Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LapTop gets Blue Screen and does Physical Dump, reboots or shuts down

Started by yobraniac , Oct 06 2012 09:08 AM

  • Please log in to reply

#1
yobraniac
Posted 06 October 2012 - 09:08 AM

yobraniac

    Member

  • Member
  • PipPip
  • 76 posts
Hello,

Whenever I log into my laptop, after a few moments it goes blank, shows a blue screen and at the bottom says that it is doing a physical dump. I honestly do not know when this started because I let someone borrow it and when they returned it I did not use it right away. It starts in safe mode just fine, I run safe mode with networking. I have run malwarebytes twice and have removed malicious objects, that seemed to help a little as I was able to log in for longer period of time. My anti virus protection is gone and none of the installed security programs will run even in safe mode. Security esstentials will not run and windows update is not working and I have not been able to repair these things in safe mode. In the action center I have two issues one is the security center is turned off and the other is windows could not check for updates. After I ran malwarebytes I installed avg and I managed to log back on and get the scan started, windows update had also started working, I had 41 updates, but when I tried to do a deep scan on the laptop using avg the laptop just shut off after a few minutes. I went back into safe mode but the avg safe mode scan gave me an error for C:/documentsandsettings. I tried to run kaspersky which ran fine as a quick scan but detected nothing. When I tried to to a deep scan the laptop shut off even in safe mode. That is the only time it has shut down in safe mode. Ialso tried the repair computer boot option but that did not resolve anything. For the windows update I tried the fixit tool but it still detects that something is wrong. Also I cannot open the security center, I get an error message saying cannot open. I also cannot find windows security essentials anywhere to even try to open it though I did see it once in safe mode, it's like it disappeared. As of right now the laptop boots and I can log in, I can even do a few things but eventually it does a physical dump. If I try to do a deep scan with any program the laptop shuts down a few minutes into it running. Below is the OTL report and it also opened up an Extras text as well.

Thanks in advance



OTL logfile created on: 10/6/2012 10:34:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LandaBear\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 77.32% Memory free
5.50 Gb Paging File | 4.92 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 152.00 Gb Free Space | 52.92% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.28 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: LandaBear | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 10:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/21 10:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office 2010\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012/10/03 21:51:31 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/10/03 21:51:07 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/03 20:55:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/01 21:39:01 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/12 19:58:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/12/17 14:31:27 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/16 16:53:44 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/08/19 21:16:40 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/28 14:06:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/21 07:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - [2012/10/03 21:51:08 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/01 21:39:04 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/05/25 16:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 CD 16 AC BE 4E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{3E8A285E-D3FD-41AB-BC87-7DE577937F05}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-10-01 21:39:07&v=12.2.5.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=SS2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://go.microsoft....k/?LinkId=69157"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/17 13:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/09/09 22:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/09/09 22:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.4\ [2012/10/01 21:39:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2012/06/06 23:45:57 | 000,000,000 | ---D | M]

[2011/09/09 23:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions
[2011/01/04 18:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/07 00:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/01 21:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions
[2011/09/09 23:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/09 23:02:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/08 23:47:33 | 000,000,000 | ---D | M] (Big Fish Games Toolbar) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/09/09 23:02:27 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/10/01 21:24:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/09 23:02:30 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/09/09 23:02:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2011/09/09 23:02:20 | 000,000,000 | ---D | M] (Personas) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/10/01 21:24:40 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/02/17 23:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 23:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/17 13:40:27 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/02/16 05:42:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 13:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2012/10/01 21:38:56 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: TestGen Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/02/16 18:02:42 | 000,000,882 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\LandaBear\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16F700FD-F238-4F71-B9B2-64207610F42E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E9D789-6430-4FFB-80F6-D3B39135BBC1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 10:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
[2012/10/06 10:33:06 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.scr
[2012/10/06 08:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/06 07:47:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/03 21:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/03 21:17:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/03 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/01 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\AVG2013
[2012/10/01 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\AVG Secure Search
[2012/10/01 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2012/10/01 21:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/01 21:39:04 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/01 21:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/10/01 21:36:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/01 21:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/01 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/01 21:27:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\Avg2013
[2012/10/01 21:26:23 | 004,411,728 | ---- | C] (AVG Technologies) -- C:\Users\LandaBear\Desktop\avg_isct_stb_all_2013_2677_ms.exe
[2012/09/20 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\Malwarebytes
[2012/09/20 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\LandaBear\Documents\*.tmp files -> C:\Users\LandaBear\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 10:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
[2012/10/06 10:33:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.scr
[2012/10/06 08:44:08 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 08:44:08 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 08:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 08:39:34 | 2213,339,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 08:29:48 | 000,000,932 | ---- | M] () -- C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/10/06 08:29:11 | 138,532,488 | ---- | M] () -- C:\Users\LandaBear\Desktop\setup_11.0.0.1245.x01_2012_10_06_15_12.exe
[2012/10/06 08:22:36 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/06 07:47:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/06 07:23:47 | 271,148,656 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/03 22:10:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 21:51:08 | 000,083,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/10/03 21:51:08 | 000,030,624 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/10/03 21:51:07 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/10/03 21:47:17 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 21:47:17 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 21:39:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 21:13:34 | 000,000,000 | -H-- | M] () -- C:\Users\LandaBear\Documents\Default.rdp
[2012/10/03 20:54:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 21:47:54 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for LandaBear.job
[2012/10/01 21:39:55 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/01 21:39:04 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/10/01 21:26:59 | 004,411,728 | ---- | M] (AVG Technologies) -- C:\Users\LandaBear\Desktop\avg_isct_stb_all_2013_2677_ms.exe
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\LandaBear\Documents\*.tmp files -> C:\Users\LandaBear\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 08:22:52 | 138,532,488 | ---- | C] () -- C:\Users\LandaBear\Desktop\setup_11.0.0.1245.x01_2012_10_06_15_12.exe
[2012/10/06 08:07:45 | 000,000,932 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/10/03 21:13:34 | 000,000,000 | -H-- | C] () -- C:\Users\LandaBear\Documents\Default.rdp
[2012/10/01 21:39:55 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/02/19 01:31:24 | 000,000,000 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\SMRBackup250.dat
[2011/10/15 13:25:27 | 000,006,144 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 19:22:29 | 000,001,940 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/10 00:05:25 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/09/09 23:56:07 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/09/09 23:53:36 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/09/09 23:52:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/09 23:22:20 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/12/25 15:09:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/28 16:08:23 | 000,024,206 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\UserTile.png
[2009/02/21 17:13:03 | 000,009,542 | ---- | C] () -- C:\Users\LandaBear\poohda3.wpl

========== ZeroAccess Check ==========

[2012/02/19 23:32:02 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PM78GVBK\t.cxt.ms\lso.swf\u.sol
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/09 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\5600-6600 Series
[2012/02/17 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\77EE0
[2012/10/01 21:42:33 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\AVG2013
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\calibre
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Cat's Eye Games
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.ExMan
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Enlightenus
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\FileZilla
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\GetRightToGo
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ICAClient
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iJoysoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ImgBurn
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iWin
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\JGsoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Lexmark Productivity Studio
[2011/09/09 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\LimeWire
[2011/09/09 23:01:59 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Marine Aquarium 3
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\muvee Technologies
[2009/09/28 16:08:22 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\PeerNetworking
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Registry Mechanic
[2011/09/09 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Skunk Studios
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Stamps.com Internet Postage
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TomTom
[2012/10/01 21:39:55 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2011/09/09 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

OTL logfile created on: 10/6/2012 10:34:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LandaBear\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 77.32% Memory free
5.50 Gb Paging File | 4.92 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 152.00 Gb Free Space | 52.92% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.28 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: LandaBear | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 10:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/21 10:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office 2010\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012/10/03 21:51:31 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/10/03 21:51:07 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/10/03 20:55:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/01 21:39:01 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/09/12 19:58:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/12/17 14:31:27 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/16 16:53:44 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/08/19 21:16:40 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/28 14:06:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/21 07:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - [2012/10/03 21:51:08 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/10/01 21:39:04 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/05/25 16:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 CD 16 AC BE 4E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{3E8A285E-D3FD-41AB-BC87-7DE577937F05}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-10-01 21:39:07&v=12.2.5.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=SS2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://go.microsoft....k/?LinkId=69157"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledAddons: [email protected]:1.6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/17 13:40:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/09/09 22:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/09/09 22:04:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.4\ [2012/10/01 21:39:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/06/06 23:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2012/06/06 23:45:57 | 000,000,000 | ---D | M]

[2011/09/09 23:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions
[2011/01/04 18:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/07 00:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/01 21:27:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions
[2011/09/09 23:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/09 23:02:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/08 23:47:33 | 000,000,000 | ---D | M] (Big Fish Games Toolbar) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/09/09 23:02:27 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/10/01 21:24:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/09 23:02:30 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/09/09 23:02:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2011/09/09 23:02:20 | 000,000,000 | ---D | M] (Personas) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/10/01 21:24:40 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/02/17 23:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 23:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/02/17 13:40:27 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/02/16 05:42:22 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 13:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2012/10/01 21:38:56 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: TestGen Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/02/16 18:02:42 | 000,000,882 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\LandaBear\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16F700FD-F238-4F71-B9B2-64207610F42E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E9D789-6430-4FFB-80F6-D3B39135BBC1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 10:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
[2012/10/06 10:33:06 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.scr
[2012/10/06 08:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/06 07:47:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/03 21:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/03 21:17:57 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/03 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/01 21:42:33 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\AVG2013
[2012/10/01 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\AVG Secure Search
[2012/10/01 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2012/10/01 21:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/01 21:39:04 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/01 21:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/10/01 21:36:49 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/10/01 21:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/01 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/01 21:27:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\Avg2013
[2012/10/01 21:26:23 | 004,411,728 | ---- | C] (AVG Technologies) -- C:\Users\LandaBear\Desktop\avg_isct_stb_all_2013_2677_ms.exe
[2012/09/20 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\Malwarebytes
[2012/09/20 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\LandaBear\Documents\*.tmp files -> C:\Users\LandaBear\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 10:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.com
[2012/10/06 10:33:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.scr
[2012/10/06 08:44:08 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 08:44:08 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 08:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/06 08:39:34 | 2213,339,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/06 08:29:48 | 000,000,932 | ---- | M] () -- C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/10/06 08:29:11 | 138,532,488 | ---- | M] () -- C:\Users\LandaBear\Desktop\setup_11.0.0.1245.x01_2012_10_06_15_12.exe
[2012/10/06 08:22:36 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/06 07:47:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/06 07:23:47 | 271,148,656 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/03 22:10:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 21:51:08 | 000,083,392 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/10/03 21:51:08 | 000,030,624 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/10/03 21:51:07 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/10/03 21:47:17 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 21:47:17 | 000,015,808 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 21:39:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 21:13:34 | 000,000,000 | -H-- | M] () -- C:\Users\LandaBear\Documents\Default.rdp
[2012/10/03 20:54:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 21:47:54 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for LandaBear.job
[2012/10/01 21:39:55 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/01 21:39:04 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/10/01 21:26:59 | 004,411,728 | ---- | M] (AVG Technologies) -- C:\Users\LandaBear\Desktop\avg_isct_stb_all_2013_2677_ms.exe
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\LandaBear\Documents\*.tmp files -> C:\Users\LandaBear\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 08:22:52 | 138,532,488 | ---- | C] () -- C:\Users\LandaBear\Desktop\setup_11.0.0.1245.x01_2012_10_06_15_12.exe
[2012/10/06 08:07:45 | 000,000,932 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/10/03 21:13:34 | 000,000,000 | -H-- | C] () -- C:\Users\LandaBear\Documents\Default.rdp
[2012/10/01 21:39:55 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/02/19 01:31:24 | 000,000,000 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\SMRBackup250.dat
[2011/10/15 13:25:27 | 000,006,144 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 19:22:29 | 000,001,940 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/10 00:05:25 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/09/09 23:56:07 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/09/09 23:53:36 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/09/09 23:52:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/09 23:22:20 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/12/25 15:09:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/28 16:08:23 | 000,024,206 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\UserTile.png
[2009/02/21 17:13:03 | 000,009,542 | ---- | C] () -- C:\Users\LandaBear\poohda3.wpl

========== ZeroAccess Check ==========

[2012/02/19 23:32:02 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB62280$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PM78GVBK\t.cxt.ms\lso.swf\u.sol
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/09/09 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\5600-6600 Series
[2012/02/17 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\77EE0
[2012/10/01 21:42:33 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\AVG2013
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\calibre
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Cat's Eye Games
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.ExMan
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Enlightenus
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\FileZilla
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\GetRightToGo
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ICAClient
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iJoysoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ImgBurn
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iWin
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\JGsoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Lexmark Productivity Studio
[2011/09/09 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\LimeWire
[2011/09/09 23:01:59 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Marine Aquarium 3
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\muvee Technologies
[2009/09/28 16:08:22 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\PeerNetworking
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Registry Mechanic
[2011/09/09 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Skunk Studios
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Stamps.com Internet Postage
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TomTom
[2012/10/01 21:39:55 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2011/09/09 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB62280$] -> Error: Cannot create file handle -> Unknown point type

< End of report >




  • 0

Advertisements

#2
RKinner
Posted 09 October 2012 - 04:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can run most of these in Safe Mode with Networking. If a step fails just go on to the next step.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - Startup: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\LandaBear\AppData\Local\Temp\_uninst_.bat ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
[2012/10/06 08:29:48 | 000,000,932 | ---- | M] () -- C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/10/03 20:54:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 21:47:54 | 000,000,482 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for LandaBear.job

:files
C:\Windows\$NtUninstallKB62280$
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\LandaBear\AppData\Local\Temp\*.exe
sfc.exe /scanfile=c:\windows\system32\services.exe /c
netstat -ano | find "16464" /c
netstat -ano | find "16465" /c
netstat -ano | find "16470" /c
netstat -ano | find "16471" /c
netstat -ano | find "21810" /c
netstat -ano | find "22292" /c
netstat -ano | find "34354" /c
netstat -ano | find "34355" /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding a copy of the log in c:\_OTL\MovedFiles\10092012-some number.log so look there if you don't catch it at first.



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
yobraniac
Posted 12 October 2012 - 07:42 AM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hello,

Here are my logs.

aswmbr

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-11 19:35:22
-----------------------------
19:35:22.062 OS Version: Windows 6.1.7601 Service Pack 1
19:35:22.062 Number of processors: 2 586 0x301
19:35:22.062 ComputerName: LAPTOP UserName:
19:35:50.766 Initialize success
19:36:08.019 AVAST engine defs: 12101101
19:36:47.830 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
19:36:47.846 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
19:36:47.846 Disk 0 MBR read successfully
19:36:47.846 Disk 0 MBR scan
19:36:47.862 Disk 0 MBR:Pihar-C [Rtk]
19:36:47.862 Disk 0 TDL4@MBR code has been found
19:36:47.862 Disk 0 Windows 7 default MBR code found via API
19:36:47.877 Disk 0 MBR hidden
19:36:47.877 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294103 MB offset 63
19:36:47.893 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11138 MB offset 602324992
19:36:48.205 Disk 0 MBR [TDL4] **ROOTKIT**
19:36:49.000 AVAST engine scan C:\Windows
19:36:53.415 AVAST engine scan C:\Windows\system32
19:44:03.039 AVAST engine scan C:\Windows\system32\drivers
19:44:39.434 AVAST engine scan C:\Users\LandaBear
19:53:29.522 AVAST engine scan C:\ProgramData
19:54:17.866 File: C:\ProgramData\Microsoft\Windows\DRM\1334.tmp **INFECTED** Win32:MalOb-IK [Cryp]
19:56:38.220 Scan finished successfully
19:57:39.325 Disk 0 MBR has been saved successfully to "C:\Users\LandaBear\Desktop\MBR.dat"
19:57:39.340 The log file has been saved successfully to "C:\Users\LandaBear\Desktop\aswMBR.txt"[/u]

[u]
Combofix

ComboFix 12-10-11.03 - LandaBear 10/11/2012 20:50:35.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2814.2452 [GMT -4:00]
Running from: c:\users\LandaBear\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\9767\4587.tmp
c:\program files\LP\9767\CBD8.tmp
c:\program files\Search Toolbar
c:\program files\Search Toolbar\SearchToolbar.dll
c:\users\LandaBear\Documents\~WRL0005.tmp
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\685872244
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 01:01 . 2012-10-12 01:02 -------- d-----w- c:\users\LandaBear\AppData\Local\temp
2012-10-12 01:01 . 2012-10-12 01:01 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-12 01:01 . 2012-10-12 01:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 01:01 . 2012-10-12 01:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-11 22:50 . 2012-10-11 22:50 -------- d-----w- C:\_OTL
2012-10-06 12:07 . 2012-10-06 12:07 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-04 01:17 . 2012-10-07 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-02 01:40 . 2012-10-02 01:40 -------- d-----w- c:\users\LandaBear\AppData\Local\AVG Secure Search
2012-10-02 01:39 . 2012-10-02 01:39 -------- d-----w- c:\users\LandaBear\AppData\Roaming\TuneUp Software
2012-10-02 01:38 . 2012-10-07 19:29 -------- d-----w- c:\program files\AVG Secure Search
2012-10-02 01:38 . 2012-10-07 19:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-10-02 01:38 . 2012-10-07 19:27 -------- d-----w- c:\programdata\AVG Secure Search
2012-10-02 01:36 . 2012-10-02 01:36 -------- d-----w- C:\$AVG
2012-10-02 01:36 . 2012-10-07 19:27 -------- d-----w- c:\programdata\AVG2013
2012-10-02 01:35 . 2012-10-02 01:35 -------- d-----w- c:\program files\AVG
2012-10-02 01:27 . 2012-10-07 19:27 -------- d-----w- c:\programdata\MFAData
2012-10-02 01:27 . 2012-10-04 01:07 -------- d-----w- c:\users\LandaBear\AppData\Local\Avg2013
2012-10-02 01:27 . 2012-10-02 01:27 -------- d--h--w- c:\programdata\Common Files
2012-10-02 01:27 . 2012-10-02 01:27 -------- d-----w- c:\users\LandaBear\AppData\Local\MFAData
2012-09-21 02:02 . 2012-09-21 02:02 -------- d-----w- c:\users\LandaBear\AppData\Roaming\Malwarebytes
2012-09-21 02:02 . 2012-09-21 02:02 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-26 1644088]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-12-10 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BCSSync"="c:\program files\Microsoft Office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-12-25 2291]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2008-05-30 311976]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2008-05-30 16040]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2008-05-30 676520]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\LandaBear\Desktop\OTL.exe" [2012-10-11 602112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS [x]
R2 gupdate1ca3c63958ae07c;Google Update Service (gupdate1ca3c63958ae07c);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [x]
R2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [x]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [x]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office 2010\Office14\GROOVE.EXE [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - ccHP
*Deregistered* - EraserUtilRebootDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 15:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIC30F~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIC30F~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3899573972-783910608-774907955-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_USERS\S-1-5-21-3899573972-783910608-774907955-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{7B030C07-449C-4701-B493-5A7940DF956C}"=""
"{C2D3B640-82AA-496A-A858-9AD9DAC8F896}"=""
"{1B79B778-4953-4527-9248-C10FBB34AA35}"=""
"{26196150-5FA7-4ABA-8DCD-4FDB5CBBFAE2}"=""
"{73991B36-9C12-4470-96BA-4848CFC8C598}"=""
"{7D97F164-1801-4833-BEA6-E5888C607CB8}"=""
"{B066EE51-D8FA-4D7D-93D6-82E4663254C2}"=""
"{D7A7F7C5-15E6-45B3-B6E8-27F36542EF37}"=""
"{0DBE98C2-37D0-46AD-8E5A-3C9EA5247691}"=""
"{8850262F-CD55-4FD3-8915-17134B26D0DB}"=""
"{1DC72092-8A22-4878-A44A-5936855CA956}"=""
"{EC48A061-E1C0-4D17-A512-5731B49FC70F}"=""
"{7509A236-1D28-4816-BA20-919E4BCC3FA9}"=""
"{459CE612-B884-45CD-91EF-F5DE916936A1}"=""
"{3DE1703E-BFB0-49FE-879D-E34F43070538}"=""
"{4A86194E-0745-474E-9B53-7AA98C091744}"=""
"{B623321B-2211-40D6-BCCC-6D05F16D319C}"=""
"{A773E0D0-E069-4F1D-8DA4-4F008A0FA78D}"=""
"{74095C75-DE6B-4971-90B2-97DE436D5C1E}"=""
"{6AEFB1D2-3627-4441-9A76-2EFF4C47596F}"=""
"{49090832-3731-4CC9-A5E3-A4313E018D57}"=""
"{CE72581D-CD8B-4A68-B49A-68B357A46BF6}"=""
"{73F69399-BE37-4B0F-9790-3F5EAB3DC9F3}"=""
"{79B22958-F69D-40AC-998C-397807C75990}"=""
"{ADC987DC-3F98-4B12-88C2-EF4F30D5CDF1}"=""
"{2B007CDE-8208-4984-95B5-66476BB4805F}"=""
"{2AB122C1-2344-4F76-B853-48B95D36F461}"=""
"{6D008474-434D-4220-9E16-7FC6B8FEB224}"=""
"{A8A4178C-6945-469B-9308-0973292D0230}"=""
"{55AFAC7F-9B16-4F4C-9632-C5D8ABC52D45}"=""
"{E64F5132-7C45-44C0-919A-4ECAD36C5283}"=""
"{FBEADF52-2A26-4317-A232-835FF872F132}"=""
"{5F97E827-C6B1-4E43-92B9-6A053821ECAA}"=""
"{DC52958A-3019-48E8-ABD5-38D58E06E8BE}"=""
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Channels]
@Denied: (C D) (Everyone)
"ccSvcHst_UserSession_1640"="{4F43DCEE-4789-4EC6-84D8-C43CAE826E95}"
"ccSvcHst_UserSession_3748"="{434B3CDE-662F-4EFB-9210-3E3750278245}"
"ccSvcHst_UserSession_3788"="{D257347E-F2EF-4F68-9515-F51960D5CFB7}"
"ccSvcHst_UserSession_3620"="{AD112E16-D3B8-4C5A-A46D-E229AEB2A13E}"
"ccSvcHst_UserSession_3712"="{C53B1872-0CA1-46A9-BA61-C29299F64108}"
"ccSvcHst_UserSession_2052"="{4C51B5C9-9C79-4D15-97D9-D0960AF067D7}"
"ccSvcHst_UserSession_2720"="{191F6020-55E3-4748-9757-ED692C2C576C}"
"ccSvcHst_UserSession_4980"="{B0080163-2E75-464B-BBED-94E0DC49C2BF}"
"g_coUserCommandChannel"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"ncw_reputation_scan_server_IPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccSvcHst_N360"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"g_coVistaProxyChannel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccSvcHst_UserSession_1112"="{A1E37371-8CF0-4D94-B608-3AC31F2E92FD}"
"{B44E7D73-F081-414B-ADD2-CD66675A190D}1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"{9BBA000F-092F-432f-B9DF-9D64FD1C2978}"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_Options_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_MessageCenter_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_Scanless_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_IPUA_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AvProdSession_CanIRun_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"_buUIComm_S-1-5-21-3899573972-783910608-774907955-1000"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"clt::AlertChannel2_01"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"QuickStart{4A16DDA3-2513-41ea-90C8-E34A67781129}1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"TRUSTCHANNEL"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"SDKCHANNEL1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"ToasterNotify\\SessionID_1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"AccountServices_1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"FormHandler_1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"{436E95FE-192E-469f-8F34-5038FBA89BF4}1"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
"DING_{4467AB8F-68C8-4ab5-9B48-B3E6EB65F6A1}"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccSettingsService"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccGenericEvent_Global_EM"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccGenericEvent_Global_LM"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccGenericLog_Manager"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccJobMgr_general_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccJobMgr_session_{ABD582DE-8F75-412d-81CF-6A180F1203DD}"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"{3F11C6A7-CEA8-40c9-88EE-E5461341AE97}_ccSubmissionEngineIPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"SNDServiceRequestChannel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"SNDLocationChannel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"SymRedirSvcRequestChannel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"{A2DE0E79-877C-485b-B604-78B170313E9E}_IronIPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"NortonNetServiceIPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"NetMapServiceIPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_isDataPrComm_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ncw_performance_IPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ipcChannel_ShastaServer"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_NCWSvcComm_NortonCommunityWatchConfiguration"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_ProcessDetection_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_AvProdSvcComm_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"isError_Service_IPC"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"QuickStart{4302D82E-BA29-4be2-A0EF-72589D61BCD3}"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"BashIPCChannel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"Tuneup_Context_Switch_Channel"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_HSPlayerCommand_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"{C4A09495-F6BC-4166-B717-F3F3250462BB}"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_buSvcComm_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_buVssComm_"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"FWAlert"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"IPS_COMMAND_CHANNEL"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"_ReputationSvcComm_ReputationPublisher"="{7A129EAE-2871-4D2C-9221-4F280AED64E5}"
"ccSvcHst_UserSession_2608"="{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"
.
[HKEY_LOCAL_MACHINE\software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC\Endpoints]
@Denied: (C D) (Everyone)
"{4F43DCEE-4789-4EC6-84D8-C43CAE826E95}"=""
"{6804E656-1B7E-4740-AEB3-12B77B8FD970}"=""
"{81B28CE0-204B-4C73-B5A9-BA619F5405AA}"=""
"{753832C5-6C76-47A4-B621-D414FD45A5D4}"=""
"{C6856EB2-FA22-4B38-AD33-26E9EEE361A1}"=""
"{E90D87CB-AAB2-4D1A-924A-A953EDA1862E}"=""
"{434B3CDE-662F-4EFB-9210-3E3750278245}"=""
"{975F3A8E-B90E-4AB2-963D-01D1FBB50729}"=""
"{35FEA50E-3F42-4472-BA87-CF55D85687C6}"=""
"{25673198-B637-42BA-B1CC-5041CCE3DF51}"=""
"{D257347E-F2EF-4F68-9515-F51960D5CFB7}"=""
"{5E08D2F0-E482-4BDF-810B-B2F30EC1F5FF}"=""
"{01604B09-2F3B-4002-95EE-2FC5B544B5C3}"=""
"{AD112E16-D3B8-4C5A-A46D-E229AEB2A13E}"=""
"{977287F9-4C93-477D-9F48-28FA2541E185}"=""
"{C53B1872-0CA1-46A9-BA61-C29299F64108}"=""
"{6625F1C0-2C00-468C-8518-AFD213EB7B35}"=""
"{1F865C77-1A22-492B-A319-33BD4F4EBC84}"=""
"{8BDD17A4-2C68-4318-A38B-25F41805A33B}"=""
"{4C51B5C9-9C79-4D15-97D9-D0960AF067D7}"=""
"{84B98E0E-3637-42AD-9BFF-072492C4F1A0}"=""
"{1DA95AE3-2145-4C72-B6F9-D660864D8DB1}"=""
"{959D6F73-5563-43AB-B95B-1543433F08BE}"=""
"{B24E648B-E94F-4435-B230-B66164E78F8A}"=""
"{186FC3B4-0001-4E0C-9222-D589D23F9A8E}"=""
"{7BC7DAF8-A1EF-4130-AF70-84588AD7E7B5}"=""
"{4B980308-4803-419F-85E1-21B552C4A3D4}"=""
"{191F6020-55E3-4748-9757-ED692C2C576C}"=""
"{6A29AFFF-DFFA-4DCC-A7A7-634750B4EE16}"=""
"{43A9B980-E8F9-4A1E-BB86-BB5C95E3B69B}"=""
"{7CD0449C-6CAA-4711-8C51-119A468A9418}"=""
"{B0080163-2E75-464B-BBED-94E0DC49C2BF}"=""
"{E1D2C35B-53C7-48C5-B3F8-AF9521D522AC}"=""
"{C7279E47-2483-427D-8C93-693BACF15020}"=""
"{AD1DCCC0-032B-4670-9F4F-DF10017F7177}"=""
"{5591952F-BECB-4EFB-B62E-E5F2C91D1B8C}"=""
"{E882B6AB-2B8F-4006-8FD5-A3ECDDDA51C2}"=""
"{F1161411-6396-4047-B857-83F9EE89D098}"=""
"{A1E37371-8CF0-4D94-B608-3AC31F2E92FD}"=""
"{7A129EAE-2871-4D2C-9221-4F280AED64E5}"=""
"{29ED526D-4EA2-4BCE-9A30-BA0763172BF7}"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-11 21:05:25
ComboFix-quarantined-files.txt 2012-10-12 01:05
.
Pre-Run: 162,856,665,088 bytes free
Post-Run: 163,489,468,416 bytes free
.
- - End Of File - - 5FB9478648FDA532F21F76DB61D92FC1


