Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan Horse infection

Started by mysoup7 , Aug 01 2012 07:39 PM

Please log in to reply

#1
mysoup7

Posted 01 August 2012 - 07:39 PM

New Member

Member
2 posts

we have a Trojan horse infection. AVG says an infection was detected and fixed over and over again. but it keeps coming up. it says it is located in windows/system32/svhost. please see the OLT file below.
OTL logfile created on: 8/1/2012 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\josh coons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 59.39% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 152.10 Gb Free Space | 53.68% Space Free | Partition Type: NTFS

Computer Name: JOSHCOONS-PC | User Name: josh coons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:17:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\josh coons\Downloads\OTL.exe
PRC - [2012/07/19 12:37:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/09 16:57:26 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 16:57:25 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/19 12:37:34 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/09 16:57:28 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:57:25 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/01/12 21:09:55 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 21:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 21:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/11 17:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 17:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 17:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 17:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 17:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 17:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 17:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 22:47:36 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/03/24 00:12:30 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/19 12:37:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/09 16:57:26 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/26 20:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/10 13:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/26 19:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/14 20:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 20:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/04/21 17:47:48 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/15 01:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/24 00:42:50 | 006,654,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/23 23:23:52 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/17 15:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://74.125.65.99/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-24 09:48:01&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{97573CCC-6B0E-4918-B3E5-172545E09E43}: "URL" = http://websearch.ask...AC-1794D882F405
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:01&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 11:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 15:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/02 02:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Extensions
[2012/05/01 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\extensions
[2012/03/13 20:24:15 | 000,002,584 | ---- | M] () -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\searchplugins\askcom.xml
[2012/05/27 10:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/09 16:57:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/07/19 12:37:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/09 16:57:24 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/19 14:02:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 14:02:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/09 22:10:41 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCE7FDAE-294A-4A63-8503-F11070FD6640}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18966581-2e56-11e1-83f9-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{18966581-2e56-11e1-83f9-180373655f28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{1ab3a71e-313d-11e1-a5a7-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{1ab3a71e-313d-11e1-a5a7-180373655f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6b3c5e2-4bf4-11e1-948b-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b3c5e2-4bf4-11e1-948b-180373655f28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Desktop\anime
[2012/07/31 16:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\fltk.org
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/07/26 21:06:55 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Amnesia
[2012/07/26 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
[2012/07/26 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent Demo
[2012/07/26 01:40:39 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/07/18 20:10:57 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Rockstar Games
[2012/07/18 20:06:07 | 000,000,000 | RH-D | C] -- C:\Users\josh coons\AppData\Roaming\SecuROM
[2012/07/18 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Local\Rockstar Games
[2012/07/18 19:38:19 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/18 18:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/07/18 18:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/07/11 11:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 11:02:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 11:02:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 11:02:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 11:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 11:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 11:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 11:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 11:02:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 11:02:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 11:02:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 11:02:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 11:02:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/10 12:56:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/10 12:55:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/10 12:55:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/07 19:11:23 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\skypePM
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 18:40:03 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/01 18:40:03 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/01 18:40:03 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/01 18:27:10 | 000,529,964 | ---- | M] () -- C:\Users\josh coons\Desktop\flcl-1.jpg
[2012/08/01 17:21:48 | 102,750,583 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/08/01 16:00:15 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/08/01 15:48:39 | 000,142,820 | ---- | M] () -- C:\Users\josh coons\Desktop\music anime.jpg
[2012/08/01 14:14:23 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:14:23 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:05:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/01 14:05:51 | 3016,605,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 13:30:16 | 000,137,914 | ---- | M] () -- C:\Users\josh coons\Desktop\clannad.jpg
[2012/07/31 18:33:15 | 000,295,807 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/31 16:36:52 | 000,001,284 | ---- | M] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | M] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | M] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/18 19:38:19 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/11 11:23:25 | 005,022,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/09 15:56:34 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/07 19:11:24 | 000,000,056 | -H-- | M] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/07/05 13:01:22 | 000,002,197 | ---- | M] () -- C:\Users\josh coons\Desktop\Media Player Classic - Home Cinema.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 18:27:24 | 000,529,964 | ---- | C] () -- C:\Users\josh coons\Desktop\flcl-1.jpg
[2012/08/01 15:48:58 | 000,142,820 | ---- | C] () -- C:\Users\josh coons\Desktop\music anime.jpg
[2012/08/01 13:30:32 | 000,137,914 | ---- | C] () -- C:\Users\josh coons\Desktop\clannad.jpg
[2012/07/31 23:31:11 | 000,232,960 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@
[2012/07/31 23:31:11 | 000,092,672 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@
[2012/07/31 23:31:10 | 000,080,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@
[2012/07/31 23:31:10 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
[2012/07/31 23:31:10 | 000,002,048 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
[2012/07/31 23:31:10 | 000,001,632 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@
[2012/07/31 16:36:52 | 000,001,284 | ---- | C] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | C] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | C] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/26 01:34:52 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
[2012/07/07 19:11:24 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/06/04 19:44:57 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/03/12 16:45:48 | 000,032,768 | R--- | C] () -- C:\windows\SysWow64\XSIChooser.exe
[2012/01/10 22:23:45 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
[2012/01/10 22:23:45 | 000,002,048 | -HS- | C] () -- C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
[2011/12/26 17:05:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/26 22:52:55 | 000,001,035 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/06/26 22:51:13 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/06/26 22:51:09 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/06/26 22:51:09 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/06/26 22:51:09 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/06/26 22:51:09 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/26 22:51:09 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/06/26 22:51:09 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/06/26 22:51:09 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/06/26 20:49:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/26 20:47:01 | 000,000,080 | RHS- | C] () -- C:\windows\CT4CET.bin
[2011/06/26 20:40:24 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

< End of report >

#2
RKinner

Posted 01 August 2012 - 09:28 PM

Malware Expert

Expert
24,748 posts

IMPORTANT:

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Copy the text in the code box by highlighting and Ctrl + c


:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
[2012/07/26 01:40:39 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%

:files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
[-HKCU\Software\Classes\clsid\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
mysoup7

Posted 03 August 2012 - 07:26 PM

New Member

Topic Starter
Member
2 posts

Attached please find the log files from the listed scans.
OTL logfile created on: 8/1/2012 7:17:13 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\josh coons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 59.39% Memory free
7.49 Gb Paging File | 5.63 Gb Available in Paging File | 75.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 152.10 Gb Free Space | 53.68% Space Free | Partition Type: NTFS

Computer Name: JOSHCOONS-PC | User Name: josh coons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:17:01 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\josh coons\Downloads\OTL.exe
PRC - [2012/07/19 12:37:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/09 16:57:26 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 16:57:25 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/19 12:37:34 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/09 16:57:28 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 16:57:25 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/01/12 21:09:55 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 21:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 21:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/08/11 17:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/11 17:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/11 17:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/11 17:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/11 17:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/11 17:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/11 17:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 22:47:36 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/03/24 00:12:30 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/07/19 12:37:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/09 16:57:26 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/26 20:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/10 13:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/26 19:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/14 20:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 20:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/04/21 17:47:48 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/15 01:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/24 00:42:50 | 006,654,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/23 23:23:52 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/17 15:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://74.125.65.99/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-24 09:48:01&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{97573CCC-6B0E-4918-B3E5-172545E09E43}: "URL" = http://websearch.ask...AC-1794D882F405
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...8:01&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 11:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 16:57:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 15:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/02 02:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Extensions
[2012/05/01 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\extensions
[2012/03/13 20:24:15 | 000,002,584 | ---- | M] () -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\searchplugins\askcom.xml
[2012/05/27 10:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/09 16:57:35 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/07/19 12:37:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/09 16:57:24 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/19 14:02:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 14:02:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/09 22:10:41 | 000,000,882 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCE7FDAE-294A-4A63-8503-F11070FD6640}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18966581-2e56-11e1-83f9-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{18966581-2e56-11e1-83f9-180373655f28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{1ab3a71e-313d-11e1-a5a7-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{1ab3a71e-313d-11e1-a5a7-180373655f28}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a6b3c5e2-4bf4-11e1-948b-180373655f28}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b3c5e2-4bf4-11e1-948b-180373655f28}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Desktop\anime
[2012/07/31 16:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\fltk.org
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/07/26 21:06:55 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Amnesia
[2012/07/26 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
[2012/07/26 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent Demo
[2012/07/26 01:40:39 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/07/18 20:10:57 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Rockstar Games
[2012/07/18 20:06:07 | 000,000,000 | RH-D | C] -- C:\Users\josh coons\AppData\Roaming\SecuROM
[2012/07/18 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Local\Rockstar Games
[2012/07/18 19:38:19 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/18 18:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/07/18 18:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/07/11 11:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 11:02:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 11:02:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 11:02:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 11:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 11:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 11:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 11:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 11:02:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 11:02:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 11:02:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 11:02:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 11:02:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/10 12:56:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/10 12:55:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/10 12:55:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/07 19:11:23 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\skypePM
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 18:40:03 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/01 18:40:03 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/01 18:40:03 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/01 18:27:10 | 000,529,964 | ---- | M] () -- C:\Users\josh coons\Desktop\flcl-1.jpg
[2012/08/01 17:21:48 | 102,750,583 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/08/01 16:00:15 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/08/01 15:48:39 | 000,142,820 | ---- | M] () -- C:\Users\josh coons\Desktop\music anime.jpg
[2012/08/01 14:14:23 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:14:23 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 14:05:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/01 14:05:51 | 3016,605,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 13:30:16 | 000,137,914 | ---- | M] () -- C:\Users\josh coons\Desktop\clannad.jpg
[2012/07/31 18:33:15 | 000,295,807 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/31 16:36:52 | 000,001,284 | ---- | M] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | M] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | M] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/18 19:38:19 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/11 11:23:25 | 005,022,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/09 15:56:34 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/07 19:11:24 | 000,000,056 | -H-- | M] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/07/05 13:01:22 | 000,002,197 | ---- | M] () -- C:\Users\josh coons\Desktop\Media Player Classic - Home Cinema.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 18:27:24 | 000,529,964 | ---- | C] () -- C:\Users\josh coons\Desktop\flcl-1.jpg
[2012/08/01 15:48:58 | 000,142,820 | ---- | C] () -- C:\Users\josh coons\Desktop\music anime.jpg
[2012/08/01 13:30:32 | 000,137,914 | ---- | C] () -- C:\Users\josh coons\Desktop\clannad.jpg
[2012/07/31 23:31:11 | 000,232,960 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@
[2012/07/31 23:31:11 | 000,092,672 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@
[2012/07/31 23:31:10 | 000,080,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@
[2012/07/31 23:31:10 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
[2012/07/31 23:31:10 | 000,002,048 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
[2012/07/31 23:31:10 | 000,001,632 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@
[2012/07/31 16:36:52 | 000,001,284 | ---- | C] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | C] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | C] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/26 01:34:52 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
[2012/07/07 19:11:24 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/06/04 19:44:57 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/03/12 16:45:48 | 000,032,768 | R--- | C] () -- C:\windows\SysWow64\XSIChooser.exe
[2012/01/10 22:23:45 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
[2012/01/10 22:23:45 | 000,002,048 | -HS- | C] () -- C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
[2011/12/26 17:05:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/26 22:52:55 | 000,001,035 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/06/26 22:51:13 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/06/26 22:51:09 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/06/26 22:51:09 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/06/26 22:51:09 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/06/26 22:51:09 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/26 22:51:09 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/06/26 22:51:09 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/06/26 22:51:09 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/06/26 20:49:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/26 20:47:01 | 000,000,080 | RHS- | C] () -- C:\windows\CT4CET.bin
[2011/06/26 20:40:24 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

