15 23:33:48 . 2012-07-04 22:13:27 136704 ----a-w- C:\windows\system32\browser.dll
2012-08-15 23:33:48 . 2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-15 23:33:45 . 2012-07-18 18:15:06 3148800 ----a-w- C:\windows\system32\win32k.sys
2012-08-15 23:33:39 . 2012-02-11 06:43:47 751104 ----a-w- C:\windows\system32\win32spl.dll
2012-08-15 23:33:39 . 2012-02-11 06:36:02 559104 ----a-w- C:\windows\system32\spoolsv.exe
2012-08-15 23:33:39 . 2012-02-11 06:36:01 67072 ----a-w- C:\windows\splwow64.exe
2012-08-15 23:33:39 . 2012-02-11 05:43:49 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-15 23:33:37 . 2012-05-14 05:26:34 956928 ----a-w- C:\windows\system32\localspl.dll
2012-08-13 23:03:20 . 2012-08-13 23:03:25 -------- d-----w- C:\Users\Justin\AppData\Local\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-08-27 20:10:57 . 2011-11-03 17:23:01 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-16 00:29:11 . 2010-04-02 16:59:07 62134624 ----a-w- C:\windows\system32\MRT.exe
2012-08-15 00:36:16 . 2012-06-10 13:38:53 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:36:16 . 2011-08-15 22:24:53 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43:10 . 2012-07-10 21:07:19 14172672 ----a-w- C:\windows\system32\shell32.dll
2012-06-07 00:59:42 . 2012-06-07 00:59:42 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 . 2012-07-10 21:07:14 2004480 ----a-w- C:\windows\system32\msxml6.dll
2012-06-06 06:06:16 . 2012-07-10 21:07:14 1881600 ----a-w- C:\windows\system32\msxml3.dll
2012-06-06 06:02:54 . 2012-07-10 21:06:55 1133568 ----a-w- C:\windows\system32\cdosys.dll
2012-06-06 05:05:52 . 2012-07-10 21:07:14 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 . 2012-07-10 21:07:13 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 . 2012-07-10 21:06:56 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:19:46 . 2012-06-21 21:39:48 38424 ----a-w- C:\windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-21 21:40:20 2428952 ----a-w- C:\windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-21 21:40:20 57880 ----a-w- C:\windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-21 21:40:20 44056 ----a-w- C:\windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-21 21:39:48 701976 ----a-w- C:\windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-21 21:40:20 2622464 ----a-w- C:\windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-21 21:39:48 99840 ----a-w- C:\windows\system32\wudriver.dll
2012-06-02 19:19:42 . 2012-06-21 21:39:29 186752 ----a-w- C:\windows\system32\wuwebv.dll
2012-06-02 19:15:12 . 2012-06-21 21:39:29 36864 ----a-w- C:\windows\system32\wuapp.exe
2012-06-02 05:50:10 . 2012-07-10 21:07:09 458704 ----a-w- C:\windows\system32\drivers\cng.sys
2012-06-02 05:48:16 . 2012-07-10 21:07:09 95600 ----a-w- C:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48:16 . 2012-07-10 21:07:09 151920 ----a-w- C:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45:31 . 2012-07-10 21:07:09 340992 ----a-w- C:\windows\system32\schannel.dll
2012-06-02 05:44:21 . 2012-07-10 21:07:09 307200 ----a-w- C:\windows\system32\ncrypt.dll
2012-06-02 04:40:42 . 2012-07-10 21:07:09 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 . 2012-07-10 21:07:09 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 . 2012-07-10 21:07:09 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 . 2012-07-10 21:07:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 17:25:52 1589208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 12:41:07 37296]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 14:07:56 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 13:04:54 252848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0\0sdnclean64.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 18:27:14 138576]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-15 00:45:32 45736]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 00:36:16 250056]
R3 SYMNDISV;Symantec Network Filter Driver;C:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 12:06:08 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2010-05-05 01:00:20 1255736]
S0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys [2011-10-29 00:35:28 69376]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 06:47:10 450680]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 02:31:23 912504]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [2012-08-21 19:10:40 1385120]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 02:05:05 512672]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 01:45:33 171128]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 01:37:49 386168]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2011-04-20 06:04:20 203776]
S2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 17:49:44 616408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-22 21:44:08 2152720]
S2 lxea_device;lxea_device;C:\windows\system32\lxeacoms.exe [2010-04-14 19:45:36 1052328]
S2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 00:45:11 130008]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-04 15:39:14 584488]
S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 06:44:50 9319936]
S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 05:22:34 306176]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 21:26:15 138912]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-12-10 02:33:45 17152]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 10:34:52 539240]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
Contents of the 'Scheduled Tasks' folder
2012-08-27 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 13:38:53 . 2012-08-15 00:36:16]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
------- Supplementary Scan -------
uLocal Page = C:\windows\system32\blank.htm
uStart Page =
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7} - hxxps://wws2.mutualofomaha.com/messenger/download/TWDownload.cab
- - - - ORPHANS REMOVED - - - -
Toolbar-10 - (no file)
Toolbar-10 - (no file)
WebBrowser-{B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
AddRemove-Adobe Shockwave Player - C:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-uTorrent - C:\Program Files (x86)\uTorrent\uTorrent.exe
AddRemove-UnityWebPlayer - C:\Users\Justin\AppData\Local\Unity\WebPlayer\Uninstall.exe
18:44:34.0307 2632 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:44:34.0634 2632 ============================================================
18:44:34.0634 2632 Current date / time: 2012/08/29 18:44:34.0634
18:44:34.0634 2632 SystemInfo:
18:44:34.0634 2632
18:44:34.0634 2632 OS Version: 6.1.7601 ServicePack: 1.0
18:44:34.0634 2632 Product type: Workstation
18:44:34.0634 2632 ComputerName: JUSTIN-PC
18:44:34.0634 2632 UserName: Justin
18:44:34.0634 2632 Windows directory: C:\windows
18:44:34.0634 2632 System windows directory: C:\windows
18:44:34.0634 2632 Running under WOW64
18:44:34.0634 2632 Processor architecture: Intel x64
18:44:34.0634 2632 Number of processors: 4
18:44:34.0634 2632 Page size: 0x1000
18:44:34.0634 2632 Boot type: Normal boot
18:44:34.0634 2632 ============================================================
18:44:36.0257 2632 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:44:36.0272 2632 ============================================================
18:44:36.0272 2632 \Device\Harddisk0\DR0:
18:44:36.0272 2632 MBR partitions:
18:44:36.0272 2632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:44:36.0272 2632 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54B30
18:44:36.0272 2632 ============================================================
18:44:36.0319 2632 C: <-> \Device\Harddisk0\DR0\Partition2
18:44:36.0319 2632 ============================================================
18:44:36.0319 2632 Initialize success
18:44:36.0319 2632 ============================================================
18:45:08.0970 3692 ============================================================
18:45:08.0970 3692 Scan started
18:45:08.0970 3692 Mode: Manual; SigCheck; TDLFS;
18:45:08.0970 3692 ============================================================
18:45:09.0688 3692 ================ Scan system memory ========================
18:45:09.0688 3692 System memory - ok
18:45:09.0688 3692 ================ Scan services =============================
18:45:09.0781 3692 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:45:09.0828 3692 1394ohci - ok
18:45:09.0937 3692 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:45:09.0953 3692 ACDaemon - ok
18:45:09.0984 3692 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:45:10.0000 3692 ACPI - ok
18:45:10.0031 3692 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:45:10.0078 3692 AcpiPmi - ok
18:45:10.0171 3692 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:45:10.0187 3692 AdobeFlashPlayerUpdateSvc - ok
18:45:10.0234 3692 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:45:10.0249 3692 adp94xx - ok
18:45:10.0280 3692 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:45:10.0296 3692 adpahci - ok
18:45:10.0312 3692 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:45:10.0312 3692 adpu320 - ok
18:45:10.0343 3692 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:45:10.0452 3692 AeLookupSvc - ok
18:45:10.0483 3692 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:45:10.0530 3692 AFD - ok
18:45:10.0561 3692 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:45:10.0561 3692 agp440 - ok
18:45:10.0577 3692 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:45:10.0624 3692 ALG - ok
18:45:10.0639 3692 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:45:10.0655 3692 aliide - ok
18:45:10.0702 3692 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:45:10.0748 3692 AMD External Events Utility - ok
18:45:10.0764 3692 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:45:10.0764 3692 amdide - ok
18:45:10.0780 3692 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:45:10.0842 3692 AmdK8 - ok
18:45:11.0014 3692 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
18:45:11.0107 3692 amdkmdag - ok
18:45:11.0154 3692 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
18:45:11.0170 3692 amdkmdap - ok
18:45:11.0185 3692 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:45:11.0201 3692 AmdPPM - ok
18:45:11.0248 3692 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:45:11.0248 3692 amdsata - ok
18:45:11.0279 3692 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:45:11.0294 3692 amdsbs - ok
18:45:11.0294 3692 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:45:11.0310 3692 amdxata - ok
18:45:11.0372 3692 [ F9DAC844B1D370DA4C984D4C22F5E696 ] AntiSpywareService C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
18:45:11.0388 3692 AntiSpywareService - ok
18:45:11.0419 3692 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:45:11.0466 3692 AppID - ok
18:45:11.0482 3692 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:45:11.0513 3692 AppIDSvc - ok
18:45:11.0560 3692 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:45:11.0575 3692 Appinfo - ok