Malwarebytes

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.15

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
LandaBear :: LAPTOP [administrator]

10/11/2012 10:23:34 PM
mbam-log-2012-10-11 (22-23-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254038
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


VEW - Both logs


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2012 8:56:45 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2012 12:54:33 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:54:33 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:54:01 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:25 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:25 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:15 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:15 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:14 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:13 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:13 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:13 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:13 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:53:13 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 12/10/2012 12:53:12 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 12/10/2012 12:53:07 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 12/10/2012 12:52:56 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

Log: 'System' Date/Time: 12/10/2012 12:52:01 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

Log: 'System' Date/Time: 12/10/2012 12:52:01 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

Log: 'System' Date/Time: 12/10/2012 12:51:59 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 12/10/2012 12:51:59 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2012 12:49:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 12/10/2012 8:57:44 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/10/2012 12:53:16 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/10/2012 12:52:53 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 12/10/2012 12:49:19 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 12/10/2012 12:49:19 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

OTL and Extras

OTL logfile created on: 10/12/2012 9:00:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LandaBear\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 83.46% Memory free
5.50 Gb Paging File | 5.06 Gb Available in Paging File | 92.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 152.37 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.28 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: LandaBear | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 18:49:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/21 10:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office 2010\Office14\1033\GrooveIntlResource.dll
MOD - [2007/06/02 21:41:36 | 000,617,472 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2011/09/12 19:58:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/12/17 14:31:27 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/12/10 08:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/10/16 16:53:44 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2009/08/19 21:16:40 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/02/28 14:06:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/05/21 07:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/04/02 02:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LANDAB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/12/20 19:34:12 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/20 19:32:34 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/20 19:32:34 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/19 04:46:10 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 03:24:18 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/30 22:40:22 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/08 18:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0501000.01D\symnets.sys -- (SymNetS)
DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\N360\0501000.01D\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0501000.01D\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0501000.01D\symefa.sys -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0501000.01D\symds.sys -- (SymDS)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010/11/15 21:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0501000.01D\ironx86.sys -- (SymIRON)
DRV - [2010/08/12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/05/25 16:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/10/09 16:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/04/24 18:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 CD 16 AC BE 4E CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3E8A285E-D3FD-41AB-BC87-7DE577937F05}
IE - HKCU\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{3E8A285E-D3FD-41AB-BC87-7DE577937F05}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=SS2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://go.microsoft....k/?LinkId=69157"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.3
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.652
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6847DFAE-037A-400c-A524-27F0A281B692}:2.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.2.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIC30F~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/07 21:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2012/10/07 21:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_2_3 [2012/10/07 21:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2012/10/07 21:40:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/10/07 21:42:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/07 21:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/07 21:42:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2012/10/07 21:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2012/10/07 21:42:10 | 000,000,000 | ---D | M]

[2011/09/09 23:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions
[2011/01/04 18:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/02/07 00:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/10/07 21:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions
[2011/09/09 23:02:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/09 23:02:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/08 23:47:33 | 000,000,000 | ---D | M] (Big Fish Games Toolbar) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
[2011/09/09 23:02:27 | 000,000,000 | ---D | M] (BitComet Download Helper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/10/07 21:42:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/09 23:02:30 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/09/09 23:02:19 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/10/07 21:42:43 | 000,000,000 | ---D | M] (Personas) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/10/01 21:24:40 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\extensions\[email protected]
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2012/02/29 23:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/10/07 21:39:40 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2012/10/07 21:40:51 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2012/10/07 21:40:51 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2012/10/07 21:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_2_3
[2012/10/07 21:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2008/11/11 03:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/18 13:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2012/10/01 21:38:56 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: TestGen Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/10/11 21:02:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [12C1FFCA-E0A2-4C71-8679-8A951F90520F] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 2010\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16F700FD-F238-4F71-B9B2-64207610F42E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E9D789-6430-4FFB-80F6-D3B39135BBC1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LandaBear\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: 04853018.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: 04853018.sys - Driver
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/10/12 08:48:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/11 22:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/11 22:21:56 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/11 22:21:56 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/10/11 22:19:14 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\LandaBear\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/11 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\Desktop\New folder
[2012/10/11 22:02:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/11 21:59:02 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\LandaBear\Desktop\tdsskiller.exe
[2012/10/11 21:05:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/11 21:05:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/11 21:05:28 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\temp
[2012/10/11 20:29:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/11 20:29:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/11 20:29:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/11 20:20:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/11 20:19:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/11 20:15:49 | 004,766,830 | R--- | C] (Swearware) -- C:\Users\LandaBear\Desktop\ComboFix.exe
[2012/10/11 19:05:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\LandaBear\Desktop\aswMBR.exe
[2012/10/11 18:50:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/11 18:49:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/06 08:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/03 21:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/01 21:40:13 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\AVG Secure Search
[2012/10/01 21:39:55 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/10/01 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/10/01 21:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/10/01 21:36:49 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/10/01 21:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/10/01 21:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/10/01 21:27:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/10/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Local\Avg2013
[2012/09/20 22:02:30 | 000,000,000 | ---D | C] -- C:\Users\LandaBear\AppData\Roaming\Malwarebytes
[2012/09/20 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 08:55:43 | 000,061,440 | ---- | M] ( ) -- C:\Users\LandaBear\Desktop\VEW.exe
[2012/10/12 08:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 08:51:26 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/12 08:48:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/10/12 08:48:22 | 004,009,167 | ---- | M] () -- C:\Users\LandaBear\Desktop\ServicesRepair.exe
[2012/10/11 22:21:59 | 000,000,708 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 22:19:14 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\LandaBear\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/11 21:59:10 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\LandaBear\Desktop\tdsskiller.exe
[2012/10/11 21:02:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/11 20:16:25 | 004,766,830 | R--- | M] (Swearware) -- C:\Users\LandaBear\Desktop\ComboFix.exe
[2012/10/11 19:57:39 | 000,000,512 | ---- | M] () -- C:\Users\LandaBear\Desktop\MBR.dat
[2012/10/11 19:05:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\LandaBear\Desktop\aswMBR.exe
[2012/10/11 18:57:37 | 247,233,768 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/11 18:49:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LandaBear\Desktop\OTL.exe
[2012/10/09 21:38:22 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/09 21:38:22 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/07 19:30:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 21:13:34 | 000,000,000 | -H-- | M] () -- C:\Users\LandaBear\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 08:55:42 | 000,061,440 | ---- | C] ( ) -- C:\Users\LandaBear\Desktop\VEW.exe
[2012/10/12 08:48:10 | 004,009,167 | ---- | C] () -- C:\Users\LandaBear\Desktop\ServicesRepair.exe
[2012/10/11 22:21:59 | 000,000,708 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/11 20:29:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/11 20:29:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/11 20:29:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/11 20:29:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/11 20:29:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/11 19:57:39 | 000,000,512 | ---- | C] () -- C:\Users\LandaBear\Desktop\MBR.dat
[2012/10/03 21:13:34 | 000,000,000 | -H-- | C] () -- C:\Users\LandaBear\Documents\Default.rdp
[2012/02/19 01:31:24 | 000,000,000 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\SMRBackup250.dat
[2011/10/15 13:25:27 | 000,006,144 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/03 19:22:29 | 000,001,940 | ---- | C] () -- C:\Users\LandaBear\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/09/10 00:05:25 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/09/09 23:56:07 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/09/09 23:53:36 | 000,370,959 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/09/09 23:52:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/09 23:22:20 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/12/25 15:09:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/09/28 16:08:23 | 000,024,206 | ---- | C] () -- C:\Users\LandaBear\AppData\Roaming\UserTile.png
[2009/02/21 17:13:03 | 000,009,542 | ---- | C] () -- C:\Users\LandaBear\poohda3.wpl

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK3252GSX ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 287.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 308390395904
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/09/09 23:01:08 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\5600-6600 Series
[2012/02/17 13:40:06 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\77EE0
[2011/09/09 23:01:19 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Adobe
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Ahead
[2012/06/06 23:54:15 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Apple Computer
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\calibre
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Cat's Eye Games
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.ExMan
[2011/09/09 23:01:20 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/09 23:01:21 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Creative
[2011/09/09 23:01:23 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\CyberLink
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\DivX
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Download Manager
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Enlightenus
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\FileZilla
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\GetRightToGo
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Google
[2011/09/09 23:01:24 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\GTek
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\hewlett-packard
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\HP TCS
[2012/10/01 21:06:22 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\HpUpdate
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ICAClient
[2011/10/20 22:44:49 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Identities
[2011/09/09 23:01:25 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iJoysoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\ImgBurn
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\InstallShield
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\iWin
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\JGsoft
[2011/09/09 23:01:26 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Lexmark Productivity Studio
[2011/09/09 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\LimeWire
[2011/09/09 23:01:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Macromedia
[2012/09/20 22:02:30 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Malwarebytes
[2011/09/09 23:01:59 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Marine Aquarium 3
[2009/07/14 03:48:18 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Media Center Programs
[2012/10/07 21:19:50 | 000,000,000 | --SD | M] -- C:\Users\LandaBear\AppData\Roaming\Microsoft
[2011/09/09 23:02:30 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Mozilla
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\muvee Technologies
[2009/09/28 16:08:22 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\PeerNetworking
[2011/09/09 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Registry Mechanic
[2011/09/09 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Skunk Studios
[2011/09/09 23:02:32 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Sony Corporation
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Stamps.com Internet Postage
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TomTom
[2012/10/01 21:39:55 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\TuneUp Software
[2011/09/09 23:02:35 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\Verizon Wireless
[2011/09/09 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\vlc
[2011/09/09 23:02:36 | 000,000,000 | ---D | M] -- C:\Users\LandaBear\AppData\Roaming\WildTangent

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 21:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 21:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 21:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 08:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 21:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 21:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 21:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 21:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/23 13:00:17 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/23 13:00:16 | 000,912,856 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 05:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 08:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 08:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< >

< End of report >


OTL Extras logfile created on: 10/12/2012 9:00:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LandaBear\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 83.46% Memory free
5.50 Gb Paging File | 5.06 Gb Available in Paging File | 92.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 152.37 Gb Free Space | 53.05% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.28 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: LandaBear | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9BD603-9156-4670-9A83-91A5264C011C}" = lport=21846 | protocol=6 | dir=in | name=bitcomet 21846 tcp |
"{0BE300F9-B892-41C3-BA90-B301BFE82999}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BD94A8A-B2CF-4A68-BD7B-90E7BCE6EFD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{22327233-180C-4E4A-8D37-5B25BF34090E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{298BD8C0-5A99-4534-84BD-03B7AD9AF52B}" = lport=21846 | protocol=6 | dir=in | name=bitcomet 21846 tcp |
"{2B53EBD3-41B3-44B8-B910-BB2FAF42582A}" = lport=21846 | protocol=17 | dir=in | name=bitcomet 21846 udp |
"{385B7C13-F621-46C8-8B2C-9BC6068DC86F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\outlook.exe |
"{3F9CDCAA-B893-4881-B871-E8CC32BA60C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{43F0BA3F-910E-48B5-958C-56922E0F2F22}" = lport=21846 | protocol=17 | dir=in | name=bitcomet 21846 udp |
"{48B324E4-EAC3-4D42-8020-D01347908655}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{56EE1604-B7C9-44F6-841F-1E01FE6EE0E6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{827C8063-A0AD-498C-AE90-BD2790073154}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A75B9B5D-D35B-4412-82E6-3E83A354F501}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{AFA834F6-169C-4A0F-894E-EE5EED4C9E2C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9A89B13-817D-444C-9510-F122817321C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FD85133A-14FE-4D64-BBA3-3B08FFB1E537}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068A0486-DD3E-40B7-8266-AC26587CEC27}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\onenote.exe |
"{0DC12C21-45FD-49B4-827E-7CD9854F7386}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{116E4D05-1782-4CEC-B486-8C0E36EF5903}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{17D7D67A-44A2-4EC6-83FE-4F58AF589940}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{183DA077-2F2E-46EC-98CA-69574BAB7023}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{1A778002-E85F-43B1-9504-0432208CED6E}" = protocol=6 | dir=in | app=c:\users\landabear\appdata\local\temp\7zsbd74.tmp\symnrt.exe |
"{1C2F41CE-3C96-4EC2-80AF-A16439233898}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{1FF9B5FA-F576-4093-AFC7-0A218C7D27C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2BAC21B3-CC5B-4732-B402-73270A7E5AE3}" = protocol=17 | dir=in | app=c:\users\landabear\appdata\local\temp\7zs7fcc.tmp\symnrt.exe |
"{33923337-5BF0-4AEB-92CE-CC984A8D3728}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\onenote.exe |
"{3818A346-1948-4796-B987-6C4436EFE0DA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{478968EB-8C89-4899-803D-21D91B9C3B57}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{4902CBA3-3773-4B14-B6C8-7E215919B83C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{490D55A5-653D-475C-8CDB-EDEC572EB1C2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4DAB433A-3A3F-4582-9130-0E3CCCFF11AB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{561F367E-290A-43F9-B1CE-96B8006E8D68}" = protocol=6 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{58EE5EF8-1740-40E9-B8DD-A9127F93D8BD}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{62CA8007-4D1A-4313-8853-25DCAE41772C}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{63595712-3A76-47AB-B91C-A6C377DDCDF6}" = protocol=17 | dir=in | app=c:\program files\bfgclient\bfgclient.exe |
"{65D02A2F-9693-4789-9F93-7630A4687BF0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B03C3D7-5AE9-49F9-8001-95B41226C06A}" = protocol=17 | dir=in | app=c:\users\landabear\appdata\local\temp\7zsbd74.tmp\symnrt.exe |
"{6B6F0858-97C9-45B1-B1DE-37BA6124679E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C8E826A-B3C0-4BF4-B6EA-89951D3D4762}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{6F40571B-6486-4C4F-BBE2-01CCD29691B8}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{72A4FD95-0098-4296-9CB0-6120974AD16D}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{755ABD68-EFEE-4092-A63F-3044BE828426}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7809D6CF-4B2D-435D-A074-61197391DC8B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{810452DC-B807-4DC5-BCDF-54632B90E0E2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{857F015A-C90B-4553-9679-D4F4353CA295}" = protocol=6 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{95662FB6-7078-4A46-9234-840BCB669E4F}" = protocol=6 | dir=in | app=c:\users\landabear\appdata\local\temp\7zs7fcc.tmp\symnrt.exe |
"{96F573D0-C365-4AA6-AB4E-039B7797FF40}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{997FAFA3-4F4D-4391-A611-8F912CEA81C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe |
"{9AE4E074-BB67-4286-AE6B-17037B6EB507}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A4C81BE4-9C0E-4C5D-9EA7-F2DA94464D06}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{A621C8BF-3459-4C81-9B81-FF8A3C67EE70}" = protocol=17 | dir=in | app=c:\program files\adobe\acrobat.com\acrobat.com.exe |
"{AAB0D57F-3B7A-4349-8EEB-86A6E30D0969}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B0B58A0A-E0EB-4A23-B718-7D966B300D6E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B5CD0FB1-233F-4235-A5EC-D3D11074F42D}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{B7AF22A1-4C8F-45E1-839D-E08E19A04BDF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C179F9CE-9419-4FAE-A588-5A8D1B49C817}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{C2675AB6-5CF6-4B2E-A5FE-2FCF917B44BD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CAC23FCF-9F53-466B-AE1B-940932A74748}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D30BD879-B49C-4E54-B554-D7DF3EAE2E38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DACF4EAE-1E6D-44B4-840C-8217576D1AEA}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{E1A32D43-8CB8-4255-B0D7-4ECBF44FA247}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdupswx.exe |
"{E2BFB8C7-BA6F-46BA-8962-DEDAAD7F918E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF650301-853C-41E1-8254-188EFC54B617}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1D2A03BE-E47F-40B9-AB8F-A39433725619}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{201FE25F-AB1E-40FA-8BB3-418E9333EA74}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E7657C34-51DD-4CA6-98F3-C6BE69926289}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E9AE819D-DF20-4508-93BE-11D39BD4E5FE}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{FDB7D750-3594-48D0-BC9F-B8B3CB3EA72A}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{02A298CC-5F55-4EB0-A03A-95E47CD9D4CA}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{67DABFEC-E3B3-4193-A2ED-1D034672FAE8}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{ABE92A59-D845-4D83-9074-943B405AE458}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B11BF646-FD6D-4C4C-80FF-A73A889A2A57}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{BB532858-32B2-45FD-9261-1870DD97E9B0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{235C31BC-BBAE-4932-9F17-15395C65907B}" = Boingo Wi-Fi
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4442AB48-DEC4-4B39-B067-1F75BF8017E7}" = Creative Centrale
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{539F8ADD-4D98-47E1-9641-F243D4E0B928}" = calibre
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86604C06-DA30-425E-AECE-47304FE81C45}" = Creative Software Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0080-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Ultra Edition
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"BfgBar" = Big Fish Games Toolbar 2.0
"BFGC" = Big Fish Games: Game Manager
"BFG-Enlightenus" = Enlightenus
"BFG-Escape From Paradise" = Escape From Paradise
"BFG-Flux Family Secrets - The Rabbit Hole" = Flux Family Secrets - The Rabbit Hole
"BFG-Flux Family Secrets - The Ripple Effect" = Flux Family Secrets: The Ripple Effect
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Laura Jones and the Secret Legacy of Nikola Tesla" = Laura Jones and the Secret Legacy of Nikola Tesla
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-Mystery Case Files - Return to Ravenhearst" = Mystery Case Files: Return to Ravenhearst ™
"BFG-Return to Mysterious Island" = Return to Mysterious Island
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"BitComet" = BitComet 1.09
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Centrale" = Creative Centrale
"Dell Video Chat" = Dell Video Chat
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EditPad Pro 6" = Just Great Software EditPad Pro 6 DEMO 6.6.4
"FileZilla Client" = FileZilla Client 3.3.5.1
"Google Chrome" = Google Chrome
"Halcon Screen Places" = Halcon Screen Places
"iJoysoft MP4 Converter" = iJoysoft MP4 Converter
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"MyTomTom" = MyTomTom 3.0.1.203
"N360" = Norton Security Suite
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoScape" = PhotoScape
"PokerStars.net" = PokerStars.net
"PROR" = Microsoft Office Professional 2007
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.0.2146
"VLC media player" = VLC media player 1.1.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WM Recorder" = WM Recorder
"ZENXFI2UG" = Creative ZEN X-Fi2 Documentation

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2012 8:53:16 AM | Computer Name = LAPTOP | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 11/29/2009 8:21:31 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 107
Description =

Error - 11/29/2009 8:22:30 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 109
Description =

Error - 5/12/2010 7:07:27 PM | Computer Name = LAPTOP | Source = Mcx2Svc | ID = 301
Description =

Error - 5/12/2010 7:15:32 PM | Computer Name = LAPTOP | Source = Mcx2Svc | ID = 301
Description =

Error - 5/12/2010 7:16:45 PM | Computer Name = LAPTOP | Source = Mcx2Dvcs | ID = 405
Description =

Error - 5/12/2010 7:19:36 PM | Computer Name = LAPTOP | Source = Mcx2Dvcs | ID = 405
Description =

Error - 5/12/2010 7:46:38 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 107
Description =

Error - 5/12/2010 7:47:26 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 107
Description =

Error - 12/25/2010 6:34:20 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 109
Description =

Error - 12/25/2010 8:07:15 PM | Computer Name = LAPTOP | Source = McrMgr | ID = 109
Description =

[ OSession Events ]
Error - 5/3/2009 8:00:16 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22259
seconds with 300 seconds of active time. This session ended with a crash.