< End of report >
ComboFix 12-07-31.03 - josh coons 08/02/2012 19:37:34.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2135 [GMT -6:00]
Running from: c:\users\josh coons\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5907\Downloads\116e5d12-0d05-4993-954c-85b013aaf3cb.dll
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
C:\Recycle.Bin
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\server.log
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 01:46 . 2012-08-03 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 00:15 . 2012-08-03 00:15 -------- d-----w- C:\_OTL
2012-07-31 22:36 . 2012-08-02 23:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-31 22:36 . 2012-07-31 22:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-28 02:56 . 2012-07-28 02:56 -------- d-----w- c:\users\josh coons\AppData\Roaming\fltk.org
2012-07-28 02:56 . 2012-07-28 02:56 -------- d-----w- c:\programdata\fltk.org
2012-07-27 03:05 . 2012-07-27 03:06 -------- d-----w- c:\program files (x86)\Amnesia - The Dark Descent Demo
2012-07-19 02:06 . 2012-07-19 02:06 -------- d--h--r- c:\users\josh coons\AppData\Roaming\SecuROM
2012-07-19 01:59 . 2012-07-19 20:34 -------- d-----w- c:\users\josh coons\AppData\Local\Rockstar Games
2012-07-19 01:38 . 2012-07-19 01:38 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-19 00:42 . 2012-07-19 20:34 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-07-11 17:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 18:56 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 18:55 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-10 18:55 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-10 18:55 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-10 18:55 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 18:55 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-10 18:55 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-10 18:55 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-10 18:55 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-10 18:55 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-10 18:55 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-10 18:55 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-10 18:55 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 18:55 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-08 01:11 . 2012-07-17 06:06 -------- d-----w- c:\users\josh coons\AppData\Roaming\skypePM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 06:03 . 2012-07-01 06:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-01 06:03 . 2012-01-13 03:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 21:23 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:23 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:23 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-21 21:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-21 21:22 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 01:34 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-24 102400]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-03 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2010-05-21 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-24 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-08-03 830048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-03-24 6654976]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-24 195584]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-21 10810912]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-02 3202928]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://74.125.65.99/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bceed0304-8dff-4b29-a57c-32fec0ede35b%7D&mid=5179a4a6605547d1a043c94a3581b6db-0c675339838367f2b22b2f531510364cb22367bf&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2011-12-24%2009%3A48%3A01&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1991513666-1756573495-994383441-1000\Software\SecuROM\License information*]
"datasecu"=hex:41,97,89,26,65,3d,91,13,0d,d1,33,79,af,31,bf,c0,e4,69,ae,b2,09,
2d,a1,55,c2,51,24,b7,c3,62,22,a6,c7,32,f4,77,d8,92,ab,0e,00,68,61,1e,ed,9f,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
.
**************************************************************************
.
Completion time: 2012-08-02 19:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 01:55
.
Pre-Run: 157,399,379,968 bytes free
Post-Run: 157,564,383,232 bytes free
.
- - End Of File - - DDD84B885E4547D9BA848E7504FF52D9
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
josh coons :: JOSHCOONS-PC [administrator]

Protection: Enabled

8/2/2012 8:16:32 PM
mbam-log-2012-08-02 (20-16-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206513
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\josh coons\Downloads\facebook_hack.rar.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\josh coons\Downloads\SoftonicDownloader_for_i-funbox.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.

(end)
========== OTL ==========
Service Bonjour Service stopped successfully!
Service Bonjour Service deleted successfully!
File C:\Program Files\Bonjour\mDNSResponder.exe not found.
94.63.147.16 www.google.com removed from HOSTS file successfully
94.63.147.17 www.bing.com removed from HOSTS file successfully
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RGSC deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
Folder move failed. C:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache scheduled to be moved on reboot.
Folder move failed. C:\windows\SysWow64\%APPDATA%\Microsoft\Windows scheduled to be moved on reboot.
Folder move failed. C:\windows\SysWow64\%APPDATA%\Microsoft scheduled to be moved on reboot.
Folder move failed. C:\windows\SysWow64\%APPDATA% scheduled to be moved on reboot.
========== FILES ==========
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
C:\Users\josh coons\Downloads\cmd.bat deleted successfully.
C:\Users\josh coons\Downloads\cmd.txt deleted successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.
C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.
C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.
C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.
C:\Users\josh coons\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: josh

User: josh coons
->Flash cache emptied: 144820 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: josh

User: josh coons
->Java cache emptied: 294835 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_181540

Files\Folders moved on Reboot...
C:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\windows\SysWow64\%APPDATA% folder moved successfully.

PendingFileRenameOperations files...
File C:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache not found!
File C:\windows\SysWow64\%APPDATA%\Microsoft\Windows not found!
File C:\windows\SysWow64\%APPDATA%\Microsoft not found!
File C:\windows\SysWow64\%APPDATA% not found!

Registry entries deleted on Reboot...
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 18:29:33
-----------------------------
18:29:33.432 OS Version: Windows x64 6.1.7601 Service Pack 1
18:29:33.433 Number of processors: 2 586 0x603
18:29:33.433 ComputerName: JOSHCOONS-PC UserName: josh coons
18:29:34.501 Initialize success
18:34:00.807 AVAST engine defs: 12080201
18:34:06.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
18:34:06.661 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
18:34:06.678 Disk 0 MBR read successfully
18:34:06.683 Disk 0 MBR scan
18:34:06.693 Disk 0 Windows 7 default MBR code
18:34:06.700 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
18:34:06.720 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:34:06.742 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290143 MB offset 30926848
18:34:06.782 Disk 0 scanning C:\windows\system32\drivers
18:34:17.408 Service scanning
18:34:40.781 Modules scanning
18:34:42.401 AVAST engine scan C:\windows
18:34:45.956 AVAST engine scan C:\windows\system32
18:36:31.751 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:36:33.968 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:38:24.910 AVAST engine scan C:\windows\system32\drivers
18:38:37.222 AVAST engine scan C:\Users\josh coons
19:10:35.742 Disk 0 MBR has been saved successfully to "C:\Users\josh coons\Desktop\MBR.dat"
19:10:35.750 The log file has been saved successfully to "C:\Users\josh coons\Desktop\aswMBR.txt"

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/08/2012 8:47:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/08/2012 2:24:52 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

OTL logfile created on: 8/2/2012 9:04:35 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\josh coons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.88% Memory free
7.49 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 147.62 Gb Free Space | 52.10% Space Free | Partition Type: NTFS