18:45:11.0622 3692 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:45:11.0622 3692 Apple Mobile Device - ok
18:45:11.0653 3692 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
18:45:11.0669 3692 arc - ok
18:45:11.0684 3692 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:45:11.0700 3692 arcsas - ok
18:45:11.0716 3692 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:45:11.0747 3692 AsyncMac - ok
18:45:11.0762 3692 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:45:11.0778 3692 atapi - ok
18:45:11.0934 3692 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
18:45:12.0012 3692 atikmdag - ok
18:45:12.0059 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:45:12.0090 3692 AudioEndpointBuilder - ok
18:45:12.0106 3692 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:45:12.0137 3692 AudioSrv - ok
18:45:12.0184 3692 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:45:12.0246 3692 AxInstSV - ok
18:45:12.0262 3692 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
18:45:12.0308 3692 b06bdrv - ok
18:45:12.0340 3692 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:45:12.0371 3692 b57nd60a - ok
18:45:12.0386 3692 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:45:12.0418 3692 BDESVC - ok
18:45:12.0418 3692 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:45:12.0449 3692 Beep - ok
18:45:12.0496 3692 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
18:45:12.0527 3692 BFE - ok
18:45:12.0652 3692 [ E99F59342171101EE2446D0CD1A60A8D ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys
18:45:12.0683 3692 BHDrvx64 - ok
18:45:12.0730 3692 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
18:45:12.0776 3692 BITS - ok
18:45:12.0792 3692 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:45:12.0808 3692 blbdrive - ok
18:45:12.0870 3692 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:45:12.0886 3692 Bonjour Service - ok
18:45:12.0901 3692 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:45:12.0948 3692 bowser - ok
18:45:12.0964 3692 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:45:13.0010 3692 BrFiltLo - ok
18:45:13.0026 3692 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:45:13.0026 3692 BrFiltUp - ok
18:45:13.0057 3692 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:45:13.0073 3692 BridgeMP - ok
18:45:13.0104 3692 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:45:13.0151 3692 Browser - ok
18:45:13.0166 3692 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:45:13.0213 3692 Brserid - ok
18:45:13.0229 3692 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:45:13.0244 3692 BrSerWdm - ok
18:45:13.0260 3692 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:45:13.0291 3692 BrUsbMdm - ok
18:45:13.0307 3692 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:45:13.0322 3692 BrUsbSer - ok
18:45:13.0338 3692 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:45:13.0338 3692 BTHMODEM - ok
18:45:13.0354 3692 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:45:13.0385 3692 bthserv - ok
18:45:13.0416 3692 catchme - ok
18:45:13.0447 3692 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:45:13.0494 3692 cdfs - ok
18:45:13.0525 3692 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
18:45:13.0541 3692 cdrom - ok
18:45:13.0588 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:45:13.0619 3692 CertPropSvc - ok
18:45:13.0634 3692 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:45:13.0650 3692 circlass - ok
18:45:13.0666 3692 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:45:13.0666 3692 CLFS - ok
18:45:13.0712 3692 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:45:13.0728 3692 clr_optimization_v2.0.50727_32 - ok
18:45:13.0759 3692 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:45:13.0775 3692 clr_optimization_v2.0.50727_64 - ok
18:45:13.0806 3692 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:45:13.0806 3692 clr_optimization_v4.0.30319_32 - ok
18:45:13.0837 3692 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:45:13.0853 3692 clr_optimization_v4.0.30319_64 - ok
18:45:13.0853 3692 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:45:13.0884 3692 CmBatt - ok
18:45:13.0884 3692 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:45:13.0900 3692 cmdide - ok
18:45:13.0915 3692 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
18:45:13.0931 3692 CNG - ok
18:45:13.0946 3692 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:45:13.0962 3692 Compbatt - ok
18:45:13.0978 3692 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:45:14.0009 3692 CompositeBus - ok
18:45:14.0009 3692 COMSysApp - ok
18:45:14.0024 3692 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:45:14.0040 3692 crcdisk - ok
18:45:14.0071 3692 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
18:45:14.0102 3692 CryptSvc - ok
18:45:14.0149 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:45:14.0196 3692 DcomLaunch - ok
18:45:14.0212 3692 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:45:14.0243 3692 defragsvc - ok
18:45:14.0305 3692 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:45:14.0336 3692 DfsC - ok
18:45:14.0352 3692 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:45:14.0399 3692 Dhcp - ok
18:45:14.0414 3692 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:45:14.0430 3692 discache - ok
18:45:14.0461 3692 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
18:45:14.0477 3692 Disk - ok
18:45:14.0508 3692 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:45:14.0555 3692 Dnscache - ok
18:45:14.0586 3692 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:45:14.0602 3692 dot3svc - ok
18:45:14.0633 3692 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:45:14.0664 3692 DPS - ok
18:45:14.0680 3692 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:45:14.0695 3692 drmkaud - ok
18:45:14.0726 3692 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:45:14.0758 3692 DXGKrnl - ok
18:45:14.0773 3692 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:45:14.0804 3692 EapHost - ok
18:45:14.0867 3692 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
18:45:14.0898 3692 ebdrv - ok
18:45:14.0976 3692 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:45:14.0992 3692 eeCtrl - ok
18:45:15.0023 3692 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:45:15.0054 3692 EFS - ok
18:45:15.0116 3692 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:45:15.0163 3692 ehRecvr - ok
18:45:15.0179 3692 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
18:45:15.0226 3692 ehSched - ok
18:45:15.0241 3692 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:45:15.0257 3692 elxstor - ok
18:45:15.0304 3692 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:45:15.0319 3692 EraserUtilRebootDrv - ok
18:45:15.0335 3692 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:45:15.0350 3692 ErrDev - ok
18:45:15.0382 3692 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:45:15.0413 3692 EventSystem - ok
18:45:15.0444 3692 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:45:15.0475 3692 exfat - ok
18:45:15.0506 3692 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:45:15.0522 3692 fastfat - ok
18:45:15.0569 3692 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:45:15.0600 3692 Fax - ok
18:45:15.0616 3692 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:45:15.0631 3692 fdc - ok
18:45:15.0647 3692 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:45:15.0678 3692 fdPHost - ok
18:45:15.0678 3692 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:45:15.0709 3692 FDResPub - ok
18:45:15.0725 3692 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:45:15.0740 3692 FileInfo - ok
18:45:15.0756 3692 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:45:15.0787 3692 Filetrace - ok
18:45:15.0803 3692 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:45:15.0818 3692 flpydisk - ok
18:45:15.0850 3692 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:45:15.0865 3692 FltMgr - ok
18:45:15.0896 3692 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
18:45:15.0943 3692 FontCache - ok
18:45:15.0974 3692 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:45:15.0990 3692 FontCache3.0.0.0 - ok
18:45:16.0006 3692 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:45:16.0006 3692 FsDepends - ok
18:45:16.0037 3692 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:45:16.0037 3692 Fs_Rec - ok
18:45:16.0068 3692 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:45:16.0068 3692 fvevol - ok
18:45:16.0099 3692 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:45:16.0099 3692 gagp30kx - ok
18:45:16.0130 3692 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:45:16.0130 3692 GEARAspiWDM - ok
18:45:16.0177 3692 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:45:16.0208 3692 gpsvc - ok
18:45:16.0224 3692 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:45:16.0255 3692 hcw85cir - ok
18:45:16.0286 3692 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:45:16.0302 3692 HdAudAddService - ok
18:45:16.0333 3692 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
18:45:16.0349 3692 HDAudBus - ok
18:45:16.0364 3692 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:45:16.0380 3692 HidBatt - ok
18:45:16.0380 3692 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:45:16.0396 3692 HidBth - ok
18:45:16.0411 3692 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:45:16.0427 3692 HidIr - ok
18:45:16.0442 3692 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
18:45:16.0458 3692 hidserv - ok
18:45:16.0489 3692 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
18:45:16.0505 3692 HidUsb - ok
18:45:16.0520 3692 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:45:16.0567 3692 hkmsvc - ok
18:45:16.0583 3692 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:45:16.0614 3692 HomeGroupListener - ok
18:45:16.0645 3692 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:45:16.0645 3692 HomeGroupProvider - ok
18:45:16.0676 3692 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:45:16.0692 3692 HpSAMD - ok
18:45:16.0723 3692 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:45:16.0770 3692 HTTP - ok
18:45:16.0770 3692 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:45:16.0786 3692 hwpolicy - ok
18:45:16.0817 3692 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:45:16.0832 3692 i8042prt - ok
18:45:16.0864 3692 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:45:16.0864 3692 iaStorV - ok
18:45:16.0910 3692 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:45:16.0926 3692 idsvc - ok
18:45:17.0051 3692 [ 82AB40147567DE48C405AFE570A2266F ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120824.001\IDSvia64.sys
18:45:17.0066 3692 IDSVia64 - ok
18:45:17.0176 3692 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
18:45:17.0238 3692 igfx - ok
18:45:17.0254 3692 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:45:17.0254 3692 iirsp - ok