Error - 7/18/2009 6:16:08 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 350
seconds with 180 seconds of active time. This session ended with a crash.

Error - 7/18/2009 6:17:26 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/25/2009 7:26:27 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 112803
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 11/16/2009 1:26:40 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5873
seconds with 300 seconds of active time. This session ended with a crash.

Error - 4/20/2011 5:59:45 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/21/2011 10:02:01 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/12/2012 9:08:46 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:08:46 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:13:46 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:13:46 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:15:53 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:15:53 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:20:53 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:20:53 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:23:00 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/12/2012 9:23:00 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >



FSS

Farbar Service Scanner Version: 07-10-2012
Ran by LandaBear (administrator) on 12-10-2012 at 09:27:27
Running from "C:\Users\LandaBear\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#4
RKinner
Posted 12 October 2012 - 10:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't see the TDSSKiller log. This one is very important because aswMBR said it found one of the infections that it removes.
  • 0

#5
yobraniac
Posted 12 October 2012 - 04:23 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Apologies, I do believe I missed the additional steps for the TDSS. I did run it the first time but not the second time to get the log. Should I repeat that step? Start from the beginning?
  • 0

#6
RKinner
Posted 12 October 2012 - 04:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Just run it with all options checked as in the second step. Then post the log.
  • 0

#7
yobraniac
Posted 12 October 2012 - 05:25 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Again apologies, apparently I did do it the first time I am just blind and did not see the file. Below is the first log. I ran the program again before I realized I had the original log. Please let me know if you want to see that one as well.