Computer Name: JOSHCOONS-PC | User Name: josh coons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 19:34:15 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/08/02 19:34:14 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/02 18:13:21 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\josh coons\Downloads\OTL(1).exe
PRC - [2012/07/19 12:37:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/26 19:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012/01/26 19:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
PRC - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/02 19:34:16 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/08/02 19:34:14 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/19 12:37:34 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 22:47:36 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2010/03/24 00:12:30 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/02 19:34:15 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/19 12:37:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/26 20:46:01 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/08/20 17:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/02 19:34:16 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/10 13:04:32 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/26 19:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/14 20:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 20:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/04/21 17:47:48 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/15 01:40:10 | 000,301,688 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/03/24 00:42:50 | 006,654,976 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/23 23:23:52 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/17 15:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://74.125.65.99/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-02 19:34:19&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{97573CCC-6B0E-4918-B3E5-172545E09E43}: "URL" = http://websearch.ask...AC-1794D882F405
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "https://isearch.avg....4:19&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/29 11:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/08/02 19:34:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 15:55:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 12:37:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/02 02:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Extensions
[2012/05/01 17:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\extensions
[2012/03/13 20:24:15 | 000,002,584 | ---- | M] () -- C:\Users\josh coons\AppData\Roaming\Mozilla\Firefox\Profiles\b0ywq5qq.default\searchplugins\askcom.xml
[2012/05/27 10:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/02 19:34:24 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.1.0.21
[2012/07/19 12:37:34 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/02 19:34:12 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/19 14:02:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/19 14:02:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/02 19:48:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCE7FDAE-294A-4A63-8503-F11070FD6640}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/02 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\Malwarebytes
[2012/08/02 20:14:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/02 20:14:37 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/02 20:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/02 20:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/02 20:11:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\josh coons\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 19:58:13 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\josh coons\Desktop\tdsskiller.exe
[2012/08/02 19:55:50 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/02 19:48:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/02 19:35:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/02 19:35:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/02 19:35:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/02 19:34:16 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/08/02 19:33:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/02 19:15:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 19:15:20 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/02 19:14:36 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\josh coons\Desktop\ComboFix.exe
[2012/08/02 18:15:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/02 16:53:35 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Desktop\+Tower of Druaga
[2012/07/31 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Desktop\anime
[2012/07/31 16:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/31 16:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\fltk.org
[2012/07/27 20:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2012/07/26 21:06:55 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Amnesia
[2012/07/26 21:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
[2012/07/26 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amnesia - The Dark Descent Demo
[2012/07/18 20:10:57 | 000,000,000 | ---D | C] -- C:\Users\josh coons\Documents\Rockstar Games
[2012/07/18 20:06:07 | 000,000,000 | RH-D | C] -- C:\Users\josh coons\AppData\Roaming\SecuROM
[2012/07/18 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Local\Rockstar Games
[2012/07/18 19:38:19 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/18 18:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/07/18 18:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/07/11 11:02:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/07/11 11:02:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/07/11 11:02:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/07/11 11:02:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/07/11 11:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/07/11 11:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/07/11 11:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/07/11 11:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/07/11 11:02:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/07/11 11:02:05 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/07/11 11:02:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/07/11 11:02:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/07/11 11:02:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/10 12:56:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/10 12:56:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/10 12:55:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/10 12:55:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/07 19:11:23 | 000,000,000 | ---D | C] -- C:\Users\josh coons\AppData\Roaming\skypePM
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 20:43:56 | 000,061,440 | ---- | M] ( ) -- C:\Users\josh coons\Desktop\VEW.exe
[2012/08/02 20:33:35 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 20:33:35 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 20:25:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/02 20:25:21 | 3016,605,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 20:14:38 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 20:12:10 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\josh coons\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/02 19:58:22 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\josh coons\Desktop\tdsskiller.exe
[2012/08/02 19:48:28 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/08/02 19:34:16 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/08/02 19:14:40 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\josh coons\Desktop\ComboFix.exe
[2012/08/02 19:10:35 | 000,000,512 | ---- | M] () -- C:\Users\josh coons\Desktop\MBR.dat
[2012/08/02 17:45:12 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/08/02 16:55:39 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/02 16:55:39 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/02 16:55:39 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/31 16:36:52 | 000,001,284 | ---- | M] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | M] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | M] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/18 19:38:19 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\windows\SysWow64\CmdLineExt_x64.dll
[2012/07/11 11:23:25 | 005,022,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/09 15:56:34 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/07 19:11:24 | 000,000,056 | -H-- | M] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/07/05 13:01:22 | 000,002,197 | ---- | M] () -- C:\Users\josh coons\Desktop\Media Player Classic - Home Cinema.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/02 20:43:55 | 000,061,440 | ---- | C] ( ) -- C:\Users\josh coons\Desktop\VEW.exe
[2012/08/02 20:14:38 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 19:35:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/02 19:35:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/02 19:35:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/02 19:35:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/02 19:35:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/02 19:10:35 | 000,000,512 | ---- | C] () -- C:\Users\josh coons\Desktop\MBR.dat
[2012/07/31 16:36:52 | 000,001,284 | ---- | C] () -- C:\Users\josh coons\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/31 16:36:52 | 000,001,260 | ---- | C] () -- C:\Users\josh coons\Desktop\Spybot - Search & Destroy.lnk
[2012/07/27 19:45:08 | 000,000,221 | ---- | C] () -- C:\Users\josh coons\Desktop\Amnesia The Dark Descent.url
[2012/07/07 19:11:24 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2012/06/04 19:44:57 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/03/12 16:45:48 | 000,032,768 | R--- | C] () -- C:\windows\SysWow64\XSIChooser.exe
[2011/12/26 17:05:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/26 22:52:55 | 000,001,035 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/06/26 22:51:13 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/06/26 22:51:09 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/06/26 22:51:09 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/06/26 22:51:09 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/06/26 22:51:09 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/06/26 22:51:09 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/06/26 22:51:09 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/06/26 22:51:09 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/06/26 20:49:04 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/26 20:47:01 | 000,000,080 | RHS- | C] () -- C:\windows\CT4CET.bin
[2011/06/26 20:40:24 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

< End of report >
OTL Extras logfile created on: 8/2/2012 9:04:35 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\josh coons\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.88% Memory free
7.49 Gb Paging File | 5.98 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 147.62 Gb Free Space | 52.10% Space Free | Partition Type: NTFS

Computer Name: JOSHCOONS-PC | User Name: josh coons | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0653A24F-0105-4E6C-4DE1-2811A7BF02F4}" = ATI Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{91165ABD-CC6C-D9DE-C25E-7B36545ACB99}" = ccc-utility64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{068B01EE-C998-8049-11E2-3A973C0AAE42}" = CCC Help Chinese Standard
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B4A2EE2-16E8-3970-D70D-5E2AD16A5EEB}" = Catalyst Control Center Graphics Previews Vista
"{0D035E3D-04D8-7195-59B9-3AEBC24D5DE3}" = CCC Help Dutch
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{222795A7-5B87-E1BA-B1E1-B08CAC521317}" = CCC Help Turkish
"{224D327D-0626-465A-9AF4-689CD022AB57}" = CCC Help Polish
"{24F6F65A-07D5-2C72-1E18-CC0E7509579C}" = CCC Help French
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.6.0.4014
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2F3E1C1F-101B-8154-CBA5-EB04BE356CC8}" = Catalyst Control Center Core Implementation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3020BEDD-2CEC-4DB1-769E-ACECE089525E}" = CCC Help Italian
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{326256E5-1855-461B-8587-3AFAAA966500}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3C3F54F1-9646-E3C4-B429-4397AF7623F7}" = Catalyst Control Center Graphics Previews Common
"{4280AF7C-8D5B-5D45-5842-6011252029FF}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A40BA48-2F5A-997A-7D62-AC45FA10111C}" = CCC Help Czech
"{4DA105CC-D90C-F1AD-C354-588AEDE5F905}" = CCC Help Greek
"{576CA494-F771-4B10-9AF0-8ED4A7AFB0CC}_is1" = Amnesia - The Dark Descent Demo
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5981DAF0-A775-EED0-E2D3-C0DDEC834393}" = CCC Help German
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5E76EDFA-06D3-C446-523E-E192107B55FB}" = CCC Help Thai
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BC2AFD-24B3-01F9-51E4-A3CBED3DF301}" = Catalyst Control Center Graphics Full New
"{7B7316DB-E4C1-0A02-1D93-B01CA0A2924B}" = CCC Help Hungarian
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FC5878F-6B9C-86F7-D466-FEF4C5ACBDFA}" = CCC Help Korean
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89D66AB5-61CF-7C69-2974-4C35A52A9248}" = CCC Help Chinese Traditional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0D16DAB-200F-54F6-C413-51A647E74132}" = CCC Help Danish
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A5A3E0E9-DCBB-F6A3-7F9B-ACFAAC80BC64}" = CCC Help English
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB6DA50F-1028-5F97-A98B-4B4B4B8CC4DE}" = Catalyst Control Center Graphics Full Existing
"{BE841724-78F0-44D6-B6C4-C3D53708293B}" = Content Manager Assistant for PlayStation®
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C38BBCFB-5C73-3738-2BEB-8840EF1232D6}" = ccc-core-static
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC8B19C0-5921-97E9-4131-1CB9E7D8FE89}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Perks Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A31AC-EFEF-F8A2-08CF-5158EEB009B4}" = Catalyst Control Center Graphics Light
"{D6C72E3D-AB40-364B-2B7D-1E3855772B24}" = CCC Help Spanish
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA796500-D341-01CC-7084-DC779F301385}" = CCC Help Finnish
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4F40E6C-2E2B-BA4C-ACDF-AE83FB1F70C9}" = Catalyst Control Center Localization All
"{E7480F78-3307-67FF-B344-7FA71593206F}" = CCC Help Portuguese
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F8B089D4-643F-DD53-ED4C-CDA0E0E2A462}" = CCC Help Swedish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dell Webcam Central" = Dell Webcam Central
"Diablo III" = Diablo III
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROR" = Microsoft Office Professional 2007
"SOFTIMAGE XSI 4.2 ModTool" = SOFTIMAGE®|XSI® 4.2 ModTool
"Steam App 4000" = Garry's Mod
"Steam App 47410" = Stronghold Kingdoms
"Steam App 57300" = Amnesia: The Dark Descent
"TeamViewer 7" = TeamViewer 7
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2012 10:26:24 PM | Computer Name = joshcoons-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/2/2012 10:31:12 PM | Computer Name = joshcoons-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/2/2012 10:31:12 PM | Computer Name = joshcoons-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 7/4/2012 1:51:29 AM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/4/2012 11:05:01 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/4/2012 11:05:01 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/14/2012 12:03:53 AM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/14/2012 12:03:53 AM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/19/2012 2:46:34 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/19/2012 2:46:34 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/21/2012 6:31:31 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/21/2012 6:31:31 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/2/2012 6:52:54 PM | Computer Name = joshcoons-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