18:45:17.0285 3692 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:45:17.0316 3692 IKEEXT - ok
18:45:17.0363 3692 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
18:45:17.0394 3692 IntcAzAudAddService - ok
18:45:17.0394 3692 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:45:17.0410 3692 intelide - ok
18:45:17.0410 3692 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:45:17.0441 3692 intelppm - ok
18:45:17.0456 3692 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:45:17.0488 3692 IPBusEnum - ok
18:45:17.0503 3692 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:45:17.0534 3692 IpFilterDriver - ok
18:45:17.0566 3692 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:45:17.0597 3692 iphlpsvc - ok
18:45:17.0628 3692 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:45:17.0644 3692 IPMIDRV - ok
18:45:17.0675 3692 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:45:17.0706 3692 IPNAT - ok
18:45:17.0768 3692 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:45:17.0784 3692 iPod Service - ok
18:45:17.0800 3692 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:45:17.0924 3692 IRENUM - ok
18:45:17.0956 3692 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:45:17.0971 3692 isapnp - ok
18:45:17.0987 3692 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:45:18.0002 3692 iScsiPrt - ok
18:45:18.0018 3692 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
18:45:18.0034 3692 kbdclass - ok
18:45:18.0065 3692 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:45:18.0080 3692 kbdhid - ok
18:45:18.0112 3692 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:45:18.0112 3692 KeyIso - ok
18:45:18.0143 3692 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:45:18.0158 3692 KSecDD - ok
18:45:18.0158 3692 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:45:18.0174 3692 KSecPkg - ok
18:45:18.0190 3692 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:45:18.0221 3692 ksthunk - ok
18:45:18.0236 3692 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:45:18.0268 3692 KtmRm - ok
18:45:18.0299 3692 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
18:45:18.0330 3692 LanmanServer - ok
18:45:18.0346 3692 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:45:18.0377 3692 LanmanWorkstation - ok
18:45:18.0470 3692 [ 55AFD4A9D5ED4AD40D5215CCDF4D65F3 ] Lavasoft Ad-Aware Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
18:45:18.0502 3692 Lavasoft Ad-Aware Service - ok
18:45:18.0533 3692 [ 9A7FA6371F68335FD3C3D6488BC5A9F8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
18:45:18.0533 3692 Lavasoft Kernexplorer - ok
18:45:18.0564 3692 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\windows\system32\DRIVERS\Lbd.sys
18:45:18.0580 3692 Lbd - ok
18:45:18.0595 3692 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:45:18.0626 3692 lltdio - ok
18:45:18.0642 3692 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:45:18.0658 3692 lltdsvc - ok
18:45:18.0673 3692 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:45:18.0704 3692 lmhosts - ok
18:45:18.0736 3692 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:45:18.0751 3692 LSI_FC - ok
18:45:18.0767 3692 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:45:18.0767 3692 LSI_SAS - ok
18:45:18.0782 3692 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:45:18.0798 3692 LSI_SAS2 - ok
18:45:18.0814 3692 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:45:18.0814 3692 LSI_SCSI - ok
18:45:18.0845 3692 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:45:18.0876 3692 luafv - ok
18:45:18.0970 3692 [ 3D1516114F5B1548864D043177F992A6 ] lxeaCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe
18:45:18.0985 3692 lxeaCATSCustConnectService - ok
18:45:18.0985 3692 lxea_device - ok
18:45:19.0016 3692 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:45:19.0032 3692 Mcx2Svc - ok
18:45:19.0048 3692 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:45:19.0063 3692 megasas - ok
18:45:19.0079 3692 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:45:19.0079 3692 MegaSR - ok
18:45:19.0094 3692 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:45:19.0141 3692 MMCSS - ok
18:45:19.0172 3692 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:45:19.0204 3692 Modem - ok
18:45:19.0219 3692 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:45:19.0235 3692 monitor - ok
18:45:19.0250 3692 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
18:45:19.0250 3692 mouclass - ok
18:45:19.0282 3692 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:45:19.0297 3692 mouhid - ok
18:45:19.0328 3692 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:45:19.0328 3692 mountmgr - ok
18:45:19.0360 3692 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:45:19.0375 3692 mpio - ok
18:45:19.0391 3692 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:45:19.0422 3692 mpsdrv - ok
18:45:19.0453 3692 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
18:45:19.0484 3692 MpsSvc - ok
18:45:19.0500 3692 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:45:19.0531 3692 MRxDAV - ok
18:45:19.0547 3692 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:45:19.0578 3692 mrxsmb - ok
18:45:19.0609 3692 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:45:19.0609 3692 mrxsmb10 - ok
18:45:19.0625 3692 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:45:19.0640 3692 mrxsmb20 - ok
18:45:19.0656 3692 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:45:19.0656 3692 msahci - ok
18:45:19.0672 3692 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:45:19.0687 3692 msdsm - ok
18:45:19.0703 3692 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:45:19.0718 3692 MSDTC - ok
18:45:19.0734 3692 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:45:19.0765 3692 Msfs - ok
18:45:19.0796 3692 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:45:19.0828 3692 mshidkmdf - ok
18:45:19.0843 3692 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:45:19.0859 3692 msisadrv - ok
18:45:19.0874 3692 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:45:19.0906 3692 MSiSCSI - ok
18:45:19.0906 3692 msiserver - ok
18:45:19.0952 3692 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:45:19.0984 3692 MSKSSRV - ok
18:45:19.0999 3692 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:45:20.0046 3692 MSPCLOCK - ok
18:45:20.0062 3692 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:45:20.0077 3692 MSPQM - ok
18:45:20.0108 3692 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:45:20.0124 3692 MsRPC - ok
18:45:20.0140 3692 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:45:20.0140 3692 mssmbios - ok
18:45:20.0155 3692 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:45:20.0186 3692 MSTEE - ok
18:45:20.0202 3692 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:45:20.0218 3692 MTConfig - ok
18:45:20.0233 3692 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\windows\system32\DRIVERS\ASACPI.sys
18:45:20.0249 3692 MTsensor - ok
18:45:20.0264 3692 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:45:20.0264 3692 Mup - ok
18:45:20.0342 3692 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
18:45:20.0358 3692 N360 - ok
18:45:20.0389 3692 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:45:20.0436 3692 napagent - ok
18:45:20.0467 3692 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:45:20.0483 3692 NativeWifiP - ok
18:45:20.0545 3692 [ 0A053F378B53E2A467A852119F91ABE1 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
18:45:20.0561 3692 NAUpdate - ok
18:45:20.0639 3692 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\ENG64.SYS
18:45:20.0639 3692 NAVENG - ok
18:45:20.0701 3692 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120827.001\EX64.SYS
18:45:20.0732 3692 NAVEX15 - ok
18:45:20.0764 3692 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
18:45:20.0779 3692 NDIS - ok
18:45:20.0810 3692 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:45:20.0826 3692 NdisCap - ok
18:45:20.0842 3692 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:45:20.0857 3692 NdisTapi - ok
18:45:20.0904 3692 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:45:20.0920 3692 Ndisuio - ok
18:45:20.0951 3692 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:45:20.0998 3692 NdisWan - ok
18:45:21.0013 3692 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:45:21.0029 3692 NDProxy - ok
18:45:21.0044 3692 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:45:21.0076 3692 NetBIOS - ok
18:45:21.0107 3692 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:45:21.0138 3692 NetBT - ok
18:45:21.0154 3692 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:45:21.0154 3692 Netlogon - ok
18:45:21.0200 3692 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:45:21.0247 3692 Netman - ok
18:45:21.0263 3692 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:45:21.0294 3692 netprofm - ok
18:45:21.0310 3692 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:45:21.0325 3692 NetTcpPortSharing - ok
18:45:21.0341 3692 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:45:21.0341 3692 nfrd960 - ok
18:45:21.0356 3692 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
18:45:21.0388 3692 NlaSvc - ok
18:45:21.0388 3692 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:45:21.0419 3692 Npfs - ok
18:45:21.0434 3692 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:45:21.0450 3692 nsi - ok
18:45:21.0466 3692 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:45:21.0497 3692 nsiproxy - ok
18:45:21.0528 3692 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:45:21.0559 3692 Ntfs - ok
18:45:21.0575 3692 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:45:21.0606 3692 Null - ok
18:45:21.0622 3692 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:45:21.0622 3692 nvraid - ok
18:45:21.0653 3692 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:45:21.0668 3692 nvstor - ok
18:45:21.0684 3692 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:45:21.0700 3692 nv_agp - ok
18:45:21.0762 3692 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:45:21.0762 3692 odserv - ok
18:45:21.0793 3692 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:45:21.0809 3692 ohci1394 - ok
18:45:21.0840 3692 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:45:21.0840 3692 ose - ok
18:45:21.0871 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:45:21.0918 3692 p2pimsvc - ok
18:45:21.0949 3692 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:45:21.0965 3692 p2psvc - ok
18:45:21.0996 3692 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:45:21.0996 3692 Parport - ok
18:45:22.0027 3692 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:45:22.0043 3692 partmgr - ok
18:45:22.0058 3692 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:45:22.0074 3692 PcaSvc - ok
18:45:22.0105 3692 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:45:22.0105 3692 pci - ok
18:45:22.0121 3692 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:45:22.0136 3692 pciide - ok