21:59:48.0196 1916 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:59:48.0477 1916 ============================================================
21:59:48.0477 1916 Current date / time: 2012/10/11 21:59:48.0477
21:59:48.0477 1916 SystemInfo:
21:59:48.0477 1916
21:59:48.0477 1916 OS Version: 6.1.7601 ServicePack: 1.0
21:59:48.0477 1916 Product type: Workstation
21:59:48.0477 1916 ComputerName: LAPTOP
21:59:48.0477 1916 UserName: LandaBear
21:59:48.0477 1916 Windows directory: C:\Windows
21:59:48.0477 1916 System windows directory: C:\Windows
21:59:48.0477 1916 Processor architecture: Intel x86
21:59:48.0477 1916 Number of processors: 2
21:59:48.0477 1916 Page size: 0x1000
21:59:48.0477 1916 Boot type: Safe boot with network
21:59:48.0477 1916 ============================================================
21:59:49.0741 1916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:59:49.0741 1916 ============================================================
21:59:49.0741 1916 \Device\Harddisk0\DR0:
21:59:49.0741 1916 MBR partitions:
21:59:49.0741 1916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E6BFC1
21:59:49.0741 1916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E6C000, BlocksNum 0x15C1000
21:59:49.0741 1916 ============================================================
21:59:49.0741 1916 C: <-> \Device\Harddisk0\DR0\Partition1
21:59:49.0788 1916 D: <-> \Device\Harddisk0\DR0\Partition2
21:59:49.0788 1916 ============================================================
21:59:49.0788 1916 Initialize success
21:59:49.0788 1916 ============================================================
21:59:54.0733 0260 ============================================================
21:59:54.0733 0260 Scan started
21:59:54.0733 0260 Mode: Manual;
21:59:54.0733 0260 ============================================================
21:59:55.0544 0260 ================ Scan system memory ========================
21:59:55.0544 0260 System memory - ok
21:59:55.0638 0260 ================ Scan services =============================
21:59:56.0418 0260 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:59:56.0418 0260 1394ohci - ok
21:59:56.0527 0260 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:59:56.0527 0260 ACPI - ok
21:59:56.0542 0260 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:59:56.0542 0260 AcpiPmi - ok
21:59:56.0605 0260 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
21:59:56.0605 0260 adfs - ok
21:59:56.0948 0260 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:59:56.0948 0260 adp94xx - ok
21:59:57.0229 0260 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:59:57.0229 0260 adpahci - ok
21:59:57.0759 0260 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:59:57.0759 0260 adpu320 - ok
21:59:58.0071 0260 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:59:58.0071 0260 AeLookupSvc - ok
21:59:58.0414 0260 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:59:58.0414 0260 AFD - ok
21:59:59.0194 0260 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:59:59.0194 0260 agp440 - ok
21:59:59.0491 0260 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:59:59.0491 0260 aic78xx - ok
21:59:59.0818 0260 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:59:59.0818 0260 ALG - ok
22:00:00.0146 0260 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:00:00.0146 0260 aliide - ok
22:00:00.0380 0260 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:00:00.0380 0260 amdagp - ok
22:00:00.0380 0260 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:00:00.0380 0260 amdide - ok
22:00:00.0723 0260 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:00:00.0723 0260 AmdK8 - ok
22:00:01.0285 0260 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:00:01.0285 0260 AmdPPM - ok
22:00:01.0347 0260 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:00:01.0347 0260 amdsata - ok
22:00:01.0644 0260 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:00:01.0644 0260 amdsbs - ok
22:00:01.0909 0260 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:00:01.0924 0260 amdxata - ok
22:00:02.0221 0260 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:00:02.0221 0260 AppID - ok
22:00:02.0829 0260 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:00:02.0829 0260 AppIDSvc - ok
22:00:03.0453 0260 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:00:03.0453 0260 Appinfo - ok
22:00:03.0781 0260 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:00:03.0781 0260 arc - ok
22:00:04.0062 0260 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:00:04.0062 0260 arcsas - ok
22:00:04.0389 0260 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:00:04.0405 0260 AsyncMac - ok
22:00:04.0670 0260 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:00:04.0670 0260 atapi - ok
22:00:04.0748 0260 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
22:00:04.0748 0260 athr - ok
22:00:05.0294 0260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:00:05.0310 0260 AudioEndpointBuilder - ok
22:00:05.0528 0260 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:00:05.0544 0260 Audiosrv - ok
22:00:05.0871 0260 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:00:05.0887 0260 AxInstSV - ok
22:00:06.0261 0260 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:00:06.0261 0260 b06bdrv - ok
22:00:06.0542 0260 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:00:06.0558 0260 b57nd60x - ok
22:00:06.0885 0260 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:00:06.0885 0260 BDESVC - ok
22:00:07.0416 0260 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:00:07.0416 0260 Beep - ok
22:00:07.0494 0260 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:00:07.0509 0260 BFE - ok
22:00:07.0930 0260 [ 9D14D76E4E7B9B2EAD17149011DB2B11 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
22:00:07.0930 0260 BHDrvx86 - ok
22:00:08.0118 0260 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
22:00:08.0133 0260 BITS - ok
22:00:08.0710 0260 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:00:08.0710 0260 blbdrive - ok
22:00:09.0303 0260 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:00:09.0303 0260 bowser - ok
22:00:09.0615 0260 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:00:09.0615 0260 BrFiltLo - ok
22:00:09.0927 0260 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:00:09.0927 0260 BrFiltUp - ok
22:00:10.0239 0260 [ 77361D72A04F18809D0EFB6CCEB74D4B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
22:00:10.0239 0260 Bridge - ok
22:00:10.0489 0260 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:00:10.0489 0260 BridgeMP - ok
22:00:10.0551 0260 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
22:00:10.0551 0260 Browser - ok
22:00:10.0879 0260 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:00:10.0879 0260 Brserid - ok
22:00:11.0175 0260 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:00:11.0191 0260 BrSerWdm - ok
22:00:11.0440 0260 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:00:11.0440 0260 BrUsbMdm - ok
22:00:11.0456 0260 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:00:11.0456 0260 BrUsbSer - ok
22:00:12.0033 0260 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:00:12.0033 0260 BTHMODEM - ok
22:00:12.0610 0260 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:00:12.0610 0260 bthserv - ok
22:00:12.0985 0260 catchme - ok
22:00:13.0203 0260 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:00:13.0203 0260 cdfs - ok
22:00:13.0531 0260 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:00:13.0531 0260 cdrom - ok
22:00:13.0827 0260 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:00:13.0843 0260 CertPropSvc - ok
22:00:14.0155 0260 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:00:14.0155 0260 circlass - ok
22:00:14.0467 0260 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:00:14.0467 0260 CLFS - ok
22:00:15.0091 0260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:15.0091 0260 clr_optimization_v2.0.50727_32 - ok
22:00:15.0356 0260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:15.0356 0260 clr_optimization_v4.0.30319_32 - ok
22:00:15.0590 0260 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:00:15.0590 0260 CmBatt - ok
22:00:15.0918 0260 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:00:15.0918 0260 cmdide - ok
22:00:16.0698 0260 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
22:00:16.0698 0260 CNG - ok
22:00:17.0041 0260 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
22:00:17.0041 0260 CnxtHdAudService - ok
22:00:17.0462 0260 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:00:17.0462 0260 Com4QLBEx - ok
22:00:17.0665 0260 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:00:17.0665 0260 Compbatt - ok
22:00:17.0992 0260 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:00:17.0992 0260 CompositeBus - ok
22:00:18.0289 0260 COMSysApp - ok
22:00:18.0320 0260 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:00:18.0320 0260 crcdisk - ok
22:00:18.0960 0260 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:00:18.0960 0260 CryptSvc - ok
22:00:19.0256 0260 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
22:00:19.0256 0260 CTDevice_Srv - ok
22:00:19.0552 0260 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
22:00:19.0552 0260 CTUPnPSv - ok
22:00:19.0880 0260 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:00:19.0880 0260 DcomLaunch - ok
22:00:20.0457 0260 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:00:20.0457 0260 defragsvc - ok
22:00:20.0754 0260 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:00:20.0754 0260 DfsC - ok
22:00:21.0081 0260 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:00:21.0081 0260 Dhcp - ok
22:00:21.0315 0260 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:00:21.0315 0260 discache - ok
22:00:21.0658 0260 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:00:21.0658 0260 Disk - ok
22:00:21.0970 0260 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:00:21.0970 0260 Dnscache - ok
22:00:22.0267 0260 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:00:22.0267 0260 dot3svc - ok
22:00:22.0282 0260 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:00:22.0282 0260 DPS - ok
22:00:22.0594 0260 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:00:22.0594 0260 drmkaud - ok
22:00:22.0938 0260 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:00:22.0938 0260 DXGKrnl - ok
22:00:23.0265 0260 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:00:23.0265 0260 EapHost - ok
22:00:23.0640 0260 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:00:23.0671 0260 ebdrv - ok
22:00:23.0952 0260 [ 75E8B69F28C813675B16DB357F20720F ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
22:00:23.0952 0260 eeCtrl - ok
22:00:24.0201 0260 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
22:00:24.0201 0260 EFS - ok
22:00:24.0576 0260 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:00:24.0576 0260 ehRecvr - ok
22:00:24.0841 0260 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:00:24.0841 0260 ehSched - ok
22:00:25.0168 0260 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:00:25.0184 0260 elxstor - ok
22:00:25.0480 0260 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:00:25.0480 0260 ErrDev - ok
22:00:25.0839 0260 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:00:25.0839 0260 EventSystem - ok
22:00:26.0120 0260 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:00:26.0120 0260 exfat - ok
22:00:26.0136 0260 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:00:26.0136 0260 fastfat - ok
22:00:26.0806 0260 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:00:26.0822 0260 Fax - ok
22:00:27.0009 0260 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:00:27.0009 0260 fdc - ok
22:00:27.0337 0260 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:00:27.0352 0260 fdPHost - ok
22:00:27.0602 0260 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:00:27.0602 0260 FDResPub - ok
22:00:27.0649 0260 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:00:27.0649 0260 FileInfo - ok
22:00:27.0664 0260 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:00:27.0664 0260 Filetrace - ok
22:00:28.0023 0260 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:00:28.0023 0260 FLEXnet Licensing Service - ok
22:00:28.0522 0260 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:00:28.0522 0260 flpydisk - ok
22:00:28.0600 0260 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:00:28.0600 0260 FltMgr - ok
22:00:28.0912 0260 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:00:28.0912 0260 FontCache - ok
22:00:29.0536 0260 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:00:29.0536 0260 FontCache3.0.0.0 - ok
22:00:29.0786 0260 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:00:29.0786 0260 FsDepends - ok
22:00:30.0114 0260 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:00:30.0114 0260 fssfltr - ok
22:00:30.0519 0260 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:00:30.0535 0260 fsssvc - ok
22:00:30.0753 0260 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:00:30.0753 0260 Fs_Rec - ok
22:00:31.0284 0260 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:00:31.0284 0260 fvevol - ok
22:00:31.0658 0260 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:00:31.0658 0260 gagp30kx - ok
22:00:32.0048 0260 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
22:00:32.0048 0260 GameConsoleService - ok
22:00:32.0313 0260 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:32.0313 0260 GEARAspiWDM - ok
22:00:32.0641 0260 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:00:32.0641 0260 gpsvc - ok
22:00:33.0218 0260 gupdate1ca3c63958ae07c - ok
22:00:33.0468 0260 gupdatem - ok
22:00:33.0530 0260 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:00:33.0530 0260 hamachi - ok
22:00:33.0842 0260 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:00:33.0842 0260 hcw85cir - ok
22:00:34.0170 0260 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:00:34.0170 0260 HDAudBus - ok
22:00:34.0747 0260 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:00:34.0747 0260 HidBatt - ok
22:00:34.0778 0260 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:00:34.0778 0260 HidBth - ok
22:00:35.0074 0260 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:00:35.0074 0260 HidIr - ok
22:00:35.0371 0260 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
22:00:35.0371 0260 hidserv - ok
22:00:35.0698 0260 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:00:35.0698 0260 HidUsb - ok
22:00:36.0291 0260 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:00:36.0307 0260 hkmsvc - ok
22:00:36.0588 0260 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:00:36.0588 0260 HomeGroupListener - ok
22:00:36.0931 0260 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:00:36.0931 0260 HomeGroupProvider - ok
22:00:37.0274 0260 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:00:37.0274 0260 HP Health Check Service - ok
22:00:37.0882 0260 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:00:37.0882 0260 HpqKbFiltr - ok
22:00:38.0163 0260 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:00:38.0163 0260 hpqwmiex - ok
22:00:38.0460 0260 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:00:38.0460 0260 HpSAMD - ok
22:00:38.0803 0260 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:00:38.0803 0260 HSF_DPV - ok
22:00:39.0068 0260 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:00:39.0068 0260 HSXHWAZL - ok
22:00:39.0411 0260 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:00:39.0411 0260 HTTP - ok
22:00:39.0957 0260 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:00:39.0957 0260 hwpolicy - ok
22:00:40.0254 0260 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:00:40.0254 0260 i8042prt - ok
22:00:40.0269 0260 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:00:40.0285 0260 iaStorV - ok
22:00:40.0628 0260 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:00:40.0628 0260 IDriverT - ok
22:00:40.0987 0260 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:00:40.0987 0260 idsvc - ok
22:00:41.0314 0260 [ 9BC8840DE4140E8E2A6FC3192E054A8C ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys
22:00:41.0314 0260 IDSVix86 - ok
22:00:41.0829 0260 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:00:41.0829 0260 iirsp - ok
22:00:42.0188 0260 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:00:42.0188 0260 IKEEXT - ok
22:00:42.0438 0260 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:00:42.0438 0260 intelide - ok
22:00:42.0484 0260 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:00:42.0484 0260 intelppm - ok
22:00:42.0812 0260 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:00:42.0812 0260 IPBusEnum - ok
22:00:43.0374 0260 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:43.0374 0260 IpFilterDriver - ok
22:00:43.0701 0260 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:00:43.0701 0260 iphlpsvc - ok
22:00:44.0013 0260 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:00:44.0013 0260 IPMIDRV - ok
22:00:44.0325 0260 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:00:44.0325 0260 IPNAT - ok
22:00:44.0902 0260 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:00:44.0902 0260 IRENUM - ok
22:00:45.0168 0260 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:00:45.0168 0260 isapnp - ok
22:00:45.0261 0260 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:00:45.0261 0260 iScsiPrt - ok
22:00:45.0526 0260 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:00:45.0526 0260 kbdclass - ok
22:00:45.0589 0260 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:00:45.0589 0260 kbdhid - ok
22:00:45.0854 0260 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
22:00:45.0870 0260 KeyIso - ok
22:00:46.0416 0260 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:00:46.0416 0260 KMWDFILTER - ok
22:00:46.0681 0260 [ 412CEA1AA78CC02A447F5C9E62B32FF1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:00:46.0681 0260 KSecDD - ok
22:00:46.0993 0260 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:00:47.0008 0260 KSecPkg - ok
22:00:47.0586 0260 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:00:47.0601 0260 KtmRm - ok
22:00:47.0929 0260 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
22:00:47.0929 0260 LanmanServer - ok
22:00:48.0241 0260 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:00:48.0241 0260 LanmanWorkstation - ok
22:00:48.0522 0260 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:00:48.0522 0260 lltdio - ok
22:00:48.0849 0260 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:00:48.0849 0260 lltdsvc - ok
22:00:49.0426 0260 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:00:49.0426 0260 lmhosts - ok
22:00:49.0770 0260 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
22:00:49.0785 0260 LMIGuardianSvc - ok
22:00:50.0050 0260 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
22:00:50.0050 0260 LMIInfo - ok
22:00:50.0378 0260 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
22:00:50.0378 0260 LMIMaint - ok
22:00:50.0674 0260 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
22:00:50.0674 0260 lmimirr - ok
22:00:50.0955 0260 LMIRfsClientNP - ok
22:00:51.0267 0260 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
22:00:51.0267 0260 LMIRfsDriver - ok
22:00:51.0548 0260 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
22:00:51.0548 0260 LogMeIn - ok
22:00:51.0876 0260 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:00:51.0876 0260 LSI_FC - ok
22:00:52.0437 0260 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:00:52.0437 0260 LSI_SAS - ok
22:00:52.0765 0260 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:00:52.0765 0260 LSI_SAS2 - ok
22:00:53.0077 0260 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:00:53.0077 0260 LSI_SCSI - ok
22:00:53.0404 0260 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:00:53.0404 0260 luafv - ok
22:00:54.0028 0260 [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
22:00:54.0044 0260 lxduCATSCustConnectService - ok
22:00:54.0262 0260 lxdu_device - ok
22:00:54.0325 0260 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:00:54.0325 0260 Mcx2Svc - ok
22:00:54.0590 0260 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:00:54.0590 0260 mdmxsdk - ok
22:00:54.0918 0260 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:00:54.0918 0260 megasas - ok
22:00:55.0448 0260 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:00:55.0448 0260 MegaSR - ok
22:00:55.0510 0260 Microsoft SharePoint Workspace Audit Service - ok
22:00:55.0822 0260 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:00:55.0822 0260 MMCSS - ok
22:00:56.0103 0260 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:00:56.0103 0260 Modem - ok
22:00:56.0431 0260 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:00:56.0431 0260 monitor - ok
22:00:56.0712 0260 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:00:56.0712 0260 mouclass - ok
22:00:57.0273 0260 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:00:57.0273 0260 mouhid - ok
22:00:57.0320 0260 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:00:57.0320 0260 mountmgr - ok
22:00:57.0320 0260 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:00:57.0320 0260 mpio - ok
22:00:57.0632 0260 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:00:57.0648 0260 mpsdrv - ok
22:00:57.0694 0260 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:00:57.0710 0260 MpsSvc - ok
22:00:57.0928 0260 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:00:57.0944 0260 MRxDAV - ok
22:00:58.0287 0260 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:58.0287 0260 mrxsmb - ok
22:00:58.0568 0260 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:58.0568 0260 mrxsmb10 - ok
22:00:58.0818 0260 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:58.0818 0260 mrxsmb20 - ok
22:00:58.0818 0260 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:00:58.0818 0260 msahci - ok
22:00:58.0833 0260 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:00:58.0833 0260 msdsm - ok
22:00:58.0896 0260 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:00:58.0896 0260 MSDTC - ok
22:00:59.0176 0260 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:00:59.0176 0260 Msfs - ok
22:00:59.0738 0260 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:00:59.0738 0260 mshidkmdf - ok
22:01:00.0019 0260 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:01:00.0019 0260 msisadrv - ok
22:01:00.0066 0260 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:01:00.0066 0260 MSiSCSI - ok
22:01:00.0346 0260 msiserver - ok
22:01:00.0674 0260 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:01:00.0674 0260 MSKSSRV - ok
22:01:00.0970 0260 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:01:00.0970 0260 MSPCLOCK - ok
22:01:01.0236 0260 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:01:01.0236 0260 MSPQM - ok
22:01:01.0813 0260 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:01:01.0813 0260 MsRPC - ok
22:01:02.0156 0260 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:01:02.0156 0260 mssmbios - ok
22:01:02.0452 0260 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:01:02.0452 0260 MSTEE - ok
22:01:03.0061 0260 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:01:03.0061 0260 MTConfig - ok
22:01:03.0388 0260 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:01:03.0388 0260 Mup - ok
22:01:04.0122 0260 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
22:01:04.0122 0260 N360 - ok
22:01:04.0402 0260 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:01:04.0402 0260 napagent - ok
22:01:05.0026 0260 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:01:05.0026 0260 NativeWifiP - ok
22:01:05.0635 0260 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVENG.SYS
22:01:05.0635 0260 NAVENG - ok
22:01:05.0962 0260 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVEX15.SYS
22:01:05.0994 0260 NAVEX15 - ok
22:01:06.0352 0260 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:01:06.0352 0260 NBService - ok
22:01:06.0664 0260 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:01:06.0664 0260 NDIS - ok
22:01:07.0242 0260 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:01:07.0242 0260 NdisCap - ok
22:01:07.0522 0260 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:01:07.0522 0260 NdisTapi - ok
22:01:07.0819 0260 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:01:07.0819 0260 Ndisuio - ok
22:01:07.0834 0260 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:01:07.0834 0260 NdisWan - ok
22:01:08.0396 0260 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:01:08.0396 0260 NDProxy - ok
22:01:08.0412 0260 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:01:08.0412 0260 NetBIOS - ok
22:01:08.0458 0260 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:01:08.0458 0260 NetBT - ok
22:01:09.0036 0260 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
22:01:09.0036 0260 Netlogon - ok
22:01:09.0394 0260 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:01:09.0410 0260 Netman - ok
22:01:09.0722 0260 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:01:09.0722 0260 netprofm - ok
22:01:10.0034 0260 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:01:10.0034 0260 NetTcpPortSharing - ok
22:01:10.0627 0260 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:01:10.0627 0260 nfrd960 - ok
22:01:10.0923 0260 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:01:10.0923 0260 NlaSvc - ok
22:01:11.0298 0260 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:01:11.0313 0260 NMIndexingService - ok
22:01:11.0578 0260 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:01:11.0578 0260 Npfs - ok
22:01:11.0922 0260 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:01:11.0922 0260 nsi - ok
22:01:12.0468 0260 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:01:12.0468 0260 nsiproxy - ok
22:01:12.0530 0260 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:01:12.0530 0260 Ntfs - ok
22:01:12.0811 0260 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:01:12.0811 0260 Null - ok
22:01:13.0154 0260 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
22:01:13.0154 0260 NVHDA - ok
22:01:13.0934 0260 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:01:14.0012 0260 nvlddmkm - ok
22:01:14.0355 0260 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
22:01:14.0355 0260 NVNET - ok
22:01:14.0667 0260 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:01:14.0667 0260 nvraid - ok
22:01:14.0995 0260 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
22:01:14.0995 0260 nvsmu - ok
22:01:15.0588 0260 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:01:15.0588 0260 nvstor - ok
22:01:15.0915 0260 [ A91E66D964E5BEB4792EC8BAC8ED926A ] nvsvc C:\Windows\system32\nvvsvc.exe
22:01:15.0915 0260 nvsvc - ok
22:01:16.0212 0260 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:01:16.0212 0260 nv_agp - ok
22:01:16.0305 0260 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:01:16.0321 0260 odserv - ok
22:01:16.0820 0260 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:01:16.0820 0260 ohci1394 - ok
22:01:17.0413 0260 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:01:17.0413 0260 ose - ok
22:01:17.0584 0260 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:01:17.0616 0260 osppsvc - ok
22:01:17.0756 0260 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:01:17.0772 0260 p2pimsvc - ok
22:01:18.0037 0260 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:01:18.0037 0260 p2psvc - ok
22:01:18.0364 0260 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:01:18.0364 0260 Parport - ok
22:01:18.0957 0260 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:01:18.0973 0260 partmgr - ok
22:01:19.0285 0260 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:01:19.0285 0260 Parvdm - ok
22:01:19.0581 0260 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:01:19.0581 0260 PcaSvc - ok
22:01:19.0909 0260 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:01:19.0909 0260 pci - ok
22:01:19.0940 0260 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:01:19.0940 0260 pciide - ok
22:01:20.0517 0260 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:01:20.0517 0260 pcmcia - ok
22:01:20.0829 0260 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:01:20.0829 0260 pcw - ok
22:01:21.0157 0260 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:01:21.0157 0260 PEAUTH - ok
22:01:21.0516 0260 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:01:21.0531 0260 pla - ok
22:01:21.0812 0260 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
22:01:21.0812 0260 PLFlash DeviceIoControl Service - ok
22:01:22.0389 0260 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:01:22.0389 0260 PlugPlay - ok
22:01:22.0779 0260 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
22:01:22.0779 0260 PMBDeviceInfoProvider - ok
22:01:22.0998 0260 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:01:22.0998 0260 PNRPAutoReg - ok
22:01:23.0044 0260 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:01:23.0044 0260 PNRPsvc - ok
22:01:23.0341 0260 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:01:23.0341 0260 PolicyAgent - ok
22:01:23.0684 0260 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:01:23.0684 0260 Power - ok
22:01:23.0996 0260 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:01:23.0996 0260 PptpMiniport - ok
22:01:24.0573 0260 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:01:24.0573 0260 Processor - ok
22:01:24.0885 0260 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
22:01:24.0885 0260 ProfSvc - ok
22:01:25.0182 0260 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:01:25.0182 0260 ProtectedStorage - ok
22:01:25.0478 0260 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:01:25.0478 0260 Psched - ok
22:01:25.0525 0260 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:01:25.0525 0260 ql2300 - ok
22:01:26.0102 0260 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:01:26.0102 0260 ql40xx - ok
22:01:26.0133 0260 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:01:26.0149 0260 QWAVE - ok
22:01:26.0398 0260 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:01:26.0398 0260 QWAVEdrv - ok
22:01:26.0492 0260 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
22:01:26.0492 0260 RapiMgr - ok
22:01:26.0773 0260 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:01:26.0773 0260 RasAcd - ok
22:01:27.0350 0260 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:27.0350 0260 RasAgileVpn - ok
22:01:27.0397 0260 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:01:27.0397 0260 RasAuto - ok
22:01:27.0958 0260 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:27.0958 0260 Rasl2tp - ok
22:01:28.0317 0260 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:01:28.0317 0260 RasMan - ok
22:01:28.0832 0260 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:28.0848 0260 RasPppoe - ok
22:01:29.0128 0260 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:01:29.0128 0260 RasSstp - ok
22:01:29.0456 0260 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:01:29.0456 0260 rdbss - ok
22:01:29.0768 0260 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:01:29.0768 0260 rdpbus - ok
22:01:29.0784 0260 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:29.0784 0260 RDPCDD - ok
22:01:30.0111 0260 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:01:30.0111 0260 RDPENCDD - ok
22:01:30.0673 0260 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:01:30.0673 0260 RDPREFMP - ok
22:01:30.0673 0260 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:01:30.0673 0260 RDPWD - ok
22:01:31.0032 0260 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:01:31.0032 0260 rdyboost - ok
22:01:31.0624 0260 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
22:01:31.0624 0260 Recovery Service for Windows - ok
22:01:31.0936 0260 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:01:31.0936 0260 RemoteAccess - ok
22:01:32.0217 0260 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:01:32.0233 0260 RemoteRegistry - ok
22:01:32.0592 0260 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:01:32.0607 0260 RichVideo - ok
22:01:33.0138 0260 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:01:33.0153 0260 RpcEptMapper - ok
22:01:33.0434 0260 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:01:33.0434 0260 RpcLocator - ok
22:01:33.0808 0260 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:01:33.0808 0260 RpcSs - ok
22:01:34.0074 0260 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:01:34.0074 0260 rspndr - ok
22:01:34.0401 0260 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
22:01:34.0401 0260 RTSTOR - ok
22:01:34.0978 0260 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
22:01:34.0978 0260 SamSs - ok
22:01:35.0306 0260 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:01:35.0306 0260 sbp2port - ok
22:01:35.0587 0260 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:01:35.0602 0260 SCardSvr - ok
22:01:35.0899 0260 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:01:35.0899 0260 scfilter - ok
22:01:35.0977 0260 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:01:35.0977 0260 Schedule - ok
22:01:36.0507 0260 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:01:36.0507 0260 SCPolicySvc - ok
22:01:36.0835 0260 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:01:36.0835 0260 SDRSVC - ok
22:01:37.0209 0260 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:01:37.0209 0260 SeaPort - ok
22:01:37.0490 0260 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:01:37.0490 0260 secdrv - ok
22:01:38.0067 0260 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:01:38.0067 0260 seclogon - ok
22:01:38.0379 0260 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
22:01:38.0379 0260 SENS - ok
22:01:38.0676 0260 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:01:38.0676 0260 SensrSvc - ok
22:01:39.0019 0260 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:01:39.0019 0260 Serenum - ok
22:01:39.0331 0260 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:01:39.0331 0260 Serial - ok
22:01:39.0924 0260 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:01:39.0924 0260 sermouse - ok
22:01:40.0501 0260 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:01:40.0501 0260 SessionEnv - ok
22:01:41.0016 0260 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:01:41.0016 0260 sffdisk - ok
22:01:41.0016 0260 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:01:41.0016 0260 sffp_mmc - ok
22:01:41.0031 0260 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:01:41.0031 0260 sffp_sd - ok
22:01:41.0359 0260 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:01:41.0359 0260 sfloppy - ok
22:01:41.0718 0260 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:01:41.0718 0260 SharedAccess - ok
22:01:41.0998 0260 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:01:41.0998 0260 ShellHWDetection - ok
22:01:42.0295 0260 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:01:42.0295 0260 sisagp - ok
22:01:42.0607 0260 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:01:42.0607 0260 SiSRaid2 - ok
22:01:42.0888 0260 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:01:42.0888 0260 SiSRaid4 - ok
22:01:42.0950 0260 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:01:42.0950 0260 Smb - ok
22:01:43.0293 0260 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys
22:01:43.0293 0260 SMSIVZAM5 - ok
22:01:43.0870 0260 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:01:43.0870 0260 SNMPTRAP - ok
22:01:44.0432 0260 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:01:44.0432 0260 spldr - ok
22:01:44.0791 0260 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
22:01:44.0791 0260 Spooler - ok
22:01:45.0134 0260 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:01:45.0165 0260 sppsvc - ok
22:01:45.0337 0260 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:01:45.0337 0260 sppuinotify - ok
22:01:45.0446 0260 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:01:45.0446 0260 SQLWriter - ok
22:01:45.0727 0260 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
22:01:45.0727 0260 SRTSP - ok
22:01:45.0945 0260 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
22:01:45.0945 0260 SRTSPX - ok
22:01:46.0023 0260 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:01:46.0023 0260 srv - ok
22:01:46.0616 0260 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:01:46.0616 0260 srv2 - ok
22:01:46.0834 0260 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:01:46.0834 0260 srvnet - ok
22:01:47.0178 0260 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:01:47.0178 0260 SSDPSRV - ok
22:01:47.0708 0260 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:01:47.0708 0260 SstpSvc - ok
22:01:47.0755 0260 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:01:47.0755 0260 stexstor - ok
22:01:48.0067 0260 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:01:48.0067 0260 StiSvc - ok
22:01:48.0348 0260 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:01:48.0348 0260 swenum - ok
22:01:48.0691 0260 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:01:48.0691 0260 swprv - ok
22:01:49.0284 0260 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
22:01:49.0299 0260 SymDS - ok
22:01:49.0611 0260 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
22:01:49.0611 0260 SymEFA - ok
22:01:49.0908 0260 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
22:01:49.0908 0260 SymEvent - ok
22:01:50.0220 0260 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
22:01:50.0235 0260 SymIRON - ok
22:01:50.0516 0260 [ 2C688094650D23B62B0A809DECD0B12F ] SymNetS C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS
22:01:50.0532 0260 SymNetS - ok
22:01:50.0578 0260 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:01:50.0578 0260 SynTP - ok
22:01:50.0968 0260 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:01:50.0984 0260 SysMain - ok
22:01:51.0468 0260 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:01:51.0468 0260 TabletInputService - ok
22:01:51.0733 0260 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:01:51.0733 0260 TapiSrv - ok
22:01:52.0045 0260 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:01:52.0045 0260 TBS - ok
22:01:52.0435 0260 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:01:52.0435 0260 Tcpip - ok
22:01:52.0684 0260 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:01:52.0700 0260 TCPIP6 - ok
22:01:53.0293 0260 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:01:53.0293 0260 tcpipreg - ok
22:01:53.0574 0260 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:01:53.0574 0260 TDPIPE - ok
22:01:53.0574 0260 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:01:53.0574 0260 TDTCP - ok
22:01:53.0589 0260 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:01:53.0589 0260 tdx - ok
22:01:53.0605 0260 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:01:53.0605 0260 TermDD - ok
22:01:53.0667 0260 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:01:53.0683 0260 TermService - ok
22:01:54.0198 0260 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:01:54.0198 0260 Themes - ok
22:01:54.0244 0260 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:01:54.0244 0260 THREADORDER - ok
22:01:54.0572 0260 [ 572A16FBAD52AB1AC8E3D44BAAF99694 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
22:01:54.0572 0260 TomTomHOMEService - ok
22:01:54.0837 0260 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:01:54.0837 0260 TrkWks - ok
22:01:55.0196 0260 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:01:55.0196 0260 TrustedInstaller - ok
22:01:55.0773 0260 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:01:55.0773 0260 tssecsrv - ok
22:01:56.0054 0260 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:01:56.0070 0260 TsUsbFlt - ok
22:01:56.0397 0260 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:01:56.0397 0260 tunnel - ok
22:01:56.0709 0260 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:01:56.0725 0260 uagp35 - ok
22:01:57.0318 0260 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:01:57.0318 0260 udfs - ok
22:01:57.0645 0260 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:01:57.0661 0260 UI0Detect - ok
22:01:57.0895 0260 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:01:57.0895 0260 uliagpkx - ok
22:01:57.0942 0260 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:01:57.0942 0260 umbus - ok
22:01:57.0973 0260 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:01:57.0973 0260 UmPass - ok
22:01:58.0300 0260 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:01:58.0300 0260 upnphost - ok
22:01:58.0893 0260 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:01:58.0893 0260 usbccgp - ok
22:01:59.0205 0260 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:01:59.0205 0260 usbcir - ok
22:02:00.0063 0260 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:02:00.0079 0260 usbehci - ok
22:02:00.0344 0260 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:02:00.0344 0260 usbhub - ok
22:02:00.0344 0260 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:02:00.0344 0260 usbohci - ok
22:02:00.0672 0260 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:02:00.0672 0260 usbprint - ok
22:02:01.0296 0260 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:02:01.0296 0260 USBSTOR - ok
22:02:01.0514 0260 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:02:01.0514 0260 usbuhci - ok
22:02:01.0561 0260 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:02:01.0561 0260 usbvideo - ok
22:02:01.0904 0260 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:02:01.0904 0260 usb_rndisx - ok
22:02:02.0232 0260 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:02:02.0232 0260 UxSms - ok
22:02:02.0528 0260 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
22:02:02.0528 0260 VaultSvc - ok
22:02:02.0809 0260 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:02:02.0809 0260 vdrvroot - ok
22:02:03.0152 0260 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:02:03.0168 0260 vds - ok
22:02:03.0480 0260 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:02:03.0480 0260 vga - ok
22:02:03.0792 0260 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:02:03.0792 0260 VgaSave - ok
22:02:04.0135 0260 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:02:04.0135 0260 vhdmp - ok
22:02:04.0743 0260 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:02:04.0759 0260 viaagp - ok
22:02:05.0055 0260 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:02:05.0055 0260 ViaC7 - ok
22:02:05.0336 0260 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:02:05.0336 0260 viaide - ok
22:02:05.0352 0260 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:02:05.0352 0260 volmgr - ok
22:02:05.0679 0260 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:02:05.0679 0260 volmgrx - ok
22:02:05.0944 0260 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:02:05.0944 0260 volsnap - ok
22:02:06.0007 0260 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:02:06.0007 0260 vsmraid - ok
22:02:06.0350 0260 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:02:06.0366 0260 VSS - ok
22:02:06.0631 0260 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:02:06.0631 0260 vwifibus - ok
22:02:06.0974 0260 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:02:06.0974 0260 vwififlt - ok
22:02:07.0270 0260 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:02:07.0286 0260 W32Time - ok
22:02:07.0582 0260 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:02:07.0582 0260 WacomPen - ok
22:02:07.0598 0260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:02:07.0598 0260 WANARP - ok
22:02:07.0879 0260 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:02:07.0879 0260 Wanarpv6 - ok
22:02:08.0004 0260 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:02:08.0004 0260 WatAdminSvc - ok
22:02:08.0316 0260 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:02:08.0331 0260 wbengine - ok
22:02:08.0581 0260 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:02:08.0581 0260 WbioSrvc - ok
22:02:08.0908 0260 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
22:02:08.0924 0260 WcesComm - ok
22:02:09.0158 0260 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:02:09.0158 0260 wcncsvc - ok
22:02:09.0220 0260 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:02:09.0220 0260 WcsPlugInService - ok
22:02:09.0548 0260 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:02:09.0548 0260 Wd - ok
22:02:09.0876 0260 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:02:09.0876 0260 Wdf01000 - ok
22:02:10.0203 0260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:02:10.0203 0260 WdiServiceHost - ok
22:02:10.0468 0260 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:02:10.0468 0260 WdiSystemHost - ok
22:02:10.0515 0260 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:02:10.0515 0260 WebClient - ok
22:02:10.0858 0260 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:02:10.0858 0260 Wecsvc - ok
22:02:11.0451 0260 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:02:11.0451 0260 wercplsupport - ok
22:02:11.0716 0260 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:02:11.0732 0260 WerSvc - ok
22:02:12.0060 0260 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:02:12.0060 0260 WfpLwf - ok
22:02:12.0387 0260 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:02:12.0387 0260 WIMMount - ok
22:02:12.0996 0260 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:02:12.0996 0260 winachsf - ok
22:02:13.0308 0260 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:02:13.0308 0260 WinDefend - ok
22:02:13.0542 0260 WinHttpAutoProxySvc - ok
22:02:13.0620 0260 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:02:13.0620 0260 Winmgmt - ok
22:02:13.0947 0260 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:02:13.0963 0260 WinRM - ok
22:02:14.0509 0260 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
22:02:14.0524 0260 WINUSB - ok
22:02:14.0868 0260 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:02:14.0883 0260 Wlansvc - ok
22:02:15.0507 0260 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:02:15.0523 0260 wlidsvc - ok
22:02:16.0022 0260 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:02:16.0022 0260 WmiAcpi - ok
22:02:16.0365 0260 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:02:16.0365 0260 wmiApSrv - ok
22:02:16.0771 0260 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:02:16.0771 0260 WMPNetworkSvc - ok
22:02:17.0254 0260 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:02:17.0254 0260 WPCSvc - ok
22:02:17.0535 0260 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:02:17.0535 0260 WPDBusEnum - ok
22:02:17.0629 0260 WPFFontCache_v0400 - ok
22:02:18.0159 0260 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:02:18.0159 0260 ws2ifsl - ok
22:02:18.0456 0260 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
22:02:18.0471 0260 wscsvc - ok
22:02:18.0752 0260 WSearch - ok
22:02:18.0846 0260 [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv C:\Windows\system32\wuaueng.dll
22:02:18.0861 0260 wuauserv - ok
22:02:19.0111 0260 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:02:19.0111 0260 WudfPf - ok
22:02:19.0142 0260 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:02:19.0142 0260 WUDFRd - ok
22:02:19.0750 0260 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:02:19.0750 0260 wudfsvc - ok
22:02:20.0328 0260 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:02:20.0328 0260 WwanSvc - ok
22:02:20.0608 0260 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
22:02:20.0608 0260 XAudio - ok
22:02:20.0936 0260 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
22:02:20.0952 0260 XAudioService - ok
22:02:21.0794 0260 ================ Scan global ===============================
22:02:22.0153 0260 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:02:22.0465 0260 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
22:02:22.0699 0260 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
22:02:22.0777 0260 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:02:23.0104 0260 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:02:23.0104 0260 [Global] - ok
22:02:23.0307 0260 ================ Scan MBR ==================================
22:02:23.0307 0260 [ C0DCF0AC171DB02DB8B0014C5D767CF1 ] \Device\Harddisk0\DR0
22:02:23.0323 0260 Suspicious mbr (Forged): \Device\Harddisk0\DR0
22:02:23.0354 0260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:02:23.0354 0260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:02:23.0354 0260 ================ Scan VBR ==================================
22:02:23.0682 0260 [ 608FF3F8566B467E28A3EFE9E820F8DB ] \Device\Harddisk0\DR0\Partition1
22:02:23.0682 0260 \Device\Harddisk0\DR0\Partition1 - ok
22:02:23.0713 0260 [ 61A54F09B029280B191D4F5321AFB5CC ] \Device\Harddisk0\DR0\Partition2
22:02:23.0713 0260 \Device\Harddisk0\DR0\Partition2 - ok
22:02:23.0962 0260 ============================================================
22:02:23.0962 0260 Scan finished
22:02:23.0962 0260 ============================================================
22:02:24.0259 1812 Detected object count: 1
22:02:24.0259 1812 Actual detected object count: 1
22:02:52.0542 1812 \Device\Harddisk0\DR0\# - copied to quarantine
22:02:52.0542 1812 \Device\Harddisk0\DR0 - copied to quarantine
22:02:52.0682 1812 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:02:52.0698 1812 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:02:52.0698 1812 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:02:52.0713 1812 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:02:52.0713 1812 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:02:52.0744 1812 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:02:52.0744 1812 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:02:52.0744 1812 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:02:52.0744 1812 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:02:52.0760 1812 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:02:53.0025 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:02:53.0025 1812 \Device\Harddisk0\DR0 - ok
22:02:53.0306 1812 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:03:06.0940 1880 Deinitialize success
  • 0

#8
RKinner
Posted 12 October 2012 - 06:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No problem. Delete the old TDSSKiller log and run it again (with all options checked) just to make sure that everything is gone.
Uninstall
BitComet 1.09
Adobe Reader 9.4.5 (obsolete - go to adobe.com and get the latest reader. Do not let them foist ask or yahoo toolbars or McAfee security scan or similar on you.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 24

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently still has major security flaws.