< End of report >
19:59:31.0919 3544 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:59:32.0491 3544 ============================================================
19:59:32.0491 3544 Current date / time: 2012/08/02 19:59:32.0491
19:59:32.0491 3544 SystemInfo:
19:59:32.0491 3544
19:59:32.0491 3544 OS Version: 6.1.7601 ServicePack: 1.0
19:59:32.0491 3544 Product type: Workstation
19:59:32.0492 3544 ComputerName: JOSHCOONS-PC
19:59:32.0492 3544 UserName: josh coons
19:59:32.0492 3544 Windows directory: C:\windows
19:59:32.0492 3544 System windows directory: C:\windows
19:59:32.0492 3544 Running under WOW64
19:59:32.0492 3544 Processor architecture: Intel x64
19:59:32.0492 3544 Number of processors: 2
19:59:32.0492 3544 Page size: 0x1000
19:59:32.0492 3544 Boot type: Normal boot
19:59:32.0492 3544 ============================================================
19:59:37.0362 3544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:59:37.0392 3544 ============================================================
19:59:37.0392 3544 \Device\Harddisk0\DR0:
19:59:37.0400 3544 MBR partitions:
19:59:37.0400 3544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
19:59:37.0400 3544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x236AFAB0
19:59:37.0400 3544 ============================================================
19:59:37.0469 3544 C: <-> \Device\Harddisk0\DR0\Partition1
19:59:37.0469 3544 ============================================================
19:59:37.0469 3544 Initialize success
19:59:37.0469 3544 ============================================================
19:59:42.0110 2748 ============================================================
19:59:42.0110 2748 Scan started
19:59:42.0110 2748 Mode: Manual;
19:59:42.0110 2748 ============================================================
20:00:09.0727 2748 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:00:09.0745 2748 1394ohci - ok
20:00:09.0857 2748 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:00:09.0861 2748 ACPI - ok
20:00:09.0950 2748 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:00:09.0952 2748 AcpiPmi - ok
20:00:10.0074 2748 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:00:10.0105 2748 adp94xx - ok
20:00:10.0314 2748 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:00:10.0322 2748 adpahci - ok
20:00:10.0501 2748 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:00:10.0522 2748 adpu320 - ok
20:00:10.0595 2748 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:00:10.0598 2748 AeLookupSvc - ok
20:00:10.0746 2748 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:00:10.0778 2748 AERTFilters - ok
20:00:11.0752 2748 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:00:12.0112 2748 AFD - ok
20:00:12.0252 2748 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:00:12.0255 2748 agp440 - ok
20:00:12.0402 2748 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:00:12.0405 2748 ALG - ok
20:00:12.0502 2748 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:00:12.0504 2748 aliide - ok
20:00:12.0746 2748 AMD External Events Utility (2115fb360c02a4b4c3696bf8e9524bdb) C:\windows\system32\atiesrxx.exe
20:00:12.0751 2748 AMD External Events Utility - ok
20:00:12.0839 2748 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:00:12.0840 2748 amdide - ok
20:00:12.0938 2748 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:00:12.0943 2748 AmdK8 - ok
20:00:18.0696 2748 amdkmdag (d212e021f43891fbd0669dd8457d455c) C:\windows\system32\DRIVERS\atikmdag.sys
20:00:18.0851 2748 amdkmdag - ok
20:00:19.0773 2748 amdkmdap (1c2421393cdc5a97269109fb352ddf1a) C:\windows\system32\DRIVERS\atikmpag.sys
20:00:19.0777 2748 amdkmdap - ok
20:00:20.0746 2748 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:00:20.0748 2748 AmdPPM - ok
20:00:21.0240 2748 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:00:21.0244 2748 amdsata - ok
20:00:21.0479 2748 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:00:21.0504 2748 amdsbs - ok
20:00:21.0572 2748 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:00:21.0573 2748 amdxata - ok
20:00:21.0650 2748 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\windows\system32\DRIVERS\amd_sata.sys
20:00:21.0651 2748 amd_sata - ok
20:00:21.0694 2748 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\windows\system32\DRIVERS\amd_xata.sys
20:00:21.0696 2748 amd_xata - ok
20:00:21.0857 2748 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\windows\system32\DRIVERS\Apfiltr.sys
20:00:21.0862 2748 ApfiltrService - ok
20:00:21.0999 2748 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:00:22.0002 2748 AppID - ok
20:00:22.0057 2748 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:00:22.0059 2748 AppIDSvc - ok
20:00:22.0199 2748 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:00:22.0201 2748 Appinfo - ok
20:00:22.0626 2748 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:00:22.0629 2748 Apple Mobile Device - ok
20:00:22.0825 2748 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:00:22.0830 2748 arc - ok
20:00:22.0923 2748 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:00:22.0926 2748 arcsas - ok
20:00:23.0152 2748 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:00:23.0153 2748 aspnet_state - ok
20:00:23.0280 2748 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:00:23.0281 2748 AsyncMac - ok
20:00:23.0421 2748 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:00:23.0423 2748 atapi - ok
20:00:28.0757 2748 athr (96abf88241f90ff647e55c934c55c2f1) C:\windows\system32\DRIVERS\athrx.sys
20:00:28.0905 2748 athr - ok
20:00:30.0987 2748 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
20:00:30.0988 2748 AtiPcie - ok
20:00:32.0134 2748 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:00:32.0191 2748 AudioEndpointBuilder - ok
20:00:32.0208 2748 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:00:32.0213 2748 AudioSrv - ok
20:00:32.0577 2748 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
20:00:32.0578 2748 AVGIDSHA - ok
20:00:33.0896 2748 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
20:00:33.0903 2748 Avgtdia - ok
20:00:34.0132 2748 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\windows\system32\drivers\avgtpx64.sys
20:00:34.0133 2748 avgtp - ok
20:00:34.0799 2748 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:00:34.0803 2748 avgwd - ok
20:00:35.0332 2748 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:00:35.0363 2748 AxInstSV - ok
20:00:36.0628 2748 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:00:36.0719 2748 b06bdrv - ok
20:00:37.0469 2748 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:00:37.0496 2748 b57nd60a - ok
20:00:38.0000 2748 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:00:38.0014 2748 BDESVC - ok
20:00:38.0469 2748 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:00:38.0520 2748 Beep - ok
20:00:41.0027 2748 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:00:41.0079 2748 BFE - ok
20:00:41.0463 2748 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:00:41.0514 2748 blbdrive - ok
20:00:41.0790 2748 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:00:41.0792 2748 bowser - ok
20:00:41.0937 2748 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:00:41.0940 2748 BrFiltLo - ok
20:00:41.0995 2748 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:00:41.0998 2748 BrFiltUp - ok
20:00:42.0309 2748 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:00:42.0313 2748 BridgeMP - ok
20:00:42.0730 2748 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:00:42.0734 2748 Browser - ok
20:00:43.0396 2748 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:00:43.0429 2748 Brserid - ok
20:00:43.0587 2748 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:00:43.0661 2748 BrSerWdm - ok
20:00:43.0760 2748 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:00:43.0762 2748 BrUsbMdm - ok
20:00:43.0819 2748 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:00:44.0017 2748 BrUsbSer - ok
20:00:44.0272 2748 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:00:44.0384 2748 BthEnum - ok
20:00:44.0610 2748 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:00:44.0615 2748 BTHMODEM - ok
20:00:44.0879 2748 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:00:44.0984 2748 BthPan - ok
20:00:46.0405 2748 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
20:00:46.0509 2748 BTHPORT - ok
20:00:46.0647 2748 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:00:46.0650 2748 bthserv - ok
20:00:46.0823 2748 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
20:00:46.0852 2748 BTHUSB - ok
20:00:46.0893 2748 catchme - ok
20:00:47.0236 2748 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:00:47.0258 2748 cdfs - ok
20:00:47.0584 2748 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:00:47.0589 2748 cdrom - ok
20:00:49.0002 2748 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:00:49.0031 2748 CertPropSvc - ok
20:00:49.0272 2748 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:00:49.0275 2748 circlass - ok
20:00:49.0937 2748 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:00:49.0989 2748 CLFS - ok
20:00:50.0297 2748 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:50.0300 2748 clr_optimization_v2.0.50727_32 - ok
20:00:50.0565 2748 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:50.0569 2748 clr_optimization_v2.0.50727_64 - ok
20:00:51.0301 2748 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:00:51.0337 2748 clr_optimization_v4.0.30319_32 - ok
20:00:52.0045 2748 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:00:52.0050 2748 clr_optimization_v4.0.30319_64 - ok
20:00:52.0307 2748 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:00:52.0309 2748 CmBatt - ok
20:00:52.0380 2748 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:00:52.0382 2748 cmdide - ok
20:00:52.0940 2748 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
20:00:53.0041 2748 CNG - ok
20:00:53.0255 2748 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:00:53.0256 2748 Compbatt - ok
20:00:53.0402 2748 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:00:53.0405 2748 CompositeBus - ok
20:00:53.0442 2748 COMSysApp - ok
20:00:53.0582 2748 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:00:53.0584 2748 crcdisk - ok
20:00:54.0296 2748 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
20:00:54.0301 2748 CryptSvc - ok
20:00:55.0581 2748 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:00:55.0585 2748 CtClsFlt - ok
20:00:57.0880 2748 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:00:57.0891 2748 DcomLaunch - ok
20:00:59.0373 2748 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:00:59.0401 2748 defragsvc - ok
20:00:59.0799 2748 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:01:00.0158 2748 DfsC - ok
20:01:01.0495 2748 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:01:01.0546 2748 Dhcp - ok
20:01:01.0846 2748 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:01:01.0847 2748 discache - ok
20:01:02.0423 2748 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:01:02.0451 2748 Disk - ok
20:01:03.0292 2748 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:01:03.0315 2748 Dnscache - ok