18:45:22.0136 3692 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:45:22.0152 3692 pcmcia - ok
18:45:22.0168 3692 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:45:22.0168 3692 pcw - ok
18:45:22.0199 3692 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:45:22.0230 3692 PEAUTH - ok
18:45:22.0292 3692 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:45:22.0308 3692 PerfHost - ok
18:45:22.0355 3692 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:45:22.0386 3692 pla - ok
18:45:22.0417 3692 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:45:22.0480 3692 PlugPlay - ok
18:45:22.0495 3692 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:45:22.0526 3692 PNRPAutoReg - ok
18:45:22.0526 3692 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:45:22.0542 3692 PNRPsvc - ok
18:45:22.0542 3692 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:45:22.0573 3692 PolicyAgent - ok
18:45:22.0604 3692 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:45:22.0651 3692 Power - ok
18:45:22.0682 3692 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:45:22.0698 3692 PptpMiniport - ok
18:45:22.0714 3692 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
18:45:22.0745 3692 Processor - ok
18:45:22.0776 3692 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:45:22.0823 3692 ProfSvc - ok
18:45:22.0823 3692 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:45:22.0838 3692 ProtectedStorage - ok
18:45:22.0870 3692 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:45:22.0901 3692 Psched - ok
18:45:22.0932 3692 PxHlpa64 - ok
18:45:22.0963 3692 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:45:22.0979 3692 ql2300 - ok
18:45:23.0010 3692 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:45:23.0026 3692 ql40xx - ok
18:45:23.0041 3692 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:45:23.0057 3692 QWAVE - ok
18:45:23.0072 3692 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:45:23.0088 3692 QWAVEdrv - ok
18:45:23.0104 3692 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:45:23.0135 3692 RasAcd - ok
18:45:23.0166 3692 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:45:23.0182 3692 RasAgileVpn - ok
18:45:23.0197 3692 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:45:23.0228 3692 RasAuto - ok
18:45:23.0244 3692 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:45:23.0275 3692 Rasl2tp - ok
18:45:23.0322 3692 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:45:23.0338 3692 RasMan - ok
18:45:23.0353 3692 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:45:23.0400 3692 RasPppoe - ok
18:45:23.0416 3692 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:45:23.0431 3692 RasSstp - ok
18:45:23.0462 3692 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:45:23.0494 3692 rdbss - ok
18:45:23.0509 3692 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:45:23.0525 3692 rdpbus - ok
18:45:23.0540 3692 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:45:23.0556 3692 RDPCDD - ok
18:45:23.0572 3692 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:45:23.0618 3692 RDPENCDD - ok
18:45:23.0634 3692 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:45:23.0650 3692 RDPREFMP - ok
18:45:23.0696 3692 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:45:23.0728 3692 RDPWD - ok
18:45:23.0759 3692 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:45:23.0774 3692 rdyboost - ok
18:45:23.0790 3692 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:45:23.0837 3692 RemoteAccess - ok
18:45:23.0852 3692 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:45:23.0899 3692 RemoteRegistry - ok
18:45:23.0915 3692 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:45:23.0930 3692 RpcEptMapper - ok
18:45:23.0946 3692 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:45:23.0962 3692 RpcLocator - ok
18:45:23.0993 3692 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
18:45:24.0024 3692 RpcSs - ok
18:45:24.0040 3692 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:45:24.0071 3692 rspndr - ok
18:45:24.0102 3692 [ 1D5007EDC9439182CD2B0D3158213977 ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMIVX.sys
18:45:24.0133 3692 RTHDMIAzAudService - ok
18:45:24.0180 3692 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
18:45:24.0196 3692 RTL8167 - ok
18:45:24.0196 3692 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:45:24.0211 3692 SamSs - ok
18:45:24.0242 3692 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:45:24.0242 3692 sbp2port - ok
18:45:24.0258 3692 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:45:24.0289 3692 SCardSvr - ok
18:45:24.0305 3692 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:45:24.0336 3692 scfilter - ok
18:45:24.0398 3692 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:45:24.0430 3692 Schedule - ok
18:45:24.0476 3692 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:45:24.0492 3692 SCPolicySvc - ok
18:45:24.0523 3692 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:45:24.0554 3692 SDRSVC - ok
18:45:24.0570 3692 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:45:24.0586 3692 secdrv - ok
18:45:24.0601 3692 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:45:24.0632 3692 seclogon - ok
18:45:24.0664 3692 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
18:45:24.0695 3692 SENS - ok
18:45:24.0710 3692 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:45:24.0726 3692 SensrSvc - ok
18:45:24.0742 3692 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:45:24.0773 3692 Serenum - ok
18:45:24.0788 3692 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:45:24.0788 3692 Serial - ok
18:45:24.0804 3692 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:45:24.0820 3692 sermouse - ok
18:45:24.0851 3692 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:45:24.0882 3692 SessionEnv - ok
18:45:24.0898 3692 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:45:24.0960 3692 sffdisk - ok
18:45:24.0976 3692 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:45:25.0007 3692 sffp_mmc - ok
18:45:25.0007 3692 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:45:25.0022 3692 sffp_sd - ok
18:45:25.0038 3692 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:45:25.0038 3692 sfloppy - ok
18:45:25.0069 3692 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
18:45:25.0100 3692 SharedAccess - ok
18:45:25.0132 3692 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:45:25.0163 3692 ShellHWDetection - ok
18:45:25.0194 3692 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:45:25.0194 3692 SiSRaid2 - ok
18:45:25.0225 3692 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:45:25.0225 3692 SiSRaid4 - ok
18:45:25.0256 3692 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:45:25.0303 3692 Smb - ok
18:45:25.0334 3692 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:45:25.0350 3692 SNMPTRAP - ok
18:45:25.0366 3692 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:45:25.0366 3692 spldr - ok
18:45:25.0412 3692 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:45:25.0506 3692 Spooler - ok
18:45:25.0584 3692 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:45:25.0631 3692 sppsvc - ok
18:45:25.0646 3692 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:45:25.0678 3692 sppuinotify - ok
18:45:25.0756 3692 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
18:45:25.0771 3692 SRTSP - ok
18:45:25.0787 3692 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
18:45:25.0787 3692 SRTSPX - ok
18:45:25.0818 3692 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:45:25.0834 3692 srv - ok
18:45:25.0880 3692 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:45:25.0880 3692 srv2 - ok
18:45:25.0896 3692 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:45:25.0912 3692 srvnet - ok
18:45:25.0943 3692 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:45:25.0990 3692 SSDPSRV - ok
18:45:25.0990 3692 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:45:26.0021 3692 SstpSvc - ok
18:45:26.0021 3692 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:45:26.0036 3692 stexstor - ok
18:45:26.0083 3692 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:45:26.0114 3692 stisvc - ok
18:45:26.0130 3692 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
18:45:26.0130 3692 swenum - ok
18:45:26.0161 3692 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:45:26.0208 3692 swprv - ok
18:45:26.0239 3692 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
18:45:26.0255 3692 SymDS - ok
18:45:26.0286 3692 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
18:45:26.0302 3692 SymEFA - ok
18:45:26.0333 3692 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:45:26.0333 3692 SymEvent - ok
18:45:26.0348 3692 SYMFW - ok
18:45:26.0380 3692 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
18:45:26.0380 3692 SymIRON - ok
18:45:26.0395 3692 SYMNDISV - ok
18:45:26.0411 3692 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
18:45:26.0426 3692 SymNetS - ok
18:45:26.0473 3692 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:45:26.0504 3692 SysMain - ok
18:45:26.0536 3692 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:45:26.0551 3692 TabletInputService - ok
18:45:26.0567 3692 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:45:26.0598 3692 TapiSrv - ok
18:45:26.0629 3692 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:45:26.0645 3692 TBS - ok
18:45:26.0707 3692 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:45:26.0723 3692 Tcpip - ok
18:45:26.0785 3692 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:45:26.0816 3692 TCPIP6 - ok
18:45:26.0848 3692 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:45:26.0879 3692 tcpipreg - ok
18:45:26.0894 3692 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:45:26.0941 3692 TDPIPE - ok
18:45:26.0972 3692 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:45:26.0988 3692 TDTCP - ok
18:45:27.0004 3692 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:45:27.0035 3692 tdx - ok
18:45:27.0050 3692 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
18:45:27.0066 3692 TermDD - ok
18:45:27.0097 3692 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:45:27.0128 3692 TermService - ok
18:45:27.0144 3692 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:45:27.0160 3692 Themes - ok
18:45:27.0175 3692 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:45:27.0206 3692 THREADORDER - ok
18:45:27.0222 3692 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:45:27.0253 3692 TrkWks - ok
18:45:27.0300 3692 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:45:27.0316 3692 TrustedInstaller - ok
18:45:27.0347 3692 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:45:27.0378 3692 tssecsrv - ok
18:45:27.0394 3692 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:45:27.0425 3692 TsUsbFlt - ok
18:45:27.0456 3692 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:45:27.0487 3692 tunnel - ok