Get the latest version of Firefox from http://www.mozilla.o...US/firefox/new/ then uninstall these two:
Mozilla Firefox (3.6.25)
Mozilla Firefox 4.0b7 (x86 en-US)

Remove these if you don't use:
LogMeIn
NetZero Preloader
Big Fish Games Toolbar 2.0 (I don't think it's needed for the games but I could be wrong.)


Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKCU\..\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.c...m=1&toolbar=SS2
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: 
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/10/07 21:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll (BitComet)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll File not found

:files
C:\ProgramData\Microsoft\Windows\DRM\1334.tmp
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\LandaBear\AppData\Local\Temp\*.exe
sc config WSearch start= disabled /c
sc config Browser start= disabled /c
sc config HomeGroupProvider start= disabled /c


netstat -ano | find "16464" /c
netstat -ano | find "16465" /c
netstat -ano | find "16470" /c
netstat -ano | find "16471" /c
netstat -ano | find "21810" /c
netstat -ano | find "22292" /c
netstat -ano | find "34354" /c
netstat -ano | find "34355" /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10122012-some number.log.



Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

If using IE you may need to do this first:
Open IE then click on the gear then Click the Safety button, point to SmartScreen Filter, and then click Turn Off SmartScreen Filter. In the Microsoft? SmartScreen Filter dialog box, click OK.

Use IE and Go to:
http://support.micro...b;en-US;2545227
and run the FixIt.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.




2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#9
yobraniac
Posted 16 October 2012 - 09:17 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Sorry for the delay. Busy last few days. Will post asap
  • 0

#10
yobraniac
Posted 17 October 2012 - 05:43 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Hello

Sorry for the delay. So I wasn't sure if I was suppose to still be doing everything in Safe Mode or not and half of the steps that required the Windows Installer said they wouldn't work in Safe Mode. After going through half of the steps and getting that error message I went in Normal Mode. So far the PC has not shut down, even after a reboot and I was able to complete all of the steps. I uninstalled everything you listed except logmein because that is something I actively use though not at the moment on this machine. I did not reinstall Java as of yet or Adobe. Also updates tried to auto install once I logged in but I stopped them for the time being, at least the ones that I saw and/or gave me a pop up. See below for logs, please let me know if I am missing any....