20:01:04.0332 2748 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:01:04.0367 2748 dot3svc - ok
20:01:04.0973 2748 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:01:05.0020 2748 DPS - ok
20:01:05.0590 2748 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:01:05.0592 2748 drmkaud - ok
20:01:08.0969 2748 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:01:08.0985 2748 DXGKrnl - ok
20:01:09.0529 2748 EagleX64 - ok
20:01:09.0826 2748 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:01:10.0046 2748 EapHost - ok
20:01:20.0244 2748 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:01:20.0364 2748 ebdrv - ok
20:01:21.0637 2748 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:01:21.0640 2748 EFS - ok
20:01:22.0915 2748 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:01:23.0104 2748 ehRecvr - ok
20:01:23.0412 2748 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:01:23.0416 2748 ehSched - ok
20:01:24.0233 2748 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:01:24.0404 2748 elxstor - ok
20:01:24.0533 2748 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:01:24.0537 2748 ErrDev - ok
20:01:25.0304 2748 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:01:25.0312 2748 EventSystem - ok
20:01:25.0700 2748 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:01:25.0864 2748 exfat - ok
20:01:26.0264 2748 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:01:26.0451 2748 fastfat - ok
20:01:27.0842 2748 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:01:28.0067 2748 Fax - ok
20:01:28.0214 2748 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:01:28.0243 2748 fdc - ok
20:01:28.0328 2748 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:01:28.0331 2748 fdPHost - ok
20:01:28.0631 2748 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:01:28.0634 2748 FDResPub - ok
20:01:28.0717 2748 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:01:28.0720 2748 FileInfo - ok
20:01:28.0797 2748 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:01:28.0857 2748 Filetrace - ok
20:01:29.0149 2748 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:01:29.0151 2748 flpydisk - ok
20:01:29.0481 2748 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:01:29.0753 2748 FltMgr - ok
20:01:31.0541 2748 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:01:31.0659 2748 FontCache - ok
20:01:31.0965 2748 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:01:31.0969 2748 FontCache3.0.0.0 - ok
20:01:32.0142 2748 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:01:32.0144 2748 FsDepends - ok
20:01:32.0267 2748 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:01:32.0268 2748 Fs_Rec - ok
20:01:32.0889 2748 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:01:33.0034 2748 fvevol - ok
20:01:33.0313 2748 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:01:33.0317 2748 gagp30kx - ok
20:01:34.0209 2748 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:01:34.0243 2748 GamesAppService - ok
20:01:34.0486 2748 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:01:34.0488 2748 GEARAspiWDM - ok
20:01:34.0742 2748 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:01:34.0744 2748 GoToAssist - ok
20:01:36.0477 2748 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:01:36.0521 2748 gpsvc - ok
20:01:36.0700 2748 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
20:01:36.0702 2748 hamachi - ok
20:01:44.0721 2748 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:01:44.0735 2748 Hamachi2Svc - ok
20:01:46.0341 2748 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:01:46.0400 2748 hcw85cir - ok
20:01:47.0446 2748 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:01:47.0557 2748 HdAudAddService - ok
20:01:48.0195 2748 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:01:48.0402 2748 HDAudBus - ok
20:01:48.0602 2748 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:01:48.0606 2748 HidBatt - ok
20:01:48.0714 2748 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:01:48.0718 2748 HidBth - ok
20:01:48.0998 2748 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:01:49.0109 2748 HidIr - ok
20:01:49.0319 2748 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
20:01:49.0351 2748 hidserv - ok
20:01:50.0352 2748 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:01:50.0354 2748 HidUsb - ok
20:01:51.0192 2748 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:01:51.0198 2748 hkmsvc - ok
20:01:51.0380 2748 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:01:51.0388 2748 HomeGroupListener - ok
20:01:51.0917 2748 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:01:52.0061 2748 HomeGroupProvider - ok
20:01:52.0255 2748 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:01:52.0420 2748 HpSAMD - ok
20:01:54.0392 2748 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:01:54.0648 2748 HTTP - ok
20:01:54.0745 2748 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:01:54.0746 2748 hwpolicy - ok
20:01:55.0295 2748 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:01:55.0346 2748 i8042prt - ok
20:01:57.0033 2748 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:01:57.0077 2748 iaStorV - ok
20:01:58.0100 2748 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:58.0287 2748 idsvc - ok
20:01:58.0525 2748 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:01:58.0528 2748 iirsp - ok
20:01:59.0054 2748 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:01:59.0264 2748 IKEEXT - ok
20:02:00.0546 2748 IntcAzAudAddService (30ce3b186d3f661050be6fed23d842ba) C:\windows\system32\drivers\RTKVHD64.sys
20:02:00.0568 2748 IntcAzAudAddService - ok
20:02:03.0253 2748 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:02:03.0254 2748 intelide - ok
20:02:03.0356 2748 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
20:02:03.0357 2748 intelppm - ok
20:02:03.0922 2748 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:02:04.0312 2748 IPBusEnum - ok
20:02:04.0484 2748 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:02:04.0487 2748 IpFilterDriver - ok
20:02:04.0999 2748 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:02:05.0029 2748 iphlpsvc - ok
20:02:05.0079 2748 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:02:05.0083 2748 IPMIDRV - ok
20:02:05.0242 2748 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:02:05.0247 2748 IPNAT - ok
20:02:06.0956 2748 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:02:07.0014 2748 iPod Service - ok
20:02:07.0104 2748 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:02:07.0105 2748 IRENUM - ok
20:02:07.0151 2748 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:02:07.0154 2748 isapnp - ok
20:02:07.0342 2748 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:02:07.0378 2748 iScsiPrt - ok
20:02:07.0464 2748 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:02:07.0465 2748 kbdclass - ok
20:02:07.0574 2748 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
20:02:07.0576 2748 kbdhid - ok
20:02:07.0628 2748 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:02:07.0631 2748 KeyIso - ok
20:02:07.0698 2748 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
20:02:07.0701 2748 KSecDD - ok
20:02:08.0623 2748 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
20:02:08.0627 2748 KSecPkg - ok
20:02:08.0971 2748 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:02:08.0973 2748 ksthunk - ok
20:02:09.0208 2748 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:02:09.0219 2748 KtmRm - ok
20:02:09.0481 2748 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\windows\system32\DRIVERS\L1C62x64.sys
20:02:09.0482 2748 L1C - ok
20:02:10.0054 2748 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
20:02:10.0156 2748 LanmanServer - ok
20:02:10.0388 2748 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:02:10.0504 2748 LanmanWorkstation - ok
20:02:10.0764 2748 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:02:10.0767 2748 lltdio - ok
20:02:11.0392 2748 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:02:11.0436 2748 lltdsvc - ok
20:02:11.0533 2748 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:02:11.0537 2748 lmhosts - ok
20:02:11.0794 2748 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:02:11.0798 2748 LSI_FC - ok
20:02:12.0208 2748 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:02:12.0212 2748 LSI_SAS - ok
20:02:12.0404 2748 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:02:12.0408 2748 LSI_SAS2 - ok
20:02:12.0748 2748 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:02:12.0753 2748 LSI_SCSI - ok
20:02:13.0038 2748 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:02:13.0043 2748 luafv - ok
20:02:13.0258 2748 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:02:13.0263 2748 Mcx2Svc - ok
20:02:13.0585 2748 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:02:13.0588 2748 megasas - ok
20:02:14.0659 2748 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:02:14.0696 2748 MegaSR - ok
20:02:14.0806 2748 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:02:14.0814 2748 MMCSS - ok
20:02:14.0877 2748 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:02:14.0880 2748 Modem - ok
20:02:15.0005 2748 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:02:15.0006 2748 monitor - ok
20:02:15.0145 2748 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:02:15.0146 2748 mouclass - ok
20:02:15.0306 2748 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:02:15.0308 2748 mouhid - ok
20:02:15.0773 2748 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:02:15.0839 2748 mountmgr - ok
20:02:16.0760 2748 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:02:16.0789 2748 MozillaMaintenance - ok
20:02:17.0139 2748 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:02:17.0162 2748 mpio - ok
20:02:17.0347 2748 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:02:17.0350 2748 mpsdrv - ok
20:02:19.0128 2748 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:02:19.0361 2748 MpsSvc - ok
20:02:19.0466 2748 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:02:19.0471 2748 MRxDAV - ok
20:02:19.0836 2748 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:02:19.0945 2748 mrxsmb - ok
20:02:20.0429 2748 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:02:20.0466 2748 mrxsmb10 - ok
20:02:20.0813 2748 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:02:20.0846 2748 mrxsmb20 - ok
20:02:20.0942 2748 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:02:20.0943 2748 msahci - ok
20:02:21.0297 2748 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:02:21.0318 2748 msdsm - ok
20:02:21.0755 2748 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:02:21.0809 2748 MSDTC - ok
20:02:21.0897 2748 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:02:21.0900 2748 Msfs - ok
20:02:21.0942 2748 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:02:21.0943 2748 mshidkmdf - ok
20:02:22.0037 2748 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:02:22.0038 2748 msisadrv - ok
20:02:22.0452 2748 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:02:22.0624 2748 MSiSCSI - ok
20:02:22.0631 2748 msiserver - ok
20:02:22.0947 2748 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:02:22.0949 2748 MSKSSRV - ok