18:45:27.0503 3692 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:45:27.0518 3692 uagp35 - ok
18:45:27.0550 3692 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:45:27.0581 3692 udfs - ok
18:45:27.0612 3692 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:45:27.0628 3692 UI0Detect - ok
18:45:27.0643 3692 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:45:27.0643 3692 uliagpkx - ok
18:45:27.0659 3692 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
18:45:27.0674 3692 umbus - ok
18:45:27.0706 3692 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:45:27.0721 3692 UmPass - ok
18:45:27.0737 3692 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:45:27.0768 3692 upnphost - ok
18:45:27.0799 3692 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
18:45:27.0830 3692 USBAAPL64 - ok
18:45:27.0846 3692 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\drivers\usbccgp.sys
18:45:27.0924 3692 usbccgp - ok
18:45:27.0955 3692 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:45:27.0971 3692 usbcir - ok
18:45:27.0971 3692 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:45:27.0986 3692 usbehci - ok
18:45:28.0002 3692 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:45:28.0033 3692 usbhub - ok
18:45:28.0049 3692 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
18:45:28.0064 3692 usbohci - ok
18:45:28.0096 3692 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:45:28.0096 3692 usbprint - ok
18:45:28.0127 3692 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:45:28.0142 3692 usbscan - ok
18:45:28.0220 3692 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:45:28.0283 3692 USBSTOR - ok
18:45:28.0345 3692 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:45:28.0361 3692 usbuhci - ok
18:45:28.0376 3692 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:45:28.0408 3692 UxSms - ok
18:45:28.0423 3692 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:45:28.0439 3692 VaultSvc - ok
18:45:28.0439 3692 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:45:28.0454 3692 vdrvroot - ok
18:45:28.0486 3692 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:45:28.0517 3692 vds - ok
18:45:28.0548 3692 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:45:28.0548 3692 vga - ok
18:45:28.0564 3692 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:45:28.0610 3692 VgaSave - ok
18:45:28.0610 3692 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:45:28.0626 3692 vhdmp - ok
18:45:28.0642 3692 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:45:28.0657 3692 viaide - ok
18:45:28.0657 3692 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:45:28.0673 3692 volmgr - ok
18:45:28.0704 3692 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:45:28.0720 3692 volmgrx - ok
18:45:28.0751 3692 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:45:28.0751 3692 volsnap - ok
18:45:28.0813 3692 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:45:28.0813 3692 vsmraid - ok
18:45:28.0891 3692 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:45:28.0954 3692 VSS - ok
18:45:28.0969 3692 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
18:45:28.0985 3692 vwifibus - ok
18:45:29.0000 3692 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:45:29.0032 3692 W32Time - ok
18:45:29.0063 3692 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:45:29.0078 3692 WacomPen - ok
18:45:29.0110 3692 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:45:29.0141 3692 WANARP - ok
18:45:29.0141 3692 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:45:29.0156 3692 Wanarpv6 - ok
18:45:29.0219 3692 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
18:45:29.0250 3692 WatAdminSvc - ok
18:45:29.0281 3692 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:45:29.0344 3692 wbengine - ok
18:45:29.0359 3692 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:45:29.0375 3692 WbioSrvc - ok
18:45:29.0484 3692 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:45:29.0500 3692 wcncsvc - ok
18:45:29.0500 3692 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:45:29.0546 3692 WcsPlugInService - ok
18:45:29.0546 3692 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
18:45:29.0562 3692 Wd - ok
18:45:29.0640 3692 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:45:29.0656 3692 Wdf01000 - ok
18:45:29.0687 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:45:30.0014 3692 WdiServiceHost - ok
18:45:30.0030 3692 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:45:30.0046 3692 WdiSystemHost - ok
18:45:30.0077 3692 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:45:30.0108 3692 WebClient - ok
18:45:30.0124 3692 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:45:30.0170 3692 Wecsvc - ok
18:45:30.0186 3692 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:45:30.0233 3692 wercplsupport - ok
18:45:30.0280 3692 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:45:30.0311 3692 WerSvc - ok
18:45:30.0342 3692 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:45:30.0358 3692 WfpLwf - ok
18:45:30.0373 3692 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:45:30.0389 3692 WIMMount - ok
18:45:30.0389 3692 WinDefend - ok
18:45:30.0389 3692 WinHttpAutoProxySvc - ok
18:45:30.0498 3692 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:45:30.0545 3692 Winmgmt - ok
18:45:30.0966 3692 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:45:31.0075 3692 WinRM - ok
18:45:31.0231 3692 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
18:45:31.0247 3692 WinUsb - ok
18:45:31.0465 3692 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:45:31.0512 3692 Wlansvc - ok
18:45:31.0621 3692 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:45:31.0637 3692 WmiAcpi - ok
18:45:31.0684 3692 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:45:31.0699 3692 wmiApSrv - ok
18:45:31.0746 3692 WMPNetworkSvc - ok
18:45:31.0777 3692 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:45:31.0855 3692 WPCSvc - ok
18:45:31.0886 3692 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:45:31.0902 3692 WPDBusEnum - ok
18:45:31.0933 3692 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:45:31.0949 3692 ws2ifsl - ok
18:45:31.0996 3692 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
18:45:32.0027 3692 wscsvc - ok
18:45:32.0058 3692 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
18:45:32.0089 3692 WSDPrintDevice - ok
18:45:32.0089 3692 WSearch - ok
18:45:32.0292 3692 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
18:45:32.0323 3692 wuauserv - ok
18:45:32.0354 3692 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:45:32.0386 3692 WudfPf - ok
18:45:32.0479 3692 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:45:32.0510 3692 WUDFRd - ok
18:45:32.0542 3692 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:45:32.0573 3692 wudfsvc - ok
18:45:32.0604 3692 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:45:32.0635 3692 WwanSvc - ok
18:45:32.0651 3692 ================ Scan global ===============================
18:45:32.0682 3692 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:45:32.0729 3692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
18:45:32.0744 3692 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
18:45:32.0760 3692 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:45:32.0807 3692 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:45:32.0807 3692 [Global] - ok
18:45:32.0807 3692 ================ Scan MBR ==================================
18:45:32.0838 3692 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:45:34.0195 3692 \Device\Harddisk0\DR0 - ok
18:45:34.0195 3692 ================ Scan VBR ==================================
18:45:34.0195 3692 [ 034A936683576E0FE89D44729A8233CF ] \Device\Harddisk0\DR0\Partition1
18:45:34.0195 3692 \Device\Harddisk0\DR0\Partition1 - ok
18:45:34.0226 3692 [ 13AD3FAA206D21F1A76CA188EACB2159 ] \Device\Harddisk0\DR0\Partition2
18:45:34.0226 3692 \Device\Harddisk0\DR0\Partition2 - ok
18:45:34.0226 3692 ============================================================
18:45:34.0226 3692 Scan finished
18:45:34.0226 3692 ============================================================
18:45:34.0226 2040 Detected object count: 0
18:45:34.0226 2040 Actual detected object count: 0
18:45:58.0063 0424 Deinitialize success
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.29.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Justin :: JUSTIN-PC [administrator]
Protection: Enabled
8/29/2012 6:57:01 PM
mbam-log-2012-08-29 (18-57-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192986
Time elapsed: 2 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Justin\Downloads\7zip_installer_1650.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Justin\Downloads\dvdburning_1289.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Justin\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
(end)
(at this point I got a reocurring ComcastAntiSpy.exe error)
OTL logfile created on: 8/29/2012 7:10:04 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 73.92% Memory free
15.50 Gb Paging File | 13.56 Gb Available in Paging File | 87.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 1313.71 Gb Free Space | 94.03% Space Free | Partition Type: NTFS
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/08/27 16:15:38 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
PRC - [2012/08/24 18:17:43 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/08/14 20:36:16 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/06 10:51:00 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
PRC - [2012/05/22 17:44:08 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/18 15:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
========== Modules (No Company Name) ========== MOD - [2012/06/06 10:50:52 | 000,085,976 | ---- | M] () -- C:\Program Files (x86)\xfin_portal\comcastdx.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2010/01/18 15:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/05/27 10:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 17:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/30 10:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2009/03/30 10:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2009/03/30 10:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2009/03/30 10:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2009/03/30 10:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2009/03/30 10:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2009/03/30 10:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2009/03/10 03:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 12:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
========== Services (SafeList) ========== SRV:
64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:
64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV - [2012/08/14 20:36:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/22 17:44:08 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/10/28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:
64bit: - [2011/10/02 15:30:34 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:
64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:
64bit: - [2009/09/25 14:13:26 | 000,205,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:
64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2006/11/01 06:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120828.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/21 17:03:26 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120829.003\ex64.sys -- (NAVEX15)
DRV - [2012/08/21 17:03:26 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120829.003\eng64.sys -- (NAVENG)
DRV - [2012/08/09 17:26:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 17:26:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/09 22:33:45 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 98 9D 52 0A 85 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADSA_enIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/08/09 00:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/08/29 19:03:37 | 000,000,000 | ---D | M]
[2012/06/12 19:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
http://search.condui...SearchSource=48 O1 HOSTS File: ([2012/08/27 17:03:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7}
https://wws2.mutualo.../TWDownload.cab (TWDownloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2247A93-1417-450A-A28F-2D79EDDFD666}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PEVSystemStart - Service
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: procexp90.Sys - Driver
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: vmms - Service
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PEVSystemStart - Service
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: procexp90.Sys - Driver
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: vmms - Service
SafeBootNet:
64bit: WudfUsbccidDriver - Driver
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:
64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:
64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:
64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:
64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:
64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:
64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:
64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:
64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:
64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:
64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:
64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:
64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:
64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:
64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:
64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:
64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:
64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:
64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:
64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:
64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:
64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:
64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/08/29 18:56:19 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2012/08/29 18:56:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/29 18:55:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/29 18:42:58 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/08/27 17:04:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/27 16:55:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/27 16:55:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/27 16:55:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/27 16:55:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/27 16:46:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/27 16:45:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/27 16:44:46 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/08/27 16:22:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/08/27 16:17:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/27 16:15:38 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
[2012/08/27 16:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/27 16:11:21 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/08/27 16:11:21 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/08/27 16:11:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/08/27 16:11:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/27 16:11:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/08/26 10:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2012/08/26 10:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/26 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/26 09:58:11 | 000,000,000 | R--D | C] -- C:\Users\Justin\4Sync
[2012/08/26 09:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/08/26 09:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/26 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\CRE
[2012/08/26 09:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync
[2012/08/15 20:32:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/15 20:32:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/15 20:32:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/15 20:32:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/15 20:32:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/15 20:32:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/15 20:32:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/15 20:32:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/15 20:32:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/15 20:32:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/15 20:32:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/15 20:32:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/15 20:32:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/15 19:33:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/15 19:33:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/15 19:33:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/15 19:33:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/15 19:33:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/15 19:33:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/15 19:33:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/15 19:33:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/13 19:03:20 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Microsoft Help
========== Files - Modified Within 30 Days ========== [2012/08/29 19:10:46 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 19:10:46 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 19:03:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/29 19:03:30 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 18:55:09 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/29 18:47:22 | 000,018,292 | ---- | M] () -- C:\Users\Justin\Desktop\malwarebytes_free.htm
[2012/08/29 18:42:58 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/08/29 18:42:06 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/08/29 18:42:06 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/08/27 20:51:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 17:03:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/08/27 16:44:52 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/08/27 16:42:03 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/08/27 16:29:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/08/27 16:15:38 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
[2012/08/27 16:10:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/08/27 16:10:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/08/27 16:10:58 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/27 16:10:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/08/27 16:10:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/08/27 16:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/08/26 09:55:52 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/19 16:43:58 | 000,116,531 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;43;58PM.PDF
[2012/08/19 16:32:04 | 000,433,282 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;32;04PM.PDF
[2012/08/19 16:22:07 | 016,216,476 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;22;04PM.PDF
[2012/08/19 16:07:19 | 001,290,363 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;07;19PM.PDF
[2012/08/16 16:54:18 | 000,412,624 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/14 20:36:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:36:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/12 08:57:15 | 000,050,238 | ---- | M] () -- C:\Users\Justin\Desktop\couch loveseat.jpg
[2012/08/10 20:32:53 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/10 20:32:53 | 000,624,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/10 20:32:53 | 000,106,538 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
========== Files Created - No Company Name ========== [2012/08/29 18:47:22 | 000,018,292 | ---- | C] () -- C:\Users\Justin\Desktop\malwarebytes_free.htm
[2012/08/27 16:55:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/27 16:55:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/27 16:55:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/27 16:55:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/27 16:55:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/27 16:42:03 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/08/26 09:55:51 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/19 16:43:58 | 000,116,531 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;43;58PM.PDF
[2012/08/19 16:32:04 | 000,433,282 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;32;04PM.PDF
[2012/08/19 16:22:04 | 016,216,476 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;22;04PM.PDF
[2012/08/19 16:07:19 | 001,290,363 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;07;19PM.PDF
[2012/08/12 08:57:33 | 000,050,238 | ---- | C] () -- C:\Users\Justin\Desktop\couch loveseat.jpg
[2012/06/17 10:21:19 | 000,001,451 | ---- | C] () -- C:\windows\wininit.ini
[2012/06/12 19:57:06 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2012/04/15 10:12:59 | 000,047,616 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
[2012/04/15 10:12:59 | 000,000,142 | ---- | C] () -- C:\windows\wpd99.drv
[2011/12/13 17:54:56 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/12/13 17:54:56 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/05/24 17:49:11 | 000,001,940 | ---- | C] () -- C:\Users\Justin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2012/08/21 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2012/06/09 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Adobe
[2012/01/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Apple Computer
[2010/06/24 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Arcsoft