TDSS

17:48:55.0028 1568 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:48:55.0325 1568 ============================================================
17:48:55.0325 1568 Current date / time: 2012/10/17 17:48:55.0325
17:48:55.0325 1568 SystemInfo:
17:48:55.0325 1568
17:48:55.0325 1568 OS Version: 6.1.7601 ServicePack: 1.0
17:48:55.0325 1568 Product type: Workstation
17:48:55.0325 1568 ComputerName: LAPTOP
17:48:55.0325 1568 UserName: LandaBear
17:48:55.0325 1568 Windows directory: C:\Windows
17:48:55.0325 1568 System windows directory: C:\Windows
17:48:55.0325 1568 Processor architecture: Intel x86
17:48:55.0325 1568 Number of processors: 2
17:48:55.0325 1568 Page size: 0x1000
17:48:55.0325 1568 Boot type: Safe boot with network
17:48:55.0325 1568 ============================================================
17:48:56.0916 1568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:48:56.0916 1568 ============================================================
17:48:56.0916 1568 \Device\Harddisk0\DR0:
17:48:56.0916 1568 MBR partitions:
17:48:56.0916 1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E6BFC1
17:48:56.0916 1568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E6C000, BlocksNum 0x15C1000
17:48:56.0916 1568 ============================================================
17:48:56.0916 1568 C: <-> \Device\Harddisk0\DR0\Partition1
17:48:56.0947 1568 D: <-> \Device\Harddisk0\DR0\Partition2
17:48:56.0947 1568 ============================================================
17:48:56.0947 1568 Initialize success
17:48:56.0947 1568 ============================================================
17:49:09.0193 0392 ============================================================
17:49:09.0193 0392 Scan started
17:49:09.0193 0392 Mode: Manual; SigCheck; TDLFS;
17:49:09.0193 0392 ============================================================
17:49:09.0708 0392 ================ Scan system memory ========================
17:49:09.0708 0392 System memory - ok
17:49:09.0848 0392 ================ Scan services =============================
17:49:10.0675 0392 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:49:10.0800 0392 1394ohci - ok
17:49:11.0081 0392 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:49:11.0096 0392 ACPI - ok
17:49:11.0143 0392 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:49:11.0221 0392 AcpiPmi - ok
17:49:11.0767 0392 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
17:49:11.0767 0392 adfs - ok
17:49:12.0095 0392 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:49:12.0110 0392 adp94xx - ok
17:49:12.0407 0392 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:49:12.0422 0392 adpahci - ok
17:49:12.0999 0392 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:49:12.0999 0392 adpu320 - ok
17:49:13.0343 0392 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:49:13.0374 0392 AeLookupSvc - ok
17:49:13.0655 0392 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:49:13.0701 0392 AFD - ok
17:49:13.0904 0392 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:49:13.0920 0392 agp440 - ok
17:49:14.0263 0392 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:49:14.0279 0392 aic78xx - ok
17:49:14.0871 0392 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:49:14.0903 0392 ALG - ok
17:49:15.0199 0392 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:49:15.0199 0392 aliide - ok
17:49:15.0449 0392 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:49:15.0464 0392 amdagp - ok
17:49:15.0464 0392 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:49:15.0480 0392 amdide - ok
17:49:15.0823 0392 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:49:15.0885 0392 AmdK8 - ok
17:49:16.0385 0392 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:49:16.0431 0392 AmdPPM - ok
17:49:16.0728 0392 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:49:16.0743 0392 amdsata - ok
17:49:17.0040 0392 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:49:17.0055 0392 amdsbs - ok
17:49:17.0321 0392 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:49:17.0336 0392 amdxata - ok
17:49:17.0633 0392 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:49:17.0773 0392 AppID - ok
17:49:17.0976 0392 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:49:18.0023 0392 AppIDSvc - ok
17:49:18.0303 0392 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:49:18.0350 0392 Appinfo - ok
17:49:18.0600 0392 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:49:18.0615 0392 arc - ok
17:49:18.0865 0392 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:49:18.0881 0392 arcsas - ok
17:49:19.0224 0392 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:49:19.0364 0392 AsyncMac - ok
17:49:19.0489 0392 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:49:19.0505 0392 atapi - ok
17:49:19.0848 0392 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
17:49:19.0879 0392 athr - ok
17:49:20.0472 0392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:49:20.0503 0392 AudioEndpointBuilder - ok
17:49:20.0706 0392 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:49:20.0737 0392 Audiosrv - ok
17:49:21.0033 0392 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:49:21.0065 0392 AxInstSV - ok
17:49:21.0392 0392 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:49:21.0423 0392 b06bdrv - ok
17:49:21.0704 0392 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:49:21.0735 0392 b57nd60x - ok
17:49:22.0578 0392 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:49:22.0625 0392 BDESVC - ok
17:49:22.0905 0392 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:49:22.0952 0392 Beep - ok
17:49:23.0514 0392 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:49:23.0561 0392 BFE - ok
17:49:23.0982 0392 [ 9D14D76E4E7B9B2EAD17149011DB2B11 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys
17:49:24.0122 0392 BHDrvx86 - ok
17:49:24.0185 0392 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:49:24.0512 0392 BITS - ok
17:49:24.0762 0392 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:49:24.0777 0392 blbdrive - ok
17:49:25.0058 0392 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:49:25.0105 0392 bowser - ok
17:49:25.0401 0392 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:49:25.0479 0392 BrFiltLo - ok
17:49:25.0729 0392 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:49:25.0760 0392 BrFiltUp - ok
17:49:26.0057 0392 [ 77361D72A04F18809D0EFB6CCEB74D4B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
17:49:26.0119 0392 Bridge - ok
17:49:26.0899 0392 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:49:26.0930 0392 BridgeMP - ok
17:49:27.0227 0392 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
17:49:27.0273 0392 Browser - ok
17:49:27.0523 0392 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:49:27.0554 0392 Brserid - ok
17:49:27.0866 0392 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:49:27.0913 0392 BrSerWdm - ok
17:49:28.0163 0392 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:49:28.0194 0392 BrUsbMdm - ok
17:49:28.0506 0392 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:49:28.0553 0392 BrUsbSer - ok
17:49:29.0099 0392 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:49:29.0130 0392 BTHMODEM - ok
17:49:29.0723 0392 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:49:29.0769 0392 bthserv - ok
17:49:30.0175 0392 catchme - ok
17:49:30.0378 0392 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:49:30.0425 0392 cdfs - ok
17:49:30.0986 0392 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:49:31.0002 0392 cdrom - ok
17:49:31.0329 0392 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:49:31.0361 0392 CertPropSvc - ok
17:49:31.0626 0392 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:49:31.0641 0392 circlass - ok
17:49:31.0953 0392 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:49:31.0969 0392 CLFS - ok
17:49:32.0359 0392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:32.0375 0392 clr_optimization_v2.0.50727_32 - ok
17:49:32.0905 0392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:32.0983 0392 clr_optimization_v4.0.30319_32 - ok
17:49:33.0186 0392 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:49:33.0217 0392 CmBatt - ok
17:49:33.0513 0392 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:49:33.0529 0392 cmdide - ok
17:49:33.0825 0392 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:49:33.0872 0392 CNG - ok
17:49:34.0169 0392 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
17:49:34.0231 0392 CnxtHdAudService - ok
17:49:34.0824 0392 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:49:34.0839 0392 Com4QLBEx - ok
17:49:35.0089 0392 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:49:35.0105 0392 Compbatt - ok
17:49:35.0417 0392 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:49:35.0448 0392 CompositeBus - ok
17:49:35.0697 0392 COMSysApp - ok
17:49:35.0729 0392 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:49:35.0744 0392 crcdisk - ok
17:49:36.0649 0392 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:49:36.0711 0392 CryptSvc - ok
17:49:36.0977 0392 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
17:49:37.0008 0392 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
17:49:37.0008 0392 CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
17:49:37.0257 0392 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
17:49:37.0273 0392 CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
17:49:37.0273 0392 CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
17:49:37.0585 0392 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:49:37.0632 0392 DcomLaunch - ok
17:49:38.0147 0392 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:49:38.0209 0392 defragsvc - ok
17:49:38.0505 0392 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:49:38.0537 0392 DfsC - ok
17:49:39.0098 0392 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:49:39.0129 0392 Dhcp - ok
17:49:39.0644 0392 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:49:39.0691 0392 discache - ok
17:49:39.0925 0392 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:49:39.0941 0392 Disk - ok
17:49:40.0268 0392 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:49:40.0299 0392 Dnscache - ok
17:49:40.0580 0392 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:49:40.0611 0392 dot3svc - ok
17:49:40.0908 0392 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:49:40.0955 0392 DPS - ok
17:49:41.0485 0392 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:49:41.0501 0392 drmkaud - ok
17:49:41.0844 0392 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:49:41.0875 0392 DXGKrnl - ok
17:49:42.0140 0392 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:49:42.0171 0392 EapHost - ok
17:49:42.0561 0392 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:49:42.0639 0392 ebdrv - ok
17:49:42.0811 0392 [ 75E8B69F28C813675B16DB357F20720F ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:49:42.0827 0392 eeCtrl - ok
17:49:43.0373 0392 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:49:43.0388 0392 EFS - ok
17:49:43.0778 0392 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:49:43.0809 0392 ehRecvr - ok
17:49:44.0043 0392 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:49:44.0075 0392 ehSched - ok
17:49:44.0402 0392 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:49:44.0418 0392 elxstor - ok
17:49:44.0683 0392 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:49:44.0714 0392 ErrDev - ok
17:49:45.0307 0392 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:49:45.0338 0392 EventSystem - ok
17:49:45.0588 0392 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:49:45.0619 0392 exfat - ok
17:49:45.0900 0392 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:49:45.0962 0392 fastfat - ok
17:49:46.0274 0392 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:49:46.0305 0392 Fax - ok
17:49:46.0820 0392 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:49:46.0851 0392 fdc - ok
17:49:47.0132 0392 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:49:47.0179 0392 fdPHost - ok
17:49:47.0397 0392 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:49:47.0475 0392 FDResPub - ok
17:49:47.0772 0392 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:49:47.0787 0392 FileInfo - ok
17:49:48.0099 0392 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:49:48.0131 0392 Filetrace - ok
17:49:48.0708 0392 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:49:48.0723 0392 FLEXnet Licensing Service - ok
17:49:48.0989 0392 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:49.0035 0392 flpydisk - ok
17:49:49.0332 0392 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:49:49.0347 0392 FltMgr - ok
17:49:49.0691 0392 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
17:49:49.0722 0392 FontCache - ok
17:49:50.0049 0392 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:50.0065 0392 FontCache3.0.0.0 - ok
17:49:50.0564 0392 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:49:50.0564 0392 FsDepends - ok
17:49:50.0907 0392 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:49:50.0923 0392 fssfltr - ok
17:49:51.0313 0392 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:49:51.0344 0392 fsssvc - ok
17:49:51.0531 0392 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:49:51.0547 0392 Fs_Rec - ok
17:49:52.0109 0392 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:49:52.0124 0392 fvevol - ok
17:49:52.0717 0392 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:49:52.0733 0392 gagp30kx - ok
17:49:53.0123 0392 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
17:49:53.0138 0392 GameConsoleService - ok
17:49:53.0372 0392 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:49:53.0372 0392 GEARAspiWDM - ok
17:49:53.0715 0392 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:49:53.0762 0392 gpsvc - ok
17:49:54.0059 0392 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca3c63958ae07c C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:54.0074 0392 gupdate1ca3c63958ae07c - ok
17:49:54.0542 0392 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:54.0558 0392 gupdatem - ok
17:49:54.0620 0392 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:49:54.0620 0392 hamachi - ok
17:49:54.0932 0392 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:49:54.0963 0392 hcw85cir - ok
17:49:55.0275 0392 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:49:55.0307 0392 HDAudBus - ok
17:49:55.0572 0392 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:49:55.0603 0392 HidBatt - ok
17:49:56.0149 0392 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:49:56.0196 0392 HidBth - ok
17:49:56.0508 0392 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:49:56.0539 0392 HidIr - ok
17:49:56.0835 0392 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:49:56.0882 0392 hidserv - ok
17:49:57.0179 0392 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:49:57.0210 0392 HidUsb - ok
17:49:57.0491 0392 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:49:57.0522 0392 hkmsvc - ok
17:49:58.0068 0392 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:49:58.0099 0392 HomeGroupListener - ok
17:49:58.0411 0392 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:49:58.0442 0392 HomeGroupProvider - ok
17:49:58.0754 0392 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
17:49:58.0785 0392 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
17:49:58.0785 0392 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
17:49:59.0285 0392 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:49:59.0347 0392 HpqKbFiltr - ok
17:49:59.0924 0392 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
17:49:59.0940 0392 hpqwmiex - ok
17:50:00.0236 0392 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:50:00.0236 0392 HpSAMD - ok
17:50:00.0595 0392 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:50:00.0673 0392 HSF_DPV - ok
17:50:00.0876 0392 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:50:00.0891 0392 HSXHWAZL - ok
17:50:01.0250 0392 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:50:01.0281 0392 HTTP - ok
17:50:01.0484 0392 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:50:01.0500 0392 hwpolicy - ok
17:50:01.0796 0392 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:50:01.0843 0392 i8042prt - ok
17:50:02.0124 0392 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:50:02.0155 0392 iaStorV - ok
17:50:02.0498 0392 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:50:02.0529 0392 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:50:02.0529 0392 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:50:02.0857 0392 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:50:02.0888 0392 idsvc - ok
17:50:03.0216 0392 [ 9BC8840DE4140E8E2A6FC3192E054A8C ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys
17:50:03.0231 0392 IDSVix86 - ok
17:50:03.0699 0392 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:50:03.0715 0392 iirsp - ok
17:50:04.0074 0392 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:50:04.0121 0392 IKEEXT - ok
17:50:04.0355 0392 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:50:04.0355 0392 intelide - ok
17:50:04.0682 0392 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:50:04.0713 0392 intelppm - ok
17:50:05.0041 0392 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:50:05.0072 0392 IPBusEnum - ok
17:50:05.0587 0392 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:05.0634 0392 IpFilterDriver - ok
17:50:05.0915 0392 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:50:05.0961 0392 iphlpsvc - ok
17:50:06.0242 0392 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:50:06.0258 0392 IPMIDRV - ok
17:50:06.0570 0392 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:50:06.0601 0392 IPNAT - ok
17:50:07.0178 0392 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:50:07.0225 0392 IRENUM - ok
17:50:07.0428 0392 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:50:07.0428 0392 isapnp - ok
17:50:07.0490 0392 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:50:07.0568 0392 iScsiPrt - ok
17:50:07.0818 0392 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:50:07.0818 0392 kbdclass - ok
17:50:08.0099 0392 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:50:08.0114 0392 kbdhid - ok
17:50:08.0411 0392 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:50:08.0426 0392 KeyIso - ok
17:50:08.0754 0392 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
17:50:08.0785 0392 KMWDFILTER - ok
17:50:09.0050 0392 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:50:09.0050 0392 KSecDD - ok
17:50:09.0362 0392 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:50:09.0378 0392 KSecPkg - ok
17:50:09.0690 0392 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:50:09.0737 0392 KtmRm - ok
17:50:10.0283 0392 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
17:50:10.0314 0392 LanmanServer - ok
17:50:10.0610 0392 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:50:10.0704 0392 LanmanWorkstation - ok
17:50:10.0953 0392 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:50:11.0000 0392 lltdio - ok
17:50:11.0281 0392 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:50:11.0312 0392 lltdsvc - ok
17:50:11.0609 0392 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:50:11.0640 0392 lmhosts - ok
17:50:12.0248 0392 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
17:50:12.0311 0392 LMIGuardianSvc - ok
17:50:12.0513 0392 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
17:50:12.0529 0392 LMIInfo - ok
17:50:12.0825 0392 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
17:50:12.0841 0392 LMIMaint - ok
17:50:13.0169 0392 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
17:50:13.0169 0392 lmimirr - ok
17:50:13.0746 0392 LMIRfsClientNP - ok
17:50:14.0027 0392 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
17:50:14.0042 0392 LMIRfsDriver - ok
17:50:14.0120 0392 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
17:50:14.0136 0392 LogMeIn - ok
17:50:14.0417 0392 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:50:14.0432 0392 LSI_FC - ok
17:50:14.0744 0392 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:50:14.0760 0392 LSI_SAS - ok
17:50:15.0321 0392 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:50:15.0337 0392 LSI_SAS2 - ok
17:50:15.0649 0392 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:50:15.0665 0392 LSI_SCSI - ok
17:50:15.0961 0392 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:50:15.0992 0392 luafv - ok
17:50:16.0351 0392 [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
17:50:16.0413 0392 lxduCATSCustConnectService - ok
17:50:16.0569 0392 lxdu_device - ok
17:50:16.0928 0392 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:50:16.0944 0392 MBAMProtector - ok
17:50:17.0240 0392 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:50:17.0256 0392 MBAMScheduler - ok
17:50:17.0568 0392 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Malwarebytes' Anti-Malware\mbamservice.exe
17:50:17.0599 0392 MBAMService - ok
17:50:17.0911 0392 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:50:17.0927 0392 Mcx2Svc - ok
17:50:18.0239 0392 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:50:18.0239 0392 mdmxsdk - ok
17:50:18.0831 0392 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:50:18.0847 0392 megasas - ok
17:50:19.0175 0392 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:50:19.0190 0392 MegaSR - ok
17:50:19.0533 0392 Microsoft SharePoint Workspace Audit Service - ok
17:50:19.0861 0392 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:50:19.0908 0392 MMCSS - ok
17:50:20.0173 0392 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:50:20.0235 0392 Modem - ok
17:50:20.0797 0392 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:50:20.0828 0392 monitor - ok
17:50:21.0125 0392 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
17:50:21.0125 0392 mouclass - ok
17:50:21.0421 0392 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:50:21.0468 0392 mouhid - ok
17:50:21.0483 0392 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:50:21.0483 0392 mountmgr - ok
17:50:22.0092 0392 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:50:22.0107 0392 mpio - ok
17:50:22.0731 0392 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:50:22.0778 0392 mpsdrv - ok
17:50:23.0106 0392 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:50:23.0184 0392 MpsSvc - ok
17:50:23.0355 0392 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:50:23.0402 0392 MRxDAV - ok
17:50:23.0730 0392 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:23.0792 0392 mrxsmb - ok
17:50:24.0026 0392 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:24.0042 0392 mrxsmb10 - ok
17:50:24.0089 0392 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:24.0104 0392 mrxsmb20 - ok
17:50:24.0354 0392 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:50:24.0354 0392 msahci - ok
17:50:24.0369 0392 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:50:24.0385 0392 msdsm - ok
17:50:24.0993 0392 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:50:25.0040 0392 MSDTC - ok
17:50:25.0337 0392 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:50:25.0368 0392 Msfs - ok
17:50:25.0649 0392 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:50:25.0695 0392 mshidkmdf - ok
17:50:26.0179 0392 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:50:26.0195 0392 msisadrv - ok
17:50:26.0538 0392 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:50:26.0585 0392 MSiSCSI - ok
17:50:27.0084 0392 msiserver - ok
17:50:27.0146 0392 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:50:27.0193 0392 MSKSSRV - ok
17:50:27.0489 0392 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:27.0536 0392 MSPCLOCK - ok
17:50:27.0786 0392 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:50:27.0848 0392 MSPQM - ok
17:50:28.0113 0392 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:50:28.0129 0392 MsRPC - ok
17:50:28.0457 0392 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:50:28.0472 0392 mssmbios - ok
17:50:29.0034 0392 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:50:29.0065 0392 MSTEE - ok
17:50:29.0361 0392 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:50:29.0393 0392 MTConfig - ok
17:50:29.0673 0392 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:50:29.0689 0392 Mup - ok
17:50:30.0407 0392 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
17:50:30.0422 0392 N360 - ok
17:50:30.0641 0392 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:50:30.0672 0392 napagent - ok
17:50:30.0968 0392 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:50:30.0999 0392 NativeWifiP - ok
17:50:31.0327 0392 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVENG.SYS
17:50:31.0343 0392 NAVENG - ok
17:50:31.0639 0392 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.002\NAVEX15.SYS
17:50:31.0670 0392 NAVEX15 - ok
17:50:31.0998 0392 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:50:32.0029 0392 NBService - ok
17:50:32.0544 0392 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:50:32.0559 0392 NDIS - ok
17:50:33.0152 0392 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:50:33.0183 0392 NdisCap - ok
17:50:33.0480 0392 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:33.0542 0392 NdisTapi - ok
17:50:33.0839 0392 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:33.0870 0392 Ndisuio - ok
17:50:34.0135 0392 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:34.0166 0392 NdisWan - ok
17:50:34.0915 0392 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:50:34.0946 0392 NDProxy - ok
17:50:35.0258 0392 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:50:35.0321 0392 NetBIOS - ok
17:50:35.0539 0392 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:50:35.0601 0392 NetBT - ok
17:50:35.0898 0392 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:50:35.0913 0392 Netlogon - ok
17:50:36.0569 0392 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:50:36.0615 0392 Netman - ok
17:50:36.0818 0392 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:50:36.0865 0392 netprofm - ok
17:50:37.0161 0392 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:37.0177 0392 NetTcpPortSharing - ok
17:50:37.0505 0392 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:50:37.0505 0392 nfrd960 - ok
17:50:37.0832 0392 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:50:37.0863 0392 NlaSvc - ok
17:50:38.0487 0392 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:50:38.0503 0392 NMIndexingService - ok
17:50:38.0737 0392 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:50:38.0768 0392 Npfs - ok
17:50:39.0080 0392 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:50:39.0111 0392 nsi - ok
17:50:39.0345 0392 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:50:39.0408 0392 nsiproxy - ok
17:50:39.0704 0392 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:50:39.0751 0392 Ntfs - ok
17:50:40.0016 0392 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:50:40.0047 0392 Null - ok
17:50:40.0625 0392 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:50:40.0625 0392 NVHDA - ok
17:50:41.0155 0392 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:50:41.0498 0392 nvlddmkm - ok
17:50:41.0592 0392 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
17:50:41.0607 0392 NVNET - ok
17:50:41.0888 0392 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:50:41.0904 0392 nvraid - ok
17:50:42.0231 0392 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
17:50:42.0294 0392 nvsmu - ok
17:50:42.0824 0392 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:50:42.0840 0392 nvstor - ok
17:50:43.0136 0392 [ A91E66D964E5BEB4792EC8BAC8ED926A ] nvsvc C:\Windows\system32\nvvsvc.exe
17:50:43.0167 0392 nvsvc - ok
17:50:43.0448 0392 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:50:43.0464 0392 nv_agp - ok
17:50:43.0854 0392 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:50:43.0869 0392 odserv - ok
17:50:44.0103 0392 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:50:44.0135 0392 ohci1394 - ok
17:50:44.0696 0392 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:44.0696 0392 ose - ok
17:50:45.0164 0392 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:50:45.0367 0392 osppsvc - ok
17:50:45.0695 0392 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:50:45.0726 0392 p2pimsvc - ok
17:50:45.0991 0392 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:50:46.0007 0392 p2psvc - ok
17:50:46.0584 0392 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:50:46.0599 0392 Parport - ok
17:50:46.0927 0392 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:50:46.0927 0392 partmgr - ok
17:50:47.0223 0392 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:50:47.0239 0392 Parvdm - ok
17:50:47.0567 0392 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:50:47.0598 0392 PcaSvc - ok
17:50:47.0847 0392 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:50:47.0863 0392 pci - ok
17:50:48.0425 0392 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:50:48.0425 0392 pciide - ok
17:50:48.0471 0392 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:50:48.0487 0392 pcmcia - ok
17:50:48.0783 0392 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:50:48.0799 0392 pcw - ok
17:50:49.0142 0392 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:50:49.0205 0392 PEAUTH - ok
17:50:49.0517 0392 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:50:49.0579 0392 pla - ok
17:50:50.0047 0392 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:50:50.0047 0392 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
17:50:50.0047 0392 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
17:50:50.0687 0392 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:50:50.0702 0392 PlugPlay - ok
17:50:51.0045 0392 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
17:50:51.0139 0392 PMBDeviceInfoProvider - ok
17:50:51.0342 0392 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:50:51.0373 0392 PNRPAutoReg - ok
17:50:51.0638 0392 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:50:51.0654 0392 PNRPsvc - ok
17:50:51.0997 0392 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:50:52.0028 0392 PolicyAgent - ok
17:50:52.0574 0392 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:50:52.0621 0392 Power - ok
17:50:53.0198 0392 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:50:53.0245 0392 PptpMiniport - ok
17:50:53.0510 0392 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:50:53.0541 0392 Processor - ok
17:50:54.0165 0392 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:50:54.0212 0392 ProfSvc - ok
17:50:54.0446 0392 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:50:54.0462 0392 ProtectedStorage - ok
17:50:54.0789 0392 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:50:54.0821 0392 Psched - ok
17:50:55.0117 0392 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:50:55.0164 0392 ql2300 - ok
17:50:55.0429 0392 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:50:55.0445 0392 ql40xx - ok
17:50:55.0757 0392 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:50:55.0803 0392 QWAVE - ok
17:50:56.0334 0392 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:50:56.0349 0392 QWAVEdrv - ok
17:50:57.0020 0392 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:50:57.0036 0392 RapiMgr - ok
17:50:57.0301 0392 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:50:57.0363 0392 RasAcd - ok
17:50:57.0660 0392 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:50:57.0707 0392 RasAgileVpn - ok
17:50:57.0972 0392 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:50:58.0003 0392 RasAuto - ok
17:50:58.0284 0392 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:58.0331 0392 Rasl2tp - ok
17:50:58.0877 0392 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:50:58.0923 0392 RasMan - ok
17:50:59.0485 0392 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:59.0516 0392 RasPppoe - ok
17:50:59.0828 0392 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:50:59.0891 0392 RasSstp - ok
17:51:00.0171 0392 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:51:00.0203 0392 rdbss - ok
17:51:00.0749 0392 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:51:00.0780 0392 rdpbus - ok
17:51:01.0061 0392 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:51:01.0107 0392 RDPCDD - ok
17:51:01.0404 0392 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:51:01.0435 0392 RDPENCDD - ok
17:51:01.0716 0392 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:51:01.0763 0392 RDPREFMP - ok
17:51:02.0028 0392 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:51:02.0075 0392 RDPWD - ok
17:51:02.0621 0392 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:51:02.0636 0392 rdyboost - ok
17:51:03.0011 0392 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
17:51:03.0026 0392 Recovery Service for Windows - ok
17:51:03.0260 0392 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:51:03.0291 0392 RemoteAccess - ok
17:51:03.0588 0392 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:51:03.0650 0392 RemoteRegistry - ok
17:51:04.0243 0392 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
17:51:04.0274 0392 RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:51:04.0274 0392 RichVideo - detected UnsignedFile.Multi.Generic (1)
17:51:04.0508 0392 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:51:04.0555 0392 RpcEptMapper - ok
17:51:04.0836 0392 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:51:04.0867 0392 RpcLocator - ok
17:51:05.0148 0392 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:51:05.0179 0392 RpcSs - ok
17:51:05.0756 0392 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:51:05.0819 0392 rspndr - ok
17:51:06.0068 0392 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
17:51:06.0131 0392 RTSTOR - ok
17:51:06.0365 0392 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:51:06.0380 0392 SamSs - ok
17:51:06.0723 0392 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:51:06.0739 0392 sbp2port - ok
17:51:07.0035 0392 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:51:07.0082 0392 SCardSvr - ok
17:51:07.0316 0392 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:51:07.0363 0392 scfilter - ok
17:51:07.0971 0392 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:51:08.0018 0392 Schedule - ok
17:51:08.0299 0392 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:51:08.0315 0392 SCPolicySvc - ok
17:51:08.0642 0392 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:51:08.0658 0392 SDRSVC - ok
17:51:09.0017 0392 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:51:09.0032 0392 SeaPort - ok
17:51:09.0313 0392 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:51:09.0360 0392 secdrv - ok
17:51:09.0625 0392 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:51:09.0687 0392 seclogon - ok
17:51:09.0999 0392 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
17:51:10.0046 0392 SENS - ok
17:51:10.0296 0392 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:51:10.0343 0392 SensrSvc - ok
17:51:10.0655 0392 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:51:10.0670 0392 Serenum - ok
17:51:11.0247 0392 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:51:11.0263 0392 Serial - ok
17:51:11.0606 0392 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:51:11.0622 0392 sermouse - ok
17:51:11.0965 0392 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:51:11.0996 0392 SessionEnv - ok
17:51:12.0230 0392 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:51:12.0277 0392 sffdisk - ok
17:51:12.0854 0392 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:51:12.0901 0392 sffp_mmc - ok
17:51:13.0197 0392 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:51:13.0213 0392 sffp_sd - ok
17:51:13.0260 0392 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:51:13.0291 0392 sfloppy - ok
17:51:13.0853 0392 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:51:13.0915 0392 SharedAccess - ok
17:51:14.0227 0392 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:51:14.0258 0392 ShellHWDetection - ok
17:51:14.0523 0392 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:51:14.0539 0392 sisagp - ok
17:51:14.0586 0392 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:51:14.0601 0392 SiSRaid2 - ok
17:51:15.0132 0392 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:51:15.0147 0392 SiSRaid4 - ok
17:51:15.0210 0392 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:51:15.0241 0392 Smb - ok
17:51:15.0865 0392 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys
17:51:15.0881 0392 SMSIVZAM5 - ok
17:51:16.0489 0392 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:51:16.0505 0392 SNMPTRAP - ok
17:51:16.0817 0392 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:51:16.0817 0392 spldr - ok
17:51:17.0441 0392 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
17:51:17.0487 0392 Spooler - ok
17:51:17.0877 0392 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:51:17.0971 0392 sppsvc - ok
17:51:18.0096 0392 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:51:18.0143 0392 sppuinotify - ok
17:51:18.0533 0392 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:51:18.0579 0392 SQLWriter - ok
17:51:18.0891 0392 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
17:51:18.0907 0392 SRTSP - ok
17:51:19.0422 0392 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
17:51:19.0437 0392 SRTSPX - ok
17:51:19.0781 0392 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:51:19.0827 0392 srv - ok
17:51:20.0139 0392 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:51:20.0155 0392 srv2 - ok
17:51:20.0436 0392 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:51:20.0483 0392 srvnet - ok
17:51:20.0841 0392 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:51:20.0873 0392 SSDPSRV - ok
17:51:21.0465 0392 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:51:21.0497 0392 SstpSvc - ok
17:51:21.0809 0392 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:51:21.0824 0392 stexstor - ok
17:51:22.0183 0392 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:51:22.0214 0392 StiSvc - ok
17:51:22.0511 0392 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:51:22.0526 0392 swenum - ok
17:51:22.0885 0392 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:51:22.0947 0392 swprv - ok
17:51:23.0540 0392 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
17:51:23.0556 0392 SymDS - ok
17:51:23.0852 0392 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
17:51:23.0883 0392 SymEFA - ok
17:51:24.0164 0392 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
17:51:24.0211 0392 SymEvent - ok
17:51:24.0523 0392 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
17:51:24.0539 0392 SymIRON - ok
17:51:24.0851 0392 [ 2C688094650D23B62B0A809DECD0B12F ] SymNetS C:\Windows\System32\Drivers\N360\0501000.01D\SYMNETS.SYS
17:51:24.0866 0392 SymNetS - ok
17:51:25.0256 0392 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:51:25.0256 0392 SynTP - ok
17:51:25.0599 0392 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:51:25.0631 0392 SysMain - ok
17:51:25.0896 0392 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:51:25.0927 0392 TabletInputService - ok
17:51:26.0270 0392 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:51:26.0317 0392 TapiSrv - ok
17:51:26.0660 0392 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:51:26.0723 0392 TBS - ok
17:51:27.0362 0392 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:51:27.0393 0392 Tcpip - ok
17:51:27.0690 0392 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:51:27.0721 0392 TCPIP6 - ok
17:51:28.0314 0392 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:51:28.0392 0392 tcpipreg - ok
17:51:29.0016 0392 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:51:29.0047 0392 TDPIPE - ok
17:51:29.0047 0392 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:51:29.0109 0392 TDTCP - ok
17:51:29.0406 0392 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:51:29.0468 0392 tdx - ok
17:51:29.0765 0392 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:51:29.0765 0392 TermDD - ok
17:51:29.0843 0392 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:51:29.0905 0392 TermService - ok
17:51:30.0170 0392 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:51:30.0201 0392 Themes - ok
17:51:30.0857 0392 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:51:30.0888 0392 THREADORDER - ok
17:51:31.0247 0392 [ 572A16FBAD52AB1AC8E3D44BAAF99694 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
17:51:31.0247 0392 TomTomHOMEService - ok
17:51:31.0574 0392 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:51:31.0621 0392 TrkWks - ok
17:51:31.0964 0392 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:51:32.0011 0392 TrustedInstaller - ok
17:51:32.0619 0392 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:51:32.0666 0392 tssecsrv - ok
17:51:33.0259 0392 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:51:33.0290 0392 TsUsbFlt - ok
17:51:33.0633 0392 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:51:33.0665 0392 tunnel - ok
17:51:34.0008 0392 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:51:34.0023 0392 uagp35 - ok
17:51:34.0382 0392 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:51:34.0460 0392 udfs - ok
17:51:35.0053 0392 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:51:35.0084 0392 UI0Detect - ok
17:51:35.0396 0392 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:51:35.0396 0392 uliagpkx - ok
17:51:36.0067 0392 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:51:36.0098 0392 umbus - ok
17:51:36.0410 0392 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:51:36.0457 0392 UmPass - ok
17:51:36.0769 0392 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:51:36.0800 0392 upnphost - ok
17:51:37.0128 0392 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:51:37.0143 0392 usbccgp - ok
17:51:37.0440 0392 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:51:37.0455 0392 usbcir - ok
17:51:37.0471 0392 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:51:37.0471 0392 usbehci - ok
17:51:37.0830 0392 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:51:37.0845 0392 usbhub - ok
17:51:38.0438 0392 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:51:38.0485 0392 usbohci - ok
17:51:38.0859 0392 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:51:38.0875 0392 usbprint - ok
17:51:39.0530 0392 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:51:39.0546 0392 USBSTOR - ok
17:51:39.0858 0392 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:51:39.0873 0392 usbuhci - ok
17:51:40.0232 0392 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:51:40.0279 0392 usbvideo - ok
17:51:40.0653 0392 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
17:51:40.0700 0392 usb_rndisx - ok
17:51:41.0012 0392 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:51:41.0043 0392 UxSms - ok
17:51:41.0371 0392 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:51:41.0371 0392 VaultSvc - ok
17:51:42.0057 0392 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:51:42.0073 0392 vdrvroot - ok
17:51:42.0385 0392 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:51:42.0432 0392 vds - ok
17:51:42.0791 0392 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:51:42.0822 0392 vga - ok
17:51:43.0103 0392 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:51:43.0134 0392 VgaSave - ok
17:51:43.0430 0392 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:51:43.0446 0392 vhdmp - ok
17:51:43.0773 0392 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:51:43.0789 0392 viaagp - ok
17:51:44.0460 0392 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:51:44.0491 0392 ViaC7 - ok
17:51:44.0834 0392 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:51:44.0834 0392 viaide - ok
17:51:45.0209 0392 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:51:45.0209 0392 volmgr - ok
17:51:45.0599 0392 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:51:45.0614 0392 volmgrx - ok
17:51:46.0207 0392 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:51:46.0223 0392 volsnap - ok
17:51:46.0613 0392 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:51:46.0628 0392 vsmraid - ok
17:51:47.0018 0392 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:51:47.0081 0392 VSS - ok
17:51:47.0315 0392 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:51:47.0346 0392 vwifibus - ok
17:51:48.0048 0392 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:51:48.0079 0392 vwififlt - ok
17:51:48.0375 0392 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:51:48.0438 0392 W32Time - ok
17:51:48.0703 0392 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:51:48.0750 0392 WacomPen - ok
17:51:49.0077 0392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:51:49.0093 0392 WANARP - ok
17:51:49.0436 0392 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:51:49.0467 0392 Wanarpv6 - ok
17:51:50.0169 0392 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:51:50.0216 0392 WatAdminSvc - ok
17:51:50.0513 0392 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:51:50.0559 0392 wbengine - ok
17:51:50.0856 0392 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:51:50.0887 0392 WbioSrvc - ok
17:51:51.0215 0392 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:51:51.0230 0392 WcesComm - ok
17:51:51.0558 0392 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:51:51.0573 0392 wcncsvc - ok
17:51:52.0229 0392 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:51:52.0275 0392 WcsPlugInService - ok
17:51:52.0572 0392 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:51:52.0587 0392 Wd - ok
17:51:52.0946 0392 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:51:52.0977 0392 Wdf01000 - ok
17:51:53.0289 0392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:51:53.0321 0392 WdiServiceHost - ok
17:51:53.0617 0392 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:51:53.0633 0392 WdiSystemHost - ok
17:51:53.0679 0392 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:51:53.0711 0392 WebClient - ok
17:51:54.0054 0392 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:51:54.0085 0392 Wecsvc - ok
17:51:54.0725 0392 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:51:54.0756 0392 wercplsupport - ok
17:51:55.0083 0392 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:51:55.0115 0392 WerSvc - ok
17:51:55.0427 0392 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:51:55.0458 0392 WfpLwf - ok
17:51:55.0817 0392 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:51:55.0832 0392 WIMMount - ok
17:51:56.0503 0392 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:51:56.0550 0392 winachsf - ok
17:51:56.0893 0392 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:51:56.0940 0392 WinDefend - ok
17:51:57.0158 0392 WinHttpAutoProxySvc - ok
17:51:57.0267 0392 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:51:57.0299 0392 Winmgmt - ok
17:51:57.0626 0392 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:51:57.0689 0392 WinRM - ok
17:51:58.0281 0392 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
17:51:58.0313 0392 WINUSB - ok
17:51:58.0671 0392 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:51:58.0703 0392 Wlansvc - ok
17:51:59.0420 0392 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:51:59.0467 0392 wlidsvc - ok
17:51:59.0670 0392 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:51:59.0685 0392 WmiAcpi - ok
17:52:00.0044 0392 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:52:00.0091 0392 wmiApSrv - ok
17:52:00.0512 0392 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:52:00.0543 0392 WMPNetworkSvc - ok
17:52:01.0089 0392 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:52:01.0121 0392 WPCSvc - ok
17:52:01.0479 0392 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:52:01.0511 0392 WPDBusEnum - ok
17:52:01.0901 0392 WPFFontCache_v0400 - ok
17:52:02.0228 0392 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:52:02.0275 0392 ws2ifsl - ok
17:52:02.0556 0392 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:52:02.0587 0392 wscsvc - ok
17:52:03.0227 0392 WSearch - ok
17:52:03.0336 0392 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:52:03.0398 0392 wuauserv - ok
17:52:03.0617 0392 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:52:03.0648 0392 WudfPf - ok
17:52:04.0287 0392 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:52:04.0365 0392 WUDFRd - ok
17:52:05.0021 0392 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:52:05.0052 0392 wudfsvc - ok
17:52:05.0395 0392 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:52:05.0411 0392 WwanSvc - ok
17:52:05.0738 0392 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
17:52:05.0754 0392 XAudio - ok
17:52:06.0128 0392 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
17:52:06.0144 0392 XAudioService - ok
17:52:07.0111 0392 ================ Scan global ===============================
17:52:07.0517 0392 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:52:07.0875 0392 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:52:08.0172 0392 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
17:52:08.0546 0392 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:52:08.0593 0392 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:52:08.0593 0392 [Global] - ok
17:52:08.0889 0392 ================ Scan MBR ==================================
17:52:08.0921 0392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:52:09.0435 0392 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:52:09.0435 0392 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:52:09.0607 0392 ================ Scan VBR ==================================
17:52:09.0607 0392 [ 608FF3F8566B467E28A3EFE9E820F8DB ] \Device\Harddisk0\DR0\Partition1
17:52:09.0607 0392 \Device\Harddisk0\DR0\Partition1 - ok
17:52:09.0638 0392 [ 61A54F09B029280B191D4F5321AFB5CC ] \Device\Harddisk0\DR0\Partition2
17:52:09.0638 0392 \Device\Harddisk0\DR0\Partition2 - ok
17:52:09.0950 0392 ============================================================
17:52:09.0950 0392 Scan finished
17:52:09.0950 0392 ============================================================
17:52:10.0278 1312 Detected object count: 7
17:52:10.0278 1312 Actual detected object count: 7
17:53:08.0325 1312 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:08.0325 1312 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:08.0325 1312 CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:08.0325 1312 CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:08.0871 1312 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:08.0871 1312 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:08.0871 1312 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:08.0871 1312 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:08.0871 1312 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:08.0871 1312 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:09.0152 1312 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:53:09.0152 1312 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:53:09.0152 1312 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:53:09.0152 1312 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:55:27.0618 1804 Deinitialize success




OTL

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A4E56C-445B-47E9-8637-F329433B1DB3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FA204D4-5326-43C7-A4D2-EDFB78E6EA59}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60A4E56C-445B-47E9-8637-F329433B1DB3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60A4E56C-445B-47E9-8637-F329433B1DB3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 removed from extensions.enabledAddons
Prefs.js: removed from extensions.enabledItems
Prefs.js: removed from extensions.enabledItems
Prefs.js: removed from extensions.enabledItems
Prefs.js: removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ not found.
File C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2C5E510-BE6D-42CC-9F61-E4F939078474}\ deleted successfully.
C:\Program Files\Lexmark Printable Web\bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
File HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
C:\Program Files\Lexmark Toolbar\toolband.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files\Lexmark Toolbar\toolband.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\symres\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}\ deleted successfully.
File {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll File not found not found.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\DRM\1334.tmp moved successfully.
< at /c >
The service has not been started.
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File\Folder C:\Windows\assembly\GAC\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Users\LandaBear\AppData\Local\Temp\12C1FFCA-E0A2-4C71-8679-8A951F90520F.exe moved successfully.
< sc config WSearch start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< sc config Browser start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< sc config HomeGroupProvider start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16464" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16465" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16470" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16471" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "21810" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "22292" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "34354" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "34355" /c >
C:\Users\LandaBear\Desktop\cmd.bat deleted successfully.
C:\Users\LandaBear\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LandaBear
->Flash cache emptied: 760 bytes

User: Mcx1
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: LandaBear
->Java cache emptied: 0 bytes

User: Mcx1

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10172012_182831





ADW

# AdwCleaner v2.005 - Logfile created 10/17/2012 at 18:37:40
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : LandaBear - LAPTOP
# Boot Mode : Safe mode with networking
# Running from : C:\Users\LandaBear\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\IZArc\OpenCandy
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\LandaBear\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\LandaBear\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\LandaBear\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\LandaBear\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\LandaBear\AppData\Roaming\Mozilla\Firefox\Profiles\5zcty7d5.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\awck9k7t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\LandaBear\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2209 octets] - [17/10/2012 18:37:40]

########## EOF - C:\AdwCleaner[S1].txt - [2269 octets] ##########


VEW - System

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/10/2012 7:26:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2012 11:23:54 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: BHDrvx86 SRTSP SymIRON

Log: 'System' Date/Time: 17/10/2012 11:22:47 PM
Type: Error Category: 0
Event: 5 Source: SRTSP
Error loading Symantec real time Anti-Virus driver.