20:02:23.0001 2748 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:02:23.0004 2748 MSPCLOCK - ok
20:02:23.0352 2748 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:02:23.0355 2748 MSPQM - ok
20:02:24.0015 2748 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:02:24.0180 2748 MsRPC - ok
20:02:24.0355 2748 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:02:24.0356 2748 mssmbios - ok
20:02:24.0612 2748 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:02:24.0614 2748 MSTEE - ok
20:02:24.0817 2748 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:02:24.0819 2748 MTConfig - ok
20:02:25.0335 2748 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:02:25.0337 2748 Mup - ok
20:02:26.0629 2748 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:02:26.0909 2748 napagent - ok
20:02:28.0121 2748 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:02:28.0276 2748 NativeWifiP - ok
20:02:30.0369 2748 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:02:30.0380 2748 NDIS - ok
20:02:30.0800 2748 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:02:30.0818 2748 NdisCap - ok
20:02:31.0329 2748 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:02:31.0331 2748 NdisTapi - ok
20:02:31.0695 2748 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:02:31.0697 2748 Ndisuio - ok
20:02:32.0251 2748 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:02:32.0295 2748 NdisWan - ok
20:02:32.0447 2748 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:02:32.0450 2748 NDProxy - ok
20:02:32.0697 2748 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:02:32.0700 2748 NetBIOS - ok
20:02:33.0346 2748 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:02:33.0530 2748 NetBT - ok
20:02:33.0710 2748 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:02:33.0713 2748 Netlogon - ok
20:02:34.0434 2748 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:02:34.0442 2748 Netman - ok
20:02:35.0945 2748 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:02:35.0987 2748 NetMsmqActivator - ok
20:02:36.0014 2748 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:02:36.0017 2748 NetPipeActivator - ok
20:02:36.0261 2748 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:02:36.0273 2748 netprofm - ok
20:02:36.0282 2748 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:02:36.0284 2748 NetTcpActivator - ok
20:02:36.0290 2748 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:02:36.0292 2748 NetTcpPortSharing - ok
20:02:36.0417 2748 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:02:36.0420 2748 nfrd960 - ok
20:02:36.0559 2748 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:02:36.0567 2748 NlaSvc - ok
20:02:38.0839 2748 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:02:38.0856 2748 NOBU - ok
20:02:39.0299 2748 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:02:39.0301 2748 Npfs - ok
20:02:39.0356 2748 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:02:39.0361 2748 nsi - ok
20:02:39.0444 2748 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:02:39.0445 2748 nsiproxy - ok
20:02:40.0565 2748 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:02:40.0583 2748 Ntfs - ok
20:02:41.0030 2748 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:02:41.0031 2748 Null - ok
20:02:41.0164 2748 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:02:41.0169 2748 nvraid - ok
20:02:41.0272 2748 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:02:41.0277 2748 nvstor - ok
20:02:41.0372 2748 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:02:41.0376 2748 nv_agp - ok
20:02:42.0381 2748 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:02:42.0532 2748 odserv - ok
20:02:42.0626 2748 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:02:42.0630 2748 ohci1394 - ok
20:02:42.0760 2748 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:42.0765 2748 ose - ok
20:02:42.0947 2748 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:02:42.0979 2748 p2pimsvc - ok
20:02:43.0077 2748 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:02:43.0091 2748 p2psvc - ok
20:02:43.0215 2748 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:02:43.0219 2748 Parport - ok
20:02:43.0293 2748 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:02:43.0295 2748 partmgr - ok
20:02:43.0392 2748 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:02:43.0398 2748 PcaSvc - ok
20:02:43.0876 2748 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
20:02:43.0879 2748 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
20:02:44.0305 2748 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:02:44.0321 2748 pci - ok
20:02:44.0383 2748 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:02:44.0385 2748 pciide - ok
20:02:44.0602 2748 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:02:44.0623 2748 pcmcia - ok
20:02:44.0795 2748 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:02:44.0797 2748 pcw - ok
20:02:45.0743 2748 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:02:45.0789 2748 PEAUTH - ok
20:02:46.0565 2748 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:02:46.0570 2748 PerfHost - ok
20:02:49.0279 2748 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:02:49.0340 2748 pla - ok
20:02:49.0828 2748 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:02:49.0946 2748 PlugPlay - ok
20:02:50.0050 2748 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:02:50.0055 2748 PNRPAutoReg - ok
20:02:50.0643 2748 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:02:50.0645 2748 PNRPsvc - ok
20:02:52.0063 2748 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:02:52.0301 2748 PolicyAgent - ok
20:02:52.0555 2748 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:02:52.0588 2748 Power - ok
20:02:53.0223 2748 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:02:53.0242 2748 PptpMiniport - ok
20:02:53.0382 2748 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:02:53.0682 2748 Processor - ok
20:02:54.0123 2748 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
20:02:54.0151 2748 ProfSvc - ok
20:02:54.0394 2748 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:02:54.0397 2748 ProtectedStorage - ok
20:02:54.0755 2748 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:02:54.0775 2748 Psched - ok
20:02:55.0060 2748 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:02:55.0062 2748 PxHlpa64 - ok
20:02:58.0002 2748 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:02:58.0104 2748 ql2300 - ok
20:02:59.0332 2748 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:02:59.0501 2748 ql40xx - ok
20:02:59.0876 2748 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:03:00.0075 2748 QWAVE - ok
20:03:00.0204 2748 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:03:00.0207 2748 QWAVEdrv - ok
20:03:00.0253 2748 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:03:00.0254 2748 RasAcd - ok
20:03:00.0454 2748 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:03:00.0591 2748 RasAgileVpn - ok
20:03:00.0673 2748 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:03:00.0842 2748 RasAuto - ok
20:03:01.0291 2748 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:03:01.0489 2748 Rasl2tp - ok
20:03:02.0245 2748 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:03:02.0296 2748 RasMan - ok
20:03:03.0298 2748 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:03:03.0334 2748 RasPppoe - ok
20:03:03.0469 2748 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:03:03.0473 2748 RasSstp - ok
20:03:04.0212 2748 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:03:04.0335 2748 rdbss - ok
20:03:04.0524 2748 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:03:04.0528 2748 rdpbus - ok
20:03:04.0649 2748 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:03:04.0650 2748 RDPCDD - ok
20:03:04.0759 2748 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:03:04.0760 2748 RDPENCDD - ok
20:03:04.0930 2748 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:03:04.0932 2748 RDPREFMP - ok
20:03:05.0450 2748 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
20:03:05.0701 2748 RDPWD - ok
20:03:06.0343 2748 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:03:06.0479 2748 rdyboost - ok
20:03:06.0786 2748 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:03:06.0820 2748 RemoteAccess - ok
20:03:07.0322 2748 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:03:07.0328 2748 RemoteRegistry - ok
20:03:07.0865 2748 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:03:08.0058 2748 RFCOMM - ok
20:03:11.0427 2748 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:03:11.0580 2748 RoxMediaDB12OEM - ok
20:03:12.0199 2748 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:03:12.0227 2748 RoxWatch12 - ok
20:03:12.0994 2748 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:03:12.0998 2748 RpcEptMapper - ok
20:03:13.0081 2748 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:03:13.0084 2748 RpcLocator - ok
20:03:14.0930 2748 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
20:03:14.0942 2748 RpcSs - ok
20:03:15.0104 2748 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:03:15.0107 2748 rspndr - ok
20:03:15.0254 2748 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
20:03:15.0287 2748 RSUSBSTOR - ok
20:03:15.0329 2748 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:03:15.0332 2748 SamSs - ok
20:03:15.0386 2748 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:03:15.0391 2748 sbp2port - ok
20:03:15.0958 2748 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:03:16.0015 2748 SBSDWSCService - ok
20:03:16.0168 2748 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:03:16.0176 2748 SCardSvr - ok
20:03:16.0320 2748 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:03:16.0323 2748 scfilter - ok
20:03:16.0761 2748 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:03:16.0781 2748 Schedule - ok
20:03:16.0977 2748 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:03:16.0979 2748 SCPolicySvc - ok
20:03:17.0091 2748 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:03:17.0116 2748 SDRSVC - ok
20:03:17.0260 2748 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:03:17.0261 2748 secdrv - ok
20:03:17.0326 2748 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:03:17.0331 2748 seclogon - ok
20:03:17.0368 2748 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
20:03:17.0373 2748 SENS - ok
20:03:17.0452 2748 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:03:17.0457 2748 SensrSvc - ok
20:03:17.0823 2748 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:03:17.0826 2748 Serenum - ok
20:03:18.0027 2748 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:03:18.0030 2748 Serial - ok
20:03:18.0097 2748 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:03:18.0100 2748 sermouse - ok
20:03:18.0207 2748 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:03:18.0245 2748 SessionEnv - ok
20:03:18.0283 2748 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:03:18.0284 2748 sffdisk - ok
20:03:18.0329 2748 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:03:18.0331 2748 sffp_mmc - ok