[2012/06/09 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.jakks.spynet
[2010/07/18 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DriverFinder
[2010/09/18 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Google
[2010/02/26 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Identities
[2011/10/15 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ImgBurn
[2010/06/24 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\KodakCredentialStore
[2010/08/19 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2010/02/28 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Macromedia
[2012/08/29 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Media Center Programs
[2012/08/19 16:29:15 | 000,000,000 | --SD | M] -- C:\Users\Justin\AppData\Roaming\Microsoft
[2012/06/12 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mozilla
[2011/11/29 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MusicNet
[2011/10/15 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Nero
[2012/04/15 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\pdf995
[2010/06/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Skinux
[2012/04/15 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TaxCut
[2012/08/27 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2011/11/20 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: EXPLORER.EXE >[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
OTL logfile created on: 8/29/2012 7:10:04 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.75 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 73.92% Memory free
15.50 Gb Paging File | 13.56 Gb Available in Paging File | 87.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397.17 Gb Total Space | 1313.71 Gb Free Space | 94.03% Space Free | Partition Type: NTFS
Computer Name: JUSTIN-PC | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/08/27 16:15:38 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
PRC - [2012/08/24 18:17:43 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/08/14 20:36:16 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/06 10:51:00 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files (x86)\xfin_portal\CIDGlobalLight.exe
PRC - [2012/05/22 17:44:08 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/18 15:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
========== Modules (No Company Name) ========== MOD - [2012/06/06 10:50:52 | 000,085,976 | ---- | M] () -- C:\Program Files (x86)\xfin_portal\comcastdx.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 20:08:52 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2010/01/18 15:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/05/27 10:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 17:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/30 10:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2009/03/30 10:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2009/03/30 10:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2009/03/30 10:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2009/03/30 10:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2009/03/30 10:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2009/03/30 10:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2009/03/10 03:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 12:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll
========== Services (SafeList) ========== SRV:
64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:
64bit: - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:
64bit: - [2010/04/14 15:45:36 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV - [2012/08/14 20:36:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/22 17:44:08 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/03/04 11:39:14 | 000,584,488 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/04/14 15:45:21 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/10/28 20:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:
64bit: - [2011/10/02 15:30:34 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:
64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:
64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:
64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:
64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:
64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:
64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:
64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/15 21:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:
64bit: - [2009/09/25 14:13:26 | 000,205,440 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:
64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:
64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2006/11/01 06:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/08/21 22:05:05 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120828.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/21 17:03:26 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120829.003\ex64.sys -- (NAVEX15)
DRV - [2012/08/21 17:03:26 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120829.003\eng64.sys -- (NAVENG)
DRV - [2012/08/09 17:26:15 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 17:26:15 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/06/18 20:01:14 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/12/09 22:33:45 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D 98 9D 52 0A 85 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...&rlz=1I7ADSA_enIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/08/09 00:03:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_12_1 [2012/08/29 19:03:37 | 000,000,000 | ---D | M]
[2012/06/12 19:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
http://search.condui...SearchSource=48 O1 HOSTS File: ([2012/08/27 17:03:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{4b9bcce8-a70b-402a-a7e1-db96831ee26f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7B62F6EE-D046-11D3-9C5E-0060082627F7}
https://wws2.mutualo.../TWDownload.cab (TWDownloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2247A93-1417-450A-A28F-2D79EDDFD666}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
SafeBootMin:
64bit: Base - Driver Group
SafeBootMin:
64bit: Boot Bus Extender - Driver Group
SafeBootMin:
64bit: Boot file system - Driver Group
SafeBootMin:
64bit: File system - Driver Group
SafeBootMin:
64bit: Filter - Driver Group
SafeBootMin:
64bit: HelpSvc - Service
SafeBootMin:
64bit: PCI Configuration - Driver Group
SafeBootMin:
64bit: PEVSystemStart - Service
SafeBootMin:
64bit: PNP Filter - Driver Group
SafeBootMin:
64bit: Primary disk - Driver Group
SafeBootMin:
64bit: procexp90.Sys - Driver
SafeBootMin:
64bit: sacsvr - Service
SafeBootMin:
64bit: SCSI Class - Driver Group
SafeBootMin:
64bit: System Bus Extender - Driver Group
SafeBootMin:
64bit: vmms - Service
SafeBootMin:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:
64bit: Base - Driver Group
SafeBootNet:
64bit: Boot Bus Extender - Driver Group
SafeBootNet:
64bit: Boot file system - Driver Group
SafeBootNet:
64bit: File system - Driver Group
SafeBootNet:
64bit: Filter - Driver Group
SafeBootNet:
64bit: HelpSvc - Service
SafeBootNet:
64bit: Messenger - Service
SafeBootNet:
64bit: NDIS Wrapper - Driver Group
SafeBootNet:
64bit: NetBIOSGroup - Driver Group
SafeBootNet:
64bit: NetDDEGroup - Driver Group
SafeBootNet:
64bit: Network - Driver Group
SafeBootNet:
64bit: NetworkProvider - Driver Group
SafeBootNet:
64bit: PCI Configuration - Driver Group
SafeBootNet:
64bit: PEVSystemStart - Service
SafeBootNet:
64bit: PNP Filter - Driver Group
SafeBootNet:
64bit: PNP_TDI - Driver Group
SafeBootNet:
64bit: Primary disk - Driver Group
SafeBootNet:
64bit: procexp90.Sys - Driver
SafeBootNet:
64bit: rdsessmgr - Service
SafeBootNet:
64bit: sacsvr - Service
SafeBootNet:
64bit: SCSI Class - Driver Group
SafeBootNet:
64bit: Streams Drivers - Driver Group
SafeBootNet:
64bit: System Bus Extender - Driver Group
SafeBootNet:
64bit: TDI - Driver Group
SafeBootNet:
64bit: vmms - Service
SafeBootNet:
64bit: WudfUsbccidDriver - Driver
SafeBootNet:
64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:
64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:
64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:
64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:
64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:
64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:
64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:
64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:
64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:
64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:
64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:
64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:
64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:
64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:
64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:
64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:
64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:
64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:
64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:
64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:
64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:
64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:
64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:
64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:
64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:
64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:
64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:
64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:
64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:
64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:
64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:
64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:
64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:
64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:
64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:
64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:
64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:
64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:
64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:
64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:
64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:
64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:
64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:
64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:
64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:
64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/08/29 18:56:19 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2012/08/29 18:56:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/29 18:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/29 18:55:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/29 18:42:58 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/08/27 17:04:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/27 16:55:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/27 16:55:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/27 16:55:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/27 16:55:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/27 16:46:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/27 16:45:42 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/27 16:44:46 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/08/27 16:22:49 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/08/27 16:17:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/27 16:15:38 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
[2012/08/27 16:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/27 16:11:21 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/08/27 16:11:21 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/08/27 16:11:12 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/08/27 16:11:12 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/27 16:11:11 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/08/26 10:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2012/08/26 10:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/08/26 09:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/26 09:58:11 | 000,000,000 | R--D | C] -- C:\Users\Justin\4Sync
[2012/08/26 09:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/08/26 09:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/26 09:55:41 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\CRE
[2012/08/26 09:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\4Sync
[2012/08/15 20:32:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/08/15 20:32:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/08/15 20:32:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/08/15 20:32:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/08/15 20:32:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/08/15 20:32:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/08/15 20:32:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/08/15 20:32:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/08/15 20:32:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/08/15 20:32:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/08/15 20:32:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/08/15 20:32:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/08/15 20:32:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/08/15 19:33:49 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
[2012/08/15 19:33:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
[2012/08/15 19:33:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
[2012/08/15 19:33:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
[2012/08/15 19:33:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2012/08/15 19:33:39 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2012/08/15 19:33:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
[2012/08/15 19:33:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2012/08/13 19:03:20 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Microsoft Help
========== Files - Modified Within 30 Days ========== [2012/08/29 19:10:46 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 19:10:46 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 19:03:33 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/29 19:03:30 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 18:55:09 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/29 18:47:22 | 000,018,292 | ---- | M] () -- C:\Users\Justin\Desktop\malwarebytes_free.htm
[2012/08/29 18:42:58 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Justin\Desktop\tdsskiller.exe
[2012/08/29 18:42:06 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2012/08/29 18:42:06 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2012/08/27 20:51:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 17:03:55 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/08/27 16:44:52 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Justin\Desktop\ComboFix.exe
[2012/08/27 16:42:03 | 000,000,512 | ---- | M] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/08/27 16:29:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Justin\Desktop\aswMBR.exe
[2012/08/27 16:15:38 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\otl.exe
[2012/08/27 16:10:58 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/08/27 16:10:58 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/08/27 16:10:58 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/27 16:10:57 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/08/27 16:10:57 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2012/08/27 16:10:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/08/26 09:55:52 | 000,000,009 | ---- | M] () -- C:\END
[2012/08/19 16:43:58 | 000,116,531 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;43;58PM.PDF
[2012/08/19 16:32:04 | 000,433,282 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;32;04PM.PDF
[2012/08/19 16:22:07 | 016,216,476 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;22;04PM.PDF
[2012/08/19 16:07:19 | 001,290,363 | ---- | M] () -- C:\Users\Justin\Documents\08-19-2012 04;07;19PM.PDF
[2012/08/16 16:54:18 | 000,412,624 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/14 20:36:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:36:16 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/12 08:57:15 | 000,050,238 | ---- | M] () -- C:\Users\Justin\Desktop\couch loveseat.jpg
[2012/08/10 20:32:53 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/10 20:32:53 | 000,624,162 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/10 20:32:53 | 000,106,538 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
========== Files Created - No Company Name ========== [2012/08/29 18:47:22 | 000,018,292 | ---- | C] () -- C:\Users\Justin\Desktop\malwarebytes_free.htm
[2012/08/27 16:55:17 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/27 16:55:17 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/27 16:55:17 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/27 16:55:17 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/27 16:55:17 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/27 16:42:03 | 000,000,512 | ---- | C] () -- C:\Users\Justin\Desktop\MBR.dat
[2012/08/26 09:55:51 | 000,000,009 | ---- | C] () -- C:\END
[2012/08/19 16:43:58 | 000,116,531 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;43;58PM.PDF
[2012/08/19 16:32:04 | 000,433,282 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;32;04PM.PDF
[2012/08/19 16:22:04 | 016,216,476 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;22;04PM.PDF
[2012/08/19 16:07:19 | 001,290,363 | ---- | C] () -- C:\Users\Justin\Documents\08-19-2012 04;07;19PM.PDF
[2012/08/12 08:57:33 | 000,050,238 | ---- | C] () -- C:\Users\Justin\Desktop\couch loveseat.jpg
[2012/06/17 10:21:19 | 000,001,451 | ---- | C] () -- C:\windows\wininit.ini
[2012/06/12 19:57:06 | 000,000,064 | ---- | C] () -- C:\windows\GPlrLanc.dat
[2012/04/15 10:12:59 | 000,047,616 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
[2012/04/15 10:12:59 | 000,000,142 | ---- | C] () -- C:\windows\wpd99.drv
[2011/12/13 17:54:56 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/12/13 17:54:56 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/05/24 17:49:11 | 000,001,940 | ---- | C] () -- C:\Users\Justin\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2012/08/21 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\.minecraft
[2012/06/09 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Adobe
[2012/01/01 10:28:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Apple Computer
[2010/06/24 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Arcsoft
[2012/06/09 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\com.jakks.spynet
[2010/07/18 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DriverFinder
[2010/09/18 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Google
[2010/02/26 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Identities
[2011/10/15 16:28:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\ImgBurn
[2010/06/24 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\KodakCredentialStore
[2010/08/19 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Leadertech
[2010/02/28 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Macromedia
[2012/08/29 18:56:19 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2009/07/14 03:44:38 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Media Center Programs
[2012/08/19 16:29:15 | 000,000,000 | --SD | M] -- C:\Users\Justin\AppData\Roaming\Microsoft
[2012/06/12 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Mozilla
[2011/11/29 19:16:16 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\MusicNet
[2011/10/15 17:38:14 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Nero
[2012/04/15 10:13:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\pdf995
[2010/06/24 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Skinux
[2012/04/15 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TaxCut
[2012/08/27 16:14:13 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\uTorrent
[2011/11/20 10:02:33 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WinRAR
< MD5 for: ATAPI.SYS >[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: EXPLORER.EXE >[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: SVCHOST.EXE >[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/17 17:46:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
< hklm\software\clients\startmenuinternet|command /64 /rs >64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/17 17:45:59 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/28 21:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 29/08/2012 7:43:05 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/08/2012 11:25:03 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Log: 'System' Date/Time: 29/08/2012 11:24:03 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: PxHlpa64
Log: 'System' Date/Time: 29/08/2012 11:23:57 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.
Log: 'System' Date/Time: 29/08/2012 11:23:57 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 29/08/2012 11:23:57 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.
Log: 'System' Date/Time: 29/08/2012 11:21:47 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} did not register with DCOM within the required timeout.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Farbar Service Scanner Version: 06-08-2012
Ran by Justin (administrator) on 29-08-2012 at 19:45:18
Running from "C:\Users\Justin\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
I hope this is all the logs you wanted. As I am typing the letters are appearing VERY slow... I will be rebooting now. Look forward to your reply