Log: 'System' Date/Time: 17/10/2012 11:22:46 PM
Type: Error Category: 0
Event: 4 Source: SRTSP
Error loading virus definitions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/10/2012 11:22:46 PM
Type: Warning Category: 0
Event: 1005 Source: SRTSP
Unable to load settings file. Using default settings for real time protection.

Log: 'System' Date/Time: 17/10/2012 11:21:56 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW - Application

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/10/2012 7:28:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  • 0

Advertisements

#11
yobraniac
Posted 17 October 2012 - 05:59 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
I forgot to mention I tried doing the step to clear the Java cache but when I searched for Java no results were found for Java at all.
  • 0

#12
RKinner
Posted 17 October 2012 - 07:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Regular mode is fine if it works.

Run TDSSKiller again like you did the second time but this time tell it to Delete
\Device\Harddisk0\DR0 ( TDSS File System )

Then run aswMBR again and post the log.
  • 0

#13
yobraniac
Posted 17 October 2012 - 08:15 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Here are the logs

TDSS

21:52:06.0888 3912 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:52:07.0263 3912 ============================================================
21:52:07.0263 3912 Current date / time: 2012/10/17 21:52:07.0263
21:52:07.0263 3912 SystemInfo:
21:52:07.0263 3912
21:52:07.0263 3912 OS Version: 6.1.7601 ServicePack: 1.0
21:52:07.0263 3912 Product type: Workstation
21:52:07.0263 3912 ComputerName: LAPTOP
21:52:07.0264 3912 UserName: LandaBear
21:52:07.0264 3912 Windows directory: C:\Windows
21:52:07.0264 3912 System windows directory: C:\Windows
21:52:07.0264 3912 Processor architecture: Intel x86
21:52:07.0264 3912 Number of processors: 2
21:52:07.0264 3912 Page size: 0x1000
21:52:07.0264 3912 Boot type: Normal boot
21:52:07.0264 3912 ============================================================
21:52:09.0841 3912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:09.0844 3912 ============================================================
21:52:09.0844 3912 \Device\Harddisk0\DR0:
21:52:09.0844 3912 MBR partitions:
21:52:09.0844 3912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E6BFC1
21:52:09.0844 3912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E6C000, BlocksNum 0x15C1000
21:52:09.0844 3912 ============================================================
21:52:09.0911 3912 C: <-> \Device\Harddisk0\DR0\Partition1
21:52:10.0105 3912 D: <-> \Device\Harddisk0\DR0\Partition2
21:52:10.0105 3912 ============================================================
21:52:10.0105 3912 Initialize success
21:52:10.0105 3912 ============================================================
21:52:27.0932 3740 ============================================================
21:52:27.0932 3740 Scan started
21:52:27.0932 3740 Mode: Manual; SigCheck; TDLFS;
21:52:27.0932 3740 ============================================================
21:52:29.0237 3740 ================ Scan system memory ========================
21:52:29.0237 3740 System memory - ok
21:52:29.0237 3740 ================ Scan services =============================
21:52:30.0866 3740 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:52:30.0998 3740 1394ohci - ok
21:52:31.0052 3740 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:52:31.0069 3740 ACPI - ok
21:52:31.0108 3740 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:52:31.0210 3740 AcpiPmi - ok
21:52:31.0282 3740 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
21:52:31.0293 3740 adfs - ok
21:52:31.0380 3740 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:52:31.0402 3740 adp94xx - ok
21:52:31.0428 3740 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:52:31.0447 3740 adpahci - ok
21:52:31.0467 3740 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:52:31.0482 3740 adpu320 - ok
21:52:31.0571 3740 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:52:31.0665 3740 AeLookupSvc - ok
21:52:31.0826 3740 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:52:31.0933 3740 AFD - ok
21:52:31.0942 3740 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:52:31.0954 3740 agp440 - ok
21:52:32.0017 3740 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:52:32.0029 3740 aic78xx - ok
21:52:32.0096 3740 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:52:32.0160 3740 ALG - ok
21:52:32.0226 3740 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:52:32.0236 3740 aliide - ok
21:52:32.0244 3740 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:52:32.0256 3740 amdagp - ok
21:52:32.0264 3740 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:52:32.0275 3740 amdide - ok
21:52:32.0322 3740 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:52:32.0408 3740 AmdK8 - ok
21:52:32.0457 3740 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:52:32.0507 3740 AmdPPM - ok
21:52:32.0562 3740 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:52:32.0601 3740 amdsata - ok
21:52:32.0643 3740 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:52:32.0658 3740 amdsbs - ok
21:52:32.0685 3740 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:52:32.0695 3740 amdxata - ok
21:52:32.0739 3740 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:52:32.0860 3740 AppID - ok
21:52:32.0942 3740 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:52:33.0023 3740 AppIDSvc - ok
21:52:33.0085 3740 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:52:33.0144 3740 Appinfo - ok
21:52:33.0201 3740 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:52:33.0213 3740 arc - ok
21:52:33.0222 3740 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:52:33.0234 3740 arcsas - ok
21:52:33.0292 3740 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:33.0416 3740 AsyncMac - ok
21:52:33.0442 3740 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:52:33.0452 3740 atapi - ok
21:52:33.0582 3740 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
21:52:33.0629 3740 athr - ok
21:52:33.0816 3740 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:52:33.0880 3740 AudioEndpointBuilder - ok
21:52:33.0892 3740 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:52:33.0926 3740 Audiosrv - ok
21:52:33.0951 3740 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:52:34.0025 3740 AxInstSV - ok
21:52:34.0160 3740 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:52:34.0248 3740 b06bdrv - ok
21:52:34.0321 3740 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:52:34.0366 3740 b57nd60x - ok
21:52:34.0419 3740 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:52:34.0484 3740 BDESVC - ok
21:52:34.0494 3740 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:52:34.0556 3740 Beep - ok
21:52:34.0672 3740 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:52:34.0752 3740 BFE - ok
21:52:34.0922 3740 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:52:35.0010 3740 BITS - ok
21:52:35.0079 3740 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:52:35.0141 3740 blbdrive - ok
21:52:35.0161 3740 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:52:35.0216 3740 bowser - ok
21:52:35.0245 3740 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:52:35.0338 3740 BrFiltLo - ok
21:52:35.0362 3740 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:52:35.0401 3740 BrFiltUp - ok
21:52:35.0445 3740 [ 77361D72A04F18809D0EFB6CCEB74D4B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
21:52:35.0499 3740 Bridge - ok
21:52:35.0505 3740 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:52:35.0537 3740 BridgeMP - ok
21:52:35.0618 3740 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
21:52:35.0691 3740 Browser - ok
21:52:35.0742 3740 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:52:35.0831 3740 Brserid - ok
21:52:35.0877 3740 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:52:35.0920 3740 BrSerWdm - ok
21:52:35.0953 3740 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:52:36.0008 3740 BrUsbMdm - ok
21:52:36.0035 3740 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:52:36.0097 3740 BrUsbSer - ok
21:52:36.0125 3740 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:52:36.0170 3740 BTHMODEM - ok
21:52:36.0232 3740 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:52:36.0294 3740 bthserv - ok
21:52:36.0931 3740 catchme - ok
21:52:37.0013 3740 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:52:37.0076 3740 cdfs - ok
21:52:37.0151 3740 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:52:37.0175 3740 cdrom - ok
21:52:37.0262 3740 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:52:37.0330 3740 CertPropSvc - ok
21:52:37.0386 3740 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:52:37.0421 3740 circlass - ok
21:52:37.0497 3740 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:52:37.0540 3740 CLFS - ok
21:52:37.0717 3740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:37.0748 3740 clr_optimization_v2.0.50727_32 - ok
21:52:37.0854 3740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:37.0865 3740 clr_optimization_v4.0.30319_32 - ok
21:52:37.0941 3740 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:37.0987 3740 CmBatt - ok
21:52:38.0051 3740 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:52:38.0085 3740 cmdide - ok
21:52:38.0125 3740 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:52:38.0149 3740 CNG - ok
21:52:38.0235 3740 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:52:38.0320 3740 CnxtHdAudService - ok
21:52:38.0555 3740 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:52:38.0566 3740 Com4QLBEx - ok
21:52:38.0646 3740 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:52:38.0656 3740 Compbatt - ok
21:52:38.0725 3740 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:52:38.0780 3740 CompositeBus - ok
21:52:38.0801 3740 COMSysApp - ok
21:52:38.0835 3740 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:52:38.0846 3740 crcdisk - ok
21:52:38.0949 3740 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:52:39.0007 3740 CryptSvc - ok
21:52:39.0254 3740 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
21:52:39.0306 3740 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
21:52:39.0306 3740 CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
21:52:39.0369 3740 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
21:52:39.0408 3740 CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
21:52:39.0408 3740 CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
21:52:39.0515 3740 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:52:39.0591 3740 DcomLaunch - ok
21:52:39.0635 3740 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:52:39.0693 3740 defragsvc - ok
21:52:39.0796 3740 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:52:39.0892 3740 DfsC - ok
21:52:40.0043 3740 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:52:40.0116 3740 Dhcp - ok
21:52:40.0124 3740 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:52:40.0195 3740 discache - ok
21:52:40.0253 3740 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:52:40.0264 3740 Disk - ok
21:52:40.0324 3740 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:52:40.0413 3740 Dnscache - ok
21:52:40.0448 3740 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:52:40.0517 3740 dot3svc - ok
21:52:40.0638 3740 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:52:40.0787 3740 DPS - ok
21:52:40.0863 3740 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:52:40.0879 3740 drmkaud - ok
21:52:41.0150 3740 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:52:41.0173 3740 DXGKrnl - ok
21:52:41.0212 3740 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:52:41.0269 3740 EapHost - ok
21:52:42.0038 3740 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:52:42.0213 3740 ebdrv - ok
21:52:42.0275 3740 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:52:42.0324 3740 EFS - ok
21:52:42.0680 3740 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:52:42.0791 3740 ehRecvr - ok
21:52:42.0838 3740 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:52:42.0930 3740 ehSched - ok
21:52:43.0087 3740 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:52:43.0132 3740 elxstor - ok
21:52:43.0162 3740 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:52:43.0225 3740 ErrDev - ok
21:52:43.0344 3740 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:52:43.0378 3740 EventSystem - ok
21:52:43.0428 3740 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:52:43.0473 3740 exfat - ok
21:52:43.0500 3740 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:52:43.0569 3740 fastfat - ok
21:52:43.0728 3740 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:52:43.0799 3740 Fax - ok
21:52:43.0850 3740 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:52:43.0905 3740 fdc - ok
21:52:43.0949 3740 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:52:44.0011 3740 fdPHost - ok
21:52:44.0028 3740 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:52:44.0074 3740 FDResPub - ok
21:52:44.0109 3740 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:52:44.0120 3740 FileInfo - ok
21:52:44.0172 3740 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:52:44.0219 3740 Filetrace - ok
21:52:44.0543 3740 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:52:44.0605 3740 FLEXnet Licensing Service - ok
21:52:44.0629 3740 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:44.0691 3740 flpydisk - ok
21:52:44.0742 3740 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:52:44.0758 3740 FltMgr - ok
21:52:44.0935 3740 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:52:45.0039 3740 FontCache - ok
21:52:45.0188 3740 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:45.0197 3740 FontCache3.0.0.0 - ok
21:52:45.0229 3740 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:52:45.0264 3740 FsDepends - ok
21:52:45.0324 3740 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:52:45.0348 3740 fssfltr - ok
21:52:45.0836 3740 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:52:45.0928 3740 fsssvc - ok
21:52:45.0974 3740 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:52:45.0984 3740 Fs_Rec - ok
21:52:46.0048 3740 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:52:46.0064 3740 fvevol - ok
21:52:46.0122 3740 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:52:46.0150 3740 gagp30kx - ok
21:52:46.0347 3740 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
21:52:46.0373 3740 GameConsoleService - ok
21:52:46.0417 3740 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:52:46.0446 3740 GEARAspiWDM - ok
21:52:46.0706 3740 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:52:46.0742 3740 gpsvc - ok
21:52:46.0897 3740 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca3c63958ae07c C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:46.0907 3740 gupdate1ca3c63958ae07c - ok
21:52:46.0938 3740 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:46.0947 3740 gupdatem - ok
21:52:46.0996 3740 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:52:47.0022 3740 hamachi - ok
21:52:47.0088 3740 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:52:47.0183 3740 hcw85cir - ok
21:52:47.0253 3740 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:52:47.0305 3740 HDAudBus - ok
21:52:47.0328 3740 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:52:47.0383 3740 HidBatt - ok
21:52:47.0425 3740 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:52:47.0475 3740 HidBth - ok
21:52:47.0515 3740 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:52:47.0561 3740 HidIr - ok
21:52:47.0606 3740 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:52:47.0671 3740 hidserv - ok
21:52:47.0732 3740 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:52:47.0782 3740 HidUsb - ok
21:52:47.0834 3740 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:52:47.0893 3740 hkmsvc - ok
21:52:47.0951 3740 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:52:47.0994 3740 HomeGroupListener - ok
21:52:48.0044 3740 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:52:48.0218 3740 HomeGroupProvider - ok
21:52:48.0297 3740 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:52:48.0331 3740 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:52:48.0332 3740 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:52:48.0380 3740 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:52:48.0457 3740 HpqKbFiltr - ok
21:52:48.0526 3740 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:52:48.0537 3740 hpqwmiex - ok
21:52:48.0580 3740 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:52:48.0593 3740 HpSAMD - ok
21:52:48.0762 3740 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:52:48.0874 3740 HSF_DPV - ok
21:52:48.0898 3740 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:52:48.0914 3740 HSXHWAZL - ok
21:52:49.0071 3740 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:52:49.0127 3740 HTTP - ok
21:52:49.0157 3740 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:52:49.0166 3740 hwpolicy - ok
21:52:49.0227 3740 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:52:49.0260 3740 i8042prt - ok
21:52:49.0291 3740 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:52:49.0309 3740 iaStorV - ok
21:52:49.0396 3740 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:52:49.0440 3740 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:52:49.0440 3740 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:52:49.0907 3740 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:49.0981 3740 idsvc - ok
21:52:50.0040 3740 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:52:50.0051 3740 iirsp - ok
21:52:50.0330 3740 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:52:50.0416 3740 IKEEXT - ok
21:52:50.0433 3740 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:52:50.0444 3740 intelide - ok
21:52:50.0505 3740 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:52:50.0541 3740 intelppm - ok
21:52:50.0594 3740 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:52:50.0641 3740 IPBusEnum - ok
21:52:50.0672 3740 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:50.0741 3740 IpFilterDriver - ok
21:52:50.0776 3740 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:52:50.0855 3740 iphlpsvc - ok
21:52:50.0901 3740 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:52:50.0922 3740 IPMIDRV - ok
21:52:50.0967 3740 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:52:51.0007 3740 IPNAT - ok
21:52:51.0060 3740 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:52:51.0110 3740 IRENUM - ok
21:52:51.0146 3740 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:52:51.0179 3740 isapnp - ok
21:52:51.0238 3740 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:52:51.0288 3740 iScsiPrt - ok
21:52:51.0340 3740 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:52:51.0350 3740 kbdclass - ok
21:52:51.0394 3740 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:52:51.0425 3740 kbdhid - ok
21:52:51.0454 3740 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:52:51.0468 3740 KeyIso - ok
21:52:51.0535 3740 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:52:51.0593 3740 KMWDFILTER - ok
21:52:51.0626 3740 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:52:51.0653 3740 KSecDD - ok
21:52:51.0668 3740 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:52:51.0682 3740 KSecPkg - ok
21:52:51.0783 3740 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:52:51.0846 3740 KtmRm - ok
21:52:51.0933 3740 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:52:51.0965 3740 LanmanServer - ok
21:52:52.0036 3740 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:52:52.0077 3740 LanmanWorkstation - ok
21:52:52.0140 3740 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:52:52.0202 3740 lltdio - ok
21:52:52.0345 3740 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:52:52.0390 3740 lltdsvc - ok
21:52:52.0437 3740 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:52:52.0518 3740 lmhosts - ok
21:52:52.0856 3740 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
21:52:52.0871 3740 LMIGuardianSvc - ok
21:52:52.0918 3740 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
21:52:52.0926 3740 LMIInfo - ok
21:52:52.0996 3740 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
21:52:53.0007 3740 LMIMaint - ok
21:52:53.0035 3740 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
21:52:53.0044 3740 lmimirr - ok
21:52:53.0081 3740 LMIRfsClientNP - ok
21:52:53.0090 3740 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
21:52:53.0099 3740 LMIRfsDriver - ok
21:52:53.0218 3740 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:52:53.0257 3740 LogMeIn - ok
21:52:53.0315 3740 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:52:53.0328 3740 LSI_FC - ok
21:52:53.0366 3740 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:52:53.0378 3740 LSI_SAS - ok
21:52:53.0404 3740 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:52:53.0415 3740 LSI_SAS2 - ok
21:52:53.0433 3740 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:52:53.0446 3740 LSI_SCSI - ok
21:52:53.0469 3740 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:52:53.0502 3740 luafv - ok
21:52:53.0905 3740 [ 4A0B6533F035D74729942EE1D19C35C5 ] lxduCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe
21:52:54.0016 3740 lxduCATSCustConnectService - ok
21:52:54.0023 3740 lxdu_device - ok
21:52:54.0089 3740 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:52:54.0100 3740 MBAMProtector - ok
21:52:54.0236 3740 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:52:54.0294 3740 MBAMScheduler - ok
21:52:54.0517 3740 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:54.0578 3740 MBAMService - ok
21:52:54.0642 3740 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:52:54.0701 3740 Mcx2Svc - ok
21:52:54.0737 3740 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:52:54.0758 3740 mdmxsdk - ok
21:52:54.0806 3740 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:52:54.0832 3740 megasas - ok
21:52:54.0890 3740 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:52:54.0906 3740 MegaSR - ok
21:52:54.0986 3740 Microsoft SharePoint Workspace Audit Service - ok
21:52:55.0055 3740 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:52:55.0116 3740 MMCSS - ok
21:52:55.0141 3740 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:52:55.0198 3740 Modem - ok
21:52:55.0259 3740 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:52:55.0319 3740 monitor - ok
21:52:55.0332 3740 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:52:55.0343 3740 mouclass - ok
21:52:55.0350 3740 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:52:55.0382 3740 mouhid - ok
21:52:55.0395 3740 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:52:55.0407 3740 mountmgr - ok
21:52:55.0418 3740 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:52:55.0432 3740 mpio - ok
21:52:55.0507 3740 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:52:55.0569 3740 mpsdrv - ok
21:52:55.0809 3740 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:52:55.0892 3740 MpsSvc - ok
21:52:55.0980 3740 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:52:56.0041 3740 MRxDAV - ok
21:52:56.0082 3740 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:56.0134 3740 mrxsmb - ok
21:52:56.0145 3740 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:56.0162 3740 mrxsmb10 - ok
21:52:56.0171 3740 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:56.0209 3740 mrxsmb20 - ok
21:52:56.0223 3740 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:52:56.0235 3740 msahci - ok
21:52:56.0246 3740 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:52:56.0259 3740 msdsm - ok
21:52:56.0320 3740 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:52:56.0385 3740 MSDTC - ok
21:52:56.0448 3740 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:52:56.0508 3740 Msfs - ok
21:52:56.0522 3740 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:52:56.0593 3740 mshidkmdf - ok
21:52:56.0637 3740 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:52:56.0647 3740 msisadrv - ok
21:52:56.0692 3740 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:52:56.0756 3740 MSiSCSI - ok
21:52:56.0763 3740 msiserver - ok
21:52:56.0810 3740 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:52:56.0868 3740 MSKSSRV - ok
21:52:56.0900 3740 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:56.0950 3740 MSPCLOCK - ok
21:52:56.0982 3740 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:52:57.0034 3740 MSPQM - ok
21:52:57.0124 3740 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:52:57.0147 3740 MsRPC - ok
21:52:57.0197 3740 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:52:57.0207 3740 mssmbios - ok
21:52:57.0266 3740 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:52:57.0296 3740 MSTEE - ok
21:52:57.0312 3740 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:52:57.0356 3740 MTConfig - ok
21:52:57.0363 3740 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:52:57.0374 3740 Mup - ok
21:52:57.0500 3740 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:52:57.0563 3740 napagent - ok
21:52:57.0630 3740 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:52:57.0652 3740 NativeWifiP - ok
21:52:58.0079 3740 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
21:52:58.0155 3740 NBService - ok
21:52:58.0382 3740 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:52:58.0405 3740 NDIS - ok
21:52:58.0481 3740 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:58.0511 3740 NdisCap - ok
21:52:58.0575 3740 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:58.0629 3740 NdisTapi - ok
21:52:58.0689 3740 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:58.0755 3740 Ndisuio - ok
21:52:58.0828 3740 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:58.0912 3740 NdisWan - ok
21:52:58.0920 3740 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:52:58.0949 3740 NDProxy - ok
21:52:58.0976 3740 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:52:59.0042 3740 NetBIOS - ok
21:52:59.0067 3740 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:52:59.0147 3740 NetBT - ok
21:52:59.0177 3740 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:52:59.0191 3740 Netlogon - ok
21:52:59.0311 3740 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:52:59.0376 3740 Netman - ok
21:52:59.0422 3740 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:52:59.0472 3740 netprofm - ok
21:52:59.0538 3740 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:59.0591 3740 NetTcpPortSharing - ok
21:52:59.0657 3740 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:52:59.0668 3740 nfrd960 - ok
21:52:59.0742 3740 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:52:59.0801 3740 NlaSvc - ok
21:53:00.0036 3740 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
21:53:00.0071 3740 NMIndexingService - ok
21:53:00.0118 3740 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:53:00.0198 3740 Npfs - ok
21:53:00.0274 3740 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:53:00.0331 3740 nsi - ok
21:53:00.0351 3740 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:53:00.0408 3740 nsiproxy - ok
21:53:00.0764 3740 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:53:00.0841 3740 Ntfs - ok
21:53:00.0917 3740 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:53:00.0979 3740 Null - ok
21:53:01.0041 3740 [ D2F4C4B22969236382CA853B8DAA2D4E ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:53:01.0051 3740 NVHDA - ok
21:53:02.0842 3740 [ 9DAC05D828E56801FD6CE5FDFCED64AF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:53:03.0261 3740 nvlddmkm - ok
21:53:03.0326 3740 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
21:53:03.0340 3740 NVNET - ok
21:53:03.0382 3740 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:53:03.0395 3740 nvraid - ok
21:53:03.0436 3740 [ 0FB6BF3AB170FC5BD403D25E134EAFDE ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:53:03.0501 3740 nvsmu - ok
21:53:03.0525 3740 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:53:03.0540 3740 nvstor - ok
21:53:03.0608 3740 [ A91E66D964E5BEB4792EC8BAC8ED926A ] nvsvc C:\Windows\system32\nvvsvc.exe
21:53:03.0723 3740 nvsvc - ok
21:53:03.0758 3740 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:53:03.0770 3740 nv_agp - ok
21:53:04.0068 3740 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:53:04.0104 3740 odserv - ok
21:53:04.0174 3740 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:53:04.0243 3740 ohci1394 - ok
21:53:04.0291 3740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:53:04.0307 3740 ose - ok
21:53:04.0857 3740 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:53:05.0065 3740 osppsvc - ok
21:53:05.0216 3740 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:53:05.0310 3740 p2pimsvc - ok
21:53:05.0429 3740 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:53:05.0481 3740 p2psvc - ok
21:53:05.0535 3740 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:53:05.0573 3740 Parport - ok
21:53:05.0642 3740 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:53:05.0653 3740 partmgr - ok
21:53:05.0733 3740 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:53:05.0786 3740 Parvdm - ok
21:53:05.0850 3740 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:53:05.0870 3740 PcaSvc - ok
21:53:05.0992 3740 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:53:06.0043 3740 pci - ok
21:53:06.0081 3740 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:53:06.0091 3740 pciide - ok
21:53:06.0221 3740 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:53:06.0283 3740 pcmcia - ok
21:53:06.0301 3740 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:53:06.0311 3740 pcw - ok
21:53:06.0397 3740 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:53:06.0457 3740 PEAUTH - ok
21:53:06.0907 3740 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:53:06.0994 3740 pla - ok
21:53:07.0109 3740 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
21:53:07.0154 3740 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
21:53:07.0155 3740 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
21:53:07.0293 3740 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:53:07.0378 3740 PlugPlay - ok
21:53:07.0954 3740 [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
21:53:08.0032 3740 PMBDeviceInfoProvider - ok
21:53:08.0083 3740 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:53:08.0119 3740 PNRPAutoReg - ok
21:53:08.0140 3740 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:53:08.0158 3740 PNRPsvc - ok
21:53:08.0280 3740 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:53:08.0346 3740 PolicyAgent - ok
21:53:08.0447 3740 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:53:08.0510 3740 Power - ok
21:53:08.0557 3740 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:53:08.0617 3740 PptpMiniport - ok
21:53:08.0643 3740 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:53:08.0687 3740 Processor - ok
21:53:08.0746 3740 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:53:08.0818 3740 ProfSvc - ok
21:53:08.0834 3740 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:53:08.0848 3740 ProtectedStorage - ok
21:53:08.0916 3740 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:53:08.0948 3740 Psched - ok
21:53:09.0442 3740 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:53:09.0535 3740 ql2300 - ok
21:53:09.0564 3740 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:53:09.0625 3740 ql40xx - ok
21:53:09.0674 3740 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:53:09.0728 3740 QWAVE - ok
21:53:09.0758 3740 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:53:09.0775 3740 QWAVEdrv - ok
21:53:09.0926 3740 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:53:09.0937 3740 RapiMgr - ok
21:53:10.0024 3740 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:53:10.0090 3740 RasAcd - ok
21:53:10.0140 3740 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:53:10.0196 3740 RasAgileVpn - ok
21:53:10.0286 3740 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:53:10.0361 3740 RasAuto - ok
21:53:10.0397 3740 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:10.0452 3740 Rasl2tp - ok
21:53:10.0590 3740 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:53:10.0680 3740 RasMan - ok
21:53:10.0717 3740 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:10.0748 3740 RasPppoe - ok
21:53:10.0809 3740 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:53:10.0867 3740 RasSstp - ok
21:53:10.0933 3740 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:53:10.0980 3740 rdbss - ok
21:53:11.0024 3740 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:53:11.0093 3740 rdpbus - ok
21:53:11.0101 3740 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:11.0133 3740 RDPCDD - ok
21:53:11.0173 3740 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:53:11.0219 3740 RDPENCDD - ok
21:53:11.0254 3740 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:53:11.0305 3740 RDPREFMP - ok
21:53:11.0435 3740 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:53:11.0532 3740 RDPWD - ok
21:53:11.0563 3740 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:53:11.0578 3740 rdyboost - ok
21:53:11.0988 3740 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
21:53:12.0068 3740 Recovery Service for Windows - ok
21:53:12.0118 3740 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:53:12.0172 3740 RemoteAccess - ok
21:53:12.0234 3740 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:53:12.0316 3740 RemoteRegistry - ok
21:53:12.0576 3740 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:53:12.0644 3740 RichVideo ( UnsignedFile.Multi.Generic ) - warning
21:53:12.0644 3740 RichVideo - detected UnsignedFile.Multi.Generic (1)
21:53:12.0700 3740 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:53:12.0764 3740 RpcEptMapper - ok
21:53:12.0805 3740 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:53:12.0847 3740 RpcLocator - ok
21:53:12.0909 3740 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:53:12.0944 3740 RpcSs - ok
21:53:13.0011 3740 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:53:13.0100 3740 rspndr - ok
21:53:13.0160 3740 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
21:53:13.0215 3740 RTSTOR - ok
21:53:13.0235 3740 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:53:13.0249 3740 SamSs - ok
21:53:13.0311 3740 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:53:13.0323 3740 sbp2port - ok
21:53:13.0409 3740 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:53:13.0498 3740 SCardSvr - ok
21:53:13.0519 3740 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:53:13.0578 3740 scfilter - ok
21:53:13.0965 3740 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:53:14.0043 3740 Schedule - ok
21:53:14.0100 3740 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:53:14.0128 3740 SCPolicySvc - ok
21:53:14.0269 3740 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:53:14.0354 3740 SDRSVC - ok
21:53:14.0511 3740 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:53:14.0524 3740 SeaPort - ok
21:53:14.0614 3740 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:53:14.0676 3740 secdrv - ok
21:53:14.0726 3740 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:53:14.0783 3740 seclogon - ok
21:53:14.0838 3740 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:53:14.0929 3740 SENS - ok
21:53:15.0022 3740 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:53:15.0105 3740 SensrSvc - ok
21:53:15.0155 3740 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:53:15.0168 3740 Serenum - ok
21:53:15.0189 3740 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:53:15.0204 3740 Serial - ok
21:53:15.0247 3740 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:53:15.0276 3740 sermouse - ok
21:53:15.0349 3740 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:53:15.0435 3740 SessionEnv - ok
21:53:15.0442 3740 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:53:15.0461 3740 sffdisk - ok
21:53:15.0468 3740 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:53:15.0498 3740 sffp_mmc - ok
21:53:15.0506 3740 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:53:15.0522 3740 sffp_sd - ok
21:53:15.0564 3740 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:53:15.0606 3740 sfloppy - ok
21:53:15.0738 3740 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:53:15.0814 3740 SharedAccess - ok
21:53:15.0991 3740 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:53:16.0026 3740 ShellHWDetection - ok
21:53:16.0062 3740 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:53:16.0098 3740 sisagp - ok
21:53:16.0165 3740 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:53:16.0204 3740 SiSRaid2 - ok
21:53:16.0213 3740 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:53:16.0225 3740 SiSRaid4 - ok
21:53:16.0268 3740 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:53:16.0300 3740 Smb - ok
21:53:16.0788 3740 [ 1E715247EFFFDDA938C085913045D599 ] SMSIVZAM5 C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys
21:53:16.0799 3740 SMSIVZAM5 - ok
21:53:16.0865 3740 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:53:16.0906 3740 SNMPTRAP - ok
21:53:16.0951 3740 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:53:16.0961 3740 spldr - ok
21:53:17.0122 3740 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
21:53:17.0173 3740 Spooler - ok
21:53:18.0106 3740 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:53:18.0207 3740 sppsvc - ok
21:53:18.0241 3740 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:53:18.0293 3740 sppuinotify - ok
21:53:18.0495 3740 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:53:18.0548 3740 SQLWriter - ok
21:53:18.0659 3740 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:53:18.0750 3740 srv - ok
21:53:18.0834 3740 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:53:18.0886 3740 srv2 - ok
21:53:18.0934 3740 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:53:18.0954 3740 srvnet - ok
21:53:19.0044 3740 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:53:19.0098 3740 SSDPSRV - ok
21:53:19.0132 3740 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:53:19.0163 3740 SstpSvc - ok
21:53:19.0251 3740 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:53:19.0308 3740 stexstor - ok
21:53:19.0473 3740 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:53:19.0558 3740 StiSvc - ok
21:53:19.0603 3740 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:53:19.0613 3740 swenum - ok
21:53:19.0738 3740 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:53:19.0799 3740 swprv - ok
21:53:19.0858 3740 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:53:19.0870 3740 SynTP - ok
21:53:20.0285 3740 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:53:20.0326 3740 SysMain - ok
21:53:20.0406 3740 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:53:20.0438 3740 TabletInputService - ok
21:53:20.0464 3740 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:53:20.0534 3740 TapiSrv - ok
21:53:20.0596 3740 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:53:20.0662 3740 TBS - ok
21:53:21.0144 3740 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:53:21.0231 3740 Tcpip - ok
21:53:21.0273 3740 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:53:21.0307 3740 TCPIP6 - ok
21:53:21.0352 3740 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:53:21.0397 3740 tcpipreg - ok
21:53:21.0409 3740 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:53:21.0437 3740 TDPIPE - ok
21:53:21.0445 3740 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:53:21.0485 3740 TDTCP - ok
21:53:21.0494 3740 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:53:21.0527 3740 tdx - ok
21:53:21.0535 3740 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:53:21.0547 3740 TermDD - ok
21:53:21.0723 3740 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:53:21.0771 3740 TermService - ok
21:53:21.0792 3740 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:53:21.0830 3740 Themes - ok
21:53:21.0870 3740 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:53:21.0902 3740 THREADORDER - ok
21:53:22.0013 3740 [ 572A16FBAD52AB1AC8E3D44BAAF99694 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
21:53:22.0056 3740 TomTomHOMEService - ok
21:53:22.0101 3740 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:53:22.0186 3740 TrkWks - ok
21:53:22.0403 3740 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:53:22.0481 3740 TrustedInstaller - ok
21:53:22.0529 3740 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:22.0611 3740 tssecsrv - ok
21:53:22.0638 3740 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:53:22.0690 3740 TsUsbFlt - ok
21:53:22.0733 3740 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:53:22.0780 3740 tunnel - ok
21:53:22.0825 3740 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:53:22.0837 3740 uagp35 - ok
21:53:22.0885 3740 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:53:22.0939 3740 udfs - ok
21:53:23.0049 3740 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:53:23.0094 3740 UI0Detect - ok
21:53:23.0118 3740 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:53:23.0130 3740 uliagpkx - ok
21:53:23.0146 3740 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:53:23.0176 3740 umbus - ok
21:53:23.0233 3740 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:53:23.0280 3740 UmPass - ok
21:53:23.0360 3740 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:53:23.0395 3740 upnphost - ok
21:53:23.0543 3740 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:23.0645 3740 usbccgp - ok
21:53:23.0671 3740 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:53:23.0690 3740 usbcir - ok
21:53:23.0712 3740 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:53:23.0725 3740 usbehci - ok
21:53:23.0746 3740 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:53:23.0764 3740 usbhub - ok
21:53:23.0771 3740 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:53:23.0803 3740 usbohci - ok
21:53:23.0850 3740 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:53:23.0876 3740 usbprint - ok
21:53:23.0926 3740 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:23.0970 3740 USBSTOR - ok
21:53:23.0978 3740 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:53:23.0990 3740 usbuhci - ok
21:53:24.0041 3740 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:53:24.0068 3740 usbvideo - ok
21:53:24.0124 3740 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:53:24.0177 3740 usb_rndisx - ok
21:53:24.0240 3740 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:53:24.0270 3740 UxSms - ok
21:53:24.0314 3740 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:53:24.0327 3740 VaultSvc - ok
21:53:24.0407 3740 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:53:24.0439 3740 vdrvroot - ok
21:53:24.0664 3740 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:53:24.0756 3740 vds - ok
21:53:24.0834 3740 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:24.0881 3740 vga - ok
21:53:24.0903 3740 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:53:24.0933 3740 VgaSave - ok
21:53:24.0991 3740 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:53:25.0040 3740 vhdmp - ok
21:53:25.0087 3740 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:53:25.0099 3740 viaagp - ok
21:53:25.0113 3740 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:53:25.0150 3740 ViaC7 - ok
21:53:25.0157 3740 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:53:25.0169 3740 viaide - ok
21:53:25.0178 3740 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:53:25.0189 3740 volmgr - ok
21:53:25.0310 3740 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:53:25.0345 3740 volmgrx - ok
21:53:25.0377 3740 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:53:25.0393 3740 volsnap - ok
21:53:25.0436 3740 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:53:25.0451 3740 vsmraid - ok
21:53:25.0682 3740 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:53:25.0769 3740 VSS - ok
21:53:25.0799 3740 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:53:25.0856 3740 vwifibus - ok
21:53:25.0920 3740 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:53:25.0954 3740 vwififlt - ok
21:53:26.0012 3740 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:53:26.0066 3740 W32Time - ok
21:53:26.0114 3740 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:53:26.0155 3740 WacomPen - ok
21:53:26.0222 3740 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:53:26.0276 3740 WANARP - ok
21:53:26.0281 3740 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:53:26.0310 3740 Wanarpv6 - ok
21:53:26.0481 3740 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:53:26.0536 3740 WatAdminSvc - ok
21:53:26.0784 3740 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:53:26.0867 3740 wbengine - ok
21:53:26.0911 3740 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:53:26.0982 3740 WbioSrvc - ok
21:53:27.0101 3740 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:53:27.0115 3740 WcesComm - ok
21:53:27.0262 3740 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:53:27.0303 3740 wcncsvc - ok
21:53:27.0351 3740 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:53:27.0424 3740 WcsPlugInService - ok
21:53:27.0459 3740 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:53:27.0498 3740 Wd - ok
21:53:27.0636 3740 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:53:27.0684 3740 Wdf01000 - ok
21:53:27.0734 3740 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:53:27.0839 3740 WdiServiceHost - ok
21:53:27.0844 3740 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:53:27.0864 3740 WdiSystemHost - ok
21:53:27.0952 3740 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:53:28.0028 3740 WebClient - ok
21:53:28.0118 3740 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:53:28.0164 3740 Wecsvc - ok
21:53:28.0210 3740 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:53:28.0240 3740 wercplsupport - ok
21:53:28.0295 3740 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:53:28.0328 3740 WerSvc - ok
21:53:28.0382 3740 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:28.0438 3740 WfpLwf - ok
21:53:28.0556 3740 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:53:28.0599 3740 WIMMount - ok
21:53:28.0655 3740 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:53:28.0732 3740 winachsf - ok
21:53:29.0012 3740 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:53:29.0061 3740 WinDefend - ok
21:53:29.0069 3740 WinHttpAutoProxySvc - ok
21:53:29.0448 3740 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:53:29.0511 3740 Winmgmt - ok
21:53:29.0950 3740 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:53:30.0024 3740 WinRM - ok
21:53:30.0100 3740 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WINUSB C:\Windows\system32\DRIVERS\WinUSB.SYS
21:53:30.0121 3740 WINUSB - ok
21:53:30.0378 3740 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:53:30.0427 3740 Wlansvc - ok
21:53:30.0977 3740 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:31.0068 3740 wlidsvc - ok
21:53:31.0134 3740 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:53:31.0146 3740 WmiAcpi - ok
21:53:31.0232 3740 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:53:31.0275 3740 wmiApSrv - ok
21:53:31.0687 3740 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:53:31.0778 3740 WMPNetworkSvc - ok
21:53:31.0821 3740 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:53:31.0902 3740 WPCSvc - ok
21:53:31.0939 3740 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:53:32.0001 3740 WPDBusEnum - ok
21:53:32.0470 3740 WPFFontCache_v0400 - ok
21:53:32.0548 3740 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:53:32.0608 3740 ws2ifsl - ok
21:53:32.0644 3740 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:53:32.0665 3740 wscsvc - ok
21:53:32.0672 3740 WSearch - ok
21:53:33.0111 3740 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:53:33.0158 3740 wuauserv - ok
21:53:33.0226 3740 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:53:33.0305 3740 WudfPf - ok
21:53:33.0370 3740 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:53:33.0452 3740 wudfsvc - ok
21:53:33.0526 3740 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:53:33.0571 3740 WwanSvc - ok
21:53:33.0665 3740 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:53:33.0691 3740 XAudio - ok
21:53:33.0761 3740 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:53:33.0830 3740 XAudioService - ok
21:53:33.0861 3740 ================ Scan global ===============================
21:53:33.0911 3740 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:53:34.0029 3740 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:53:34.0067 3740 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:53:34.0128 3740 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:53:34.0219 3740 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:53:34.0245 3740 [Global] - ok
21:53:34.0246 3740 ================ Scan MBR ==================================
21:53:34.0264 3740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:53:37.0169 3740 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:53:37.0169 3740 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:53:37.0173 3740 ================ Scan VBR ==================================
21:53:37.0220 3740 [ 608FF3F8566B467E28A3EFE9E820F8DB ] \Device\Harddisk0\DR0\Partition1
21:53:37.0267 3740 \Device\Harddisk0\DR0\Partition1 - ok
21:53:37.0296 3740 [ 61A54F09B029280B191D4F5321AFB5CC ] \Device\Harddisk0\DR0\Partition2
21:53:37.0419 3740 \Device\Harddisk0\DR0\Partition2 - ok
21:53:37.0423 3740 ============================================================
21:53:37.0423 3740 Scan finished
21:53:37.0423 3740 ============================================================
21:53:37.0442 3688 Detected object count: 7
21:53:37.0442 3688 Actual detected object count: 7
21:53:52.0345 3688 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0345 3688 CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0348 3688 CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0348 3688 CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0353 3688 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0353 3688 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0358 3688 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0358 3688 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0363 3688 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0364 3688 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0364 3688 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:52.0364 3688 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:52.0426 3688 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:53:52.0495 3688 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:53:52.0497 3688 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:53:52.0560 3688 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:53:52.0568 3688 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:53:52.0595 3688 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:53:52.0597 3688 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:53:52.0599 3688 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:53:52.0601 3688 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:53:52.0604 3688 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:53:52.0605 3688 \Device\Harddisk0\DR0\TDLFS - deleted
21:53:52.0605 3688 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:54:03.0233 4812 Deinitialize success