20:03:18.0340 2748 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:03:18.0341 2748 sffp_sd - ok
20:03:18.0434 2748 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:03:18.0436 2748 sfloppy - ok
20:03:19.0289 2748 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:03:19.0300 2748 SftService - ok
20:03:20.0689 2748 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:03:20.0759 2748 SharedAccess - ok
20:03:20.0971 2748 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:03:20.0980 2748 ShellHWDetection - ok
20:03:21.0568 2748 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:03:21.0571 2748 SiSRaid2 - ok
20:03:21.0620 2748 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:03:21.0624 2748 SiSRaid4 - ok
20:03:21.0830 2748 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:03:21.0834 2748 Smb - ok
20:03:21.0919 2748 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:03:21.0923 2748 SNMPTRAP - ok
20:03:21.0981 2748 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:03:21.0983 2748 spldr - ok
20:03:22.0405 2748 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:03:22.0418 2748 Spooler - ok
20:03:23.0388 2748 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:03:23.0483 2748 sppsvc - ok
20:03:24.0523 2748 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:03:24.0528 2748 sppuinotify - ok
20:03:24.0785 2748 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:03:24.0807 2748 srv - ok
20:03:24.0968 2748 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:03:25.0086 2748 srv2 - ok
20:03:25.0217 2748 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:03:25.0234 2748 srvnet - ok
20:03:25.0340 2748 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:03:25.0346 2748 SSDPSRV - ok
20:03:25.0428 2748 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:03:25.0434 2748 SstpSvc - ok
20:03:25.0493 2748 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:03:25.0496 2748 stexstor - ok
20:03:26.0548 2748 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:03:26.0576 2748 stisvc - ok
20:03:26.0999 2748 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:03:27.0001 2748 stllssvr - ok
20:03:27.0206 2748 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:03:27.0208 2748 swenum - ok
20:03:27.0908 2748 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:03:28.0048 2748 SwitchBoard - ok
20:03:28.0710 2748 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:03:28.0738 2748 swprv - ok
20:03:32.0048 2748 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:03:32.0214 2748 SysMain - ok
20:03:33.0374 2748 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:03:33.0726 2748 TabletInputService - ok
20:03:33.0988 2748 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:03:33.0996 2748 TapiSrv - ok
20:03:34.0160 2748 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:03:34.0166 2748 TBS - ok
20:03:36.0748 2748 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:03:36.0760 2748 Tcpip - ok
20:03:41.0626 2748 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:03:41.0639 2748 TCPIP6 - ok
20:03:43.0137 2748 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:03:43.0140 2748 tcpipreg - ok
20:03:43.0308 2748 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:03:43.0311 2748 TDPIPE - ok
20:03:43.0512 2748 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:03:43.0515 2748 TDTCP - ok
20:03:43.0935 2748 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:03:43.0938 2748 tdx - ok
20:03:51.0350 2748 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:03:51.0368 2748 TeamViewer7 - ok
20:03:53.0381 2748 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:03:53.0383 2748 TermDD - ok
20:03:54.0752 2748 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:03:54.0765 2748 TermService - ok
20:03:55.0020 2748 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:03:55.0026 2748 Themes - ok
20:03:55.0461 2748 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:03:55.0465 2748 THREADORDER - ok
20:03:55.0774 2748 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:03:55.0920 2748 TrkWks - ok
20:03:56.0614 2748 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:03:56.0793 2748 TrustedInstaller - ok
20:03:57.0014 2748 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:03:57.0016 2748 tssecsrv - ok
20:03:57.0305 2748 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:03:57.0309 2748 TsUsbFlt - ok
20:03:57.0504 2748 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:03:57.0507 2748 TsUsbGD - ok
20:03:57.0851 2748 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:03:58.0056 2748 tunnel - ok
20:03:58.0782 2748 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:03:58.0804 2748 uagp35 - ok
20:03:59.0460 2748 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:03:59.0602 2748 udfs - ok
20:03:59.0682 2748 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:03:59.0688 2748 UI0Detect - ok
20:03:59.0958 2748 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:03:59.0961 2748 uliagpkx - ok
20:04:00.0345 2748 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:04:00.0421 2748 umbus - ok
20:04:00.0725 2748 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:04:00.0770 2748 UmPass - ok
20:04:01.0473 2748 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:04:01.0632 2748 upnphost - ok
20:04:01.0906 2748 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
20:04:01.0909 2748 USBAAPL64 - ok
20:04:02.0154 2748 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
20:04:02.0217 2748 usbccgp - ok
20:04:02.0344 2748 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:04:02.0348 2748 usbcir - ok
20:04:02.0424 2748 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:04:02.0426 2748 usbehci - ok
20:04:02.0698 2748 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:04:02.0751 2748 usbhub - ok
20:04:02.0828 2748 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
20:04:02.0830 2748 usbohci - ok
20:04:02.0877 2748 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
20:04:02.0879 2748 usbprint - ok
20:04:02.0985 2748 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:04:02.0988 2748 USBSTOR - ok
20:04:03.0054 2748 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
20:04:03.0057 2748 usbuhci - ok
20:04:03.0191 2748 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:04:03.0211 2748 usbvideo - ok
20:04:03.0320 2748 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:04:03.0325 2748 UxSms - ok
20:04:03.0400 2748 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:04:03.0402 2748 VaultSvc - ok
20:04:03.0590 2748 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:04:03.0592 2748 vdrvroot - ok
20:04:03.0992 2748 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:04:04.0039 2748 vds - ok
20:04:04.0114 2748 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:04:04.0117 2748 vga - ok
20:04:04.0143 2748 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:04:04.0146 2748 VgaSave - ok
20:04:04.0206 2748 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:04:04.0211 2748 vhdmp - ok
20:04:04.0251 2748 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:04:04.0253 2748 viaide - ok
20:04:04.0295 2748 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:04:04.0296 2748 volmgr - ok
20:04:04.0403 2748 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:04:04.0425 2748 volmgrx - ok
20:04:04.0756 2748 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:04:04.0782 2748 volsnap - ok
20:04:04.0899 2748 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:04:04.0904 2748 vsmraid - ok
20:04:06.0271 2748 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:04:06.0346 2748 VSS - ok
20:04:07.0104 2748 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
20:04:07.0158 2748 vToolbarUpdater12.1.5 - ok
20:04:08.0489 2748 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:04:08.0491 2748 vwifibus - ok
20:04:08.0578 2748 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:04:08.0581 2748 vwififlt - ok
20:04:08.0757 2748 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:04:08.0779 2748 W32Time - ok
20:04:08.0948 2748 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:04:08.0951 2748 WacomPen - ok
20:04:09.0051 2748 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:04:09.0054 2748 WANARP - ok
20:04:09.0085 2748 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:04:09.0087 2748 Wanarpv6 - ok
20:04:10.0439 2748 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:04:10.0483 2748 WatAdminSvc - ok
20:04:10.0908 2748 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:04:10.0965 2748 wbengine - ok
20:04:11.0437 2748 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:04:11.0638 2748 WbioSrvc - ok
20:04:12.0664 2748 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:04:12.0745 2748 wcncsvc - ok
20:04:12.0969 2748 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:04:12.0974 2748 WcsPlugInService - ok
20:04:13.0234 2748 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:04:13.0236 2748 Wd - ok
20:04:13.0954 2748 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:04:14.0118 2748 Wdf01000 - ok
20:04:14.0371 2748 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:04:14.0397 2748 WdiServiceHost - ok
20:04:14.0404 2748 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:04:14.0410 2748 WdiSystemHost - ok
20:04:14.0848 2748 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:04:14.0906 2748 WebClient - ok
20:04:15.0147 2748 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:04:15.0294 2748 Wecsvc - ok
20:04:15.0464 2748 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:04:15.0470 2748 wercplsupport - ok
20:04:15.0756 2748 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:04:15.0764 2748 WerSvc - ok
20:04:16.0078 2748 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:04:16.0080 2748 WfpLwf - ok
20:04:16.0313 2748 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:04:16.0503 2748 WimFltr - ok
20:04:16.0559 2748 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:04:16.0561 2748 WIMMount - ok
20:04:16.0753 2748 WinDefend - ok
20:04:16.0775 2748 WinHttpAutoProxySvc - ok
20:04:17.0366 2748 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:04:17.0410 2748 Winmgmt - ok
20:04:20.0840 2748 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:04:21.0051 2748 WinRM - ok
20:04:23.0665 2748 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:04:23.0667 2748 WinUsb - ok
20:04:25.0316 2748 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:04:25.0508 2748 Wlansvc - ok
20:04:26.0282 2748 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:04:26.0384 2748 wlcrasvc - ok
20:04:31.0250 2748 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:04:31.0340 2748 wlidsvc - ok
20:04:33.0221 2748 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:04:33.0223 2748 WmiAcpi - ok
20:04:33.0887 2748 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:04:33.0923 2748 wmiApSrv - ok
20:04:34.0048 2748 WMPNetworkSvc - ok
20:04:34.0119 2748 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:04:34.0127 2748 WPCSvc - ok
20:04:34.0480 2748 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:04:34.0501 2748 WPDBusEnum - ok
20:04:34.0605 2748 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:04:34.0607 2748 ws2ifsl - ok
20:04:35.0892 2748 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
20:04:35.0918 2748 wscsvc - ok
20:04:35.0924 2748 WSearch - ok
20:04:41.0134 2748 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
20:04:41.0211 2748 wuauserv - ok
20:04:42.0631 2748 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:04:42.0664 2748 WudfPf - ok
20:04:43.0677 2748 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:04:43.0820 2748 WUDFRd - ok
20:04:44.0210 2748 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:04:44.0350 2748 wudfsvc - ok
20:04:46.0391 2748 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:04:46.0400 2748 WwanSvc - ok
20:04:46.0484 2748 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:04:56.0514 2748 \Device\Harddisk0\DR0 - ok
20:04:56.0550 2748 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
20:04:56.0758 2748 \Device\Harddisk0\DR0\Partition0 - ok
20:04:56.0850 2748 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1
20:04:56.0874 2748 \Device\Harddisk0\DR0\Partition1 - ok
20:04:56.0874 2748 ============================================================
20:04:56.0874 2748 Scan finished
20:04:56.0875 2748 ============================================================
20:04:56.0898 3668 Detected object count: 0
20:04:56.0898 3668 Actual detected object count: 0
20:07:52.0875 3416 ============================================================
20:07:52.0875 3416 Scan started
20:07:52.0875 3416 Mode: Manual; SigCheck; TDLFS;
20:07:52.0875 3416 ============================================================
20:07:55.0973 3416 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:07:56.0131 3416 1394ohci - ok
20:07:56.0343 3416 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:07:56.0367 3416 ACPI - ok
20:07:56.0408 3416 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:07:56.0649 3416 AcpiPmi - ok
20:07:56.0756 3416 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:07:56.0787 3416 adp94xx - ok
20:07:56.0904 3416 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:07:56.0934 3416 adpahci - ok
20:07:56.0983 3416 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:07:56.0996 3416 adpu320 - ok
20:07:57.0038 3416 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:07:57.0098 3416 AeLookupSvc - ok
20:07:57.0223 3416 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:07:57.0250 3416 AERTFilters - ok
20:07:57.0393 3416 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:07:57.0434 3416 AFD - ok
20:07:57.0465 3416 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:07:57.0491 3416 agp440 - ok
20:07:57.0535 3416 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:07:57.0576 3416 ALG - ok
20:07:57.0603 3416 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:07:57.0613 3416 aliide - ok
20:07:57.0657 3416 AMD External Events Utility (2115fb360c02a4b4c3696bf8e9524bdb) C:\windows\system32\atiesrxx.exe
20:07:57.0717 3416 AMD External Events Utility - ok
20:07:57.0750 3416 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:07:57.0771 3416 amdide - ok
20:07:57.0817 3416 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:07:57.0845 3416 AmdK8 - ok
20:07:58.0421 3416 amdkmdag (d212e021f43891fbd0669dd8457d455c) C:\windows\system32\DRIVERS\atikmdag.sys
20:07:58.0500 3416 amdkmdag - ok
20:07:58.0701 3416 amdkmdap (1c2421393cdc5a97269109fb352ddf1a) C:\windows\system32\DRIVERS\atikmpag.sys
20:07:58.0754 3416 amdkmdap - ok
20:07:58.0806 3416 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:07:58.0838 3416 AmdPPM - ok
20:07:58.0876 3416 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:07:58.0907 3416 amdsata - ok
20:07:58.0961 3416 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:07:58.0995 3416 amdsbs - ok
20:07:59.0023 3416 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:07:59.0042 3416 amdxata - ok
20:07:59.0107 3416 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\windows\system32\DRIVERS\amd_sata.sys
20:07:59.0140 3416 amd_sata - ok
20:07:59.0169 3416 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\windows\system32\DRIVERS\amd_xata.sys
20:07:59.0178 3416 amd_xata - ok
20:07:59.0235 3416 ApfiltrService (98449a2957778a6f025c418438a380f4) C:\windows\system32\DRIVERS\Apfiltr.sys
20:07:59.0268 3416 ApfiltrService - ok
20:07:59.0306 3416 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:07:59.0661 3416 AppID - ok
20:07:59.0716 3416 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:07:59.0772 3416 AppIDSvc - ok
20:07:59.0829 3416 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:07:59.0884 3416 Appinfo - ok
20:08:00.0003 3416 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:08:00.0022 3416 Apple Mobile Device - ok
20:08:00.0069 3416 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:08:00.0099 3416 arc - ok
20:08:00.0142 3416 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:08:00.0169 3416 arcsas - ok
20:08:00.0281 3416 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:08:00.0305 3416 aspnet_state - ok
20:08:00.0320 3416 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:08:00.0354 3416 AsyncMac - ok
20:08:00.0396 3416 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:08:00.0407 3416 atapi - ok
20:08:00.0684 3416 athr (96abf88241f90ff647e55c934c55c2f1) C:\windows\system32\DRIVERS\athrx.sys
20:08:00.0739 3416 athr - ok
20:08:00.0884 3416 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
20:08:00.0908 3416 AtiPcie - ok
20:08:00.0999 3416 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:08:01.0076 3416 AudioEndpointBuilder - ok
20:08:01.0084 3416 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:08:01.0122 3416 AudioSrv - ok
20:08:01.0184 3416 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
20:08:01.0211 3416 AVGIDSHA - ok
20:08:01.0279 3416 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
20:08:01.0312 3416 Avgtdia - ok
20:08:01.0337 3416 avgtp (e1b8ec60c85a266cb604cd46921606b4) C:\windows\system32\drivers\avgtpx64.sys
20:08:01.0348 3416 avgtp - ok
20:08:01.0459 3416 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:08:01.0489 3416 avgwd - ok
20:08:01.0527 3416 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:08:01.0628 3416 AxInstSV - ok
20:08:01.0705 3416 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:08:01.0753 3416 b06bdrv - ok
20:08:01.0792 3416 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:08:01.0842 3416 b57nd60a - ok
20:08:01.0872 3416 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:08:01.0920 3416 BDESVC - ok
20:08:01.0934 3416 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:08:01.0978 3416 Beep - ok
20:08:02.0050 3416 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:08:02.0105 3416 BFE - ok
20:08:02.0138 3416 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:08:02.0149 3416 blbdrive - ok
20:08:02.0187 3416 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:08:02.0231 3416 bowser - ok
20:08:02.0249 3416 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:08:02.0263 3416 BrFiltLo - ok
20:08:02.0272 3416 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:08:02.0286 3416 BrFiltUp - ok
20:08:02.0296 3416 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
20:08:02.0329 3416 BridgeMP - ok
20:08:02.0357 3416 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:08:02.0408 3416 Browser - ok
20:08:02.0443 3416 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:08:02.0521 3416 Brserid - ok
20:08:02.0534 3416 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:08:02.0557 3416 BrSerWdm - ok
20:08:02.0561 3416 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:08:02.0579 3416 BrUsbMdm - ok
20:08:02.0584 3416 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:08:02.0595 3416 BrUsbSer - ok
20:08:02.0630 3416 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:08:02.0669 3416 BthEnum - ok
20:08:02.0678 3416 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:08:02.0692 3416 BTHMODEM - ok
20:08:02.0712 3416 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:08:02.0740 3416 BthPan - ok
20:08:02.0795 3416 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
20:08:02.0818 3416 BTHPORT - ok
20:08:02.0855 3416 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:08:02.0914 3416 bthserv - ok
20:08:02.0933 3416 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
20:08:02.0957 3416 BTHUSB - ok
20:08:02.0962 3416 catchme - ok
20:08:02.0995 3416 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:08:03.0030 3416 cdfs - ok
20:08:03.0058 3416 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:08:03.0099 3416 cdrom - ok
20:08:03.0124 3416 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:08:03.0182 3416 CertPropSvc - ok
20:08:03.0199 3416 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:08:03.0213 3416 circlass - ok
20:08:03.0263 3416 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:08:03.0294 3416 CLFS - ok
20:08:03.0356 3416 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:08:03.0380 3416 clr_optimization_v2.0.50727_32 - ok
20:08:03.0412 3416 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:08:03.0438 3416 clr_optimization_v2.0.50727_64 - ok
20:08:03.0525 3416 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:08:03.0551 3416 clr_optimization_v4.0.30319_32 - ok
20:08:03.0616 3416 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:08:03.0644 3416 clr_optimization_v4.0.30319_64 - ok
20:08:03.0670 3416 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:08:03.0708 3416 CmBatt - ok
20:08:03.0726 3416 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:08:03.0737 3416 cmdide - ok
20:08:03.0838 3416 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
20:08:03.0878 3416 CNG - ok
20:08:03.0889 3416 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:08:03.0899 3416 Compbatt - ok
20:08:03.0914 3416 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:08:03.0938 3416 CompositeBus - ok
20:08:03.0942 3416 COMSysApp - ok
20:08:03.0957 3416 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:08:03.0967 3416 crcdisk - ok
20:08:04.0026 3416 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
20:08:04.0059 3416 CryptSvc - ok
20:08:04.0103 3416 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:08:04.0165 3416 CtClsFlt - ok
20:08:04.0250 3416 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:08:04.0304 3416 DcomLaunch - ok
20:08:04.0356 3416 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:08:04.0413 3416 defragsvc - ok
20:08:04.0441 3416 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:08:04.0503 3416 DfsC - ok
20:08:04.0539 3416 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:08:04.0582 3416 Dhcp - ok
20:08:04.0602 3416 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:08:04.0642 3416 discache - ok
20:08:04.0664 3416 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:08:04.0676 3416 Disk - ok
20:08:04.0728 3416 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:08:04.0781 3416 Dnscache - ok
20:08:04.0827 3416 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:08:04.0876 3416 dot3svc - ok
20:08:04.0906 3416 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:08:04.0961 3416 DPS - ok
20:08:04