ASW

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-17 21:54:24
-----------------------------
21:54:24.700 OS Version: Windows 6.1.7601 Service Pack 1
21:54:24.701 Number of processors: 2 586 0x301
21:54:24.704 ComputerName: LAPTOP UserName:
21:54:47.020 Initialize success
21:56:12.251 AVAST engine defs: 12101701
21:56:57.112 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
21:56:57.115 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
21:56:57.137 Disk 0 MBR read successfully
21:56:57.140 Disk 0 MBR scan
21:56:57.177 Disk 0 Windows 7 default MBR code
21:56:57.181 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294103 MB offset 63
21:56:57.212 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11138 MB offset 602324992
21:56:57.220 Disk 0 scanning sectors +625135616
21:56:57.306 Disk 0 scanning C:\Windows\system32\drivers
21:57:08.807 Service scanning
21:57:49.601 Modules scanning
21:58:04.047 AVAST engine scan C:\Windows
21:58:09.159 AVAST engine scan C:\Windows\system32
22:02:03.291 AVAST engine scan C:\Windows\system32\drivers
22:02:18.171 AVAST engine scan C:\Users\LandaBear
22:10:08.970 AVAST engine scan C:\ProgramData
22:13:30.256 Scan finished successfully
22:13:52.003 Disk 0 MBR has been saved successfully to "C:\Users\LandaBear\Desktop\MBR.dat"
22:13:52.010 The log file has been saved successfully to "C:\Users\LandaBear\Desktop\aswMBR.txt"





  • 0

#14
RKinner
Posted 17 October 2012 - 08:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks good. Let's replace the broken anti-virus with the free Avast!


Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
A text version of the report is usually at C:\ProgramData\Avast Software\Avast\report\aswboot.txt (It will tell you when it starts the scan where the report will be)
  • 0

#15
yobraniac
Posted 18 October 2012 - 08:08 PM

yobraniac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Here is what it found

10/18/2012 14:19
Scan of all local drives

File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\mbr0000\tsk0000.dta is infected by MBR:Pihar-C [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\mbr0000\tsk0001.dta is infected by MBR:Pihar-C [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0001.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0003.dta is infected by Win32:Alureon-AQL [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0004.dta is infected by MBR:Pihar-C [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0007.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0008.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\11.10.2012_21.59.48\mbr0000\tdlfs0000\tsk0009.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0001.dta is infected by Win32:Malware-gen, Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0003.dta is infected by Win32:Alureon-AQL [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0004.dta is infected by MBR:Pihar-C [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0007.dta is infected by MBR:Alureon-B [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0008.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\17.10.2012_21.52.07\tdlfs0000\tsk0009.dta is infected by Win32:Alureon-ANW [Rtk], Moved to chest
File C:\Users\LandaBear\AppData\Roaming\77EE0\05B4.7EE is infected by INI:Cycbot-gen [Trj], Moved to chest
File C:\Users\LandaBear\Desktop\Desktop\MP_ROOT.zip|>MP_ROOT\101MNV01\M4H00844.MP4 Error 42125 {ZIP archive is corrupted.}
File C:\_OTL\MovedFiles\10112012_185028\C_Windows\$NtUninstallKB62280$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Q9Y3KFZ\bpmslgxkzj-super-mario-brothers[1].txt is infected by JS:ScriptIP-inf [Trj]


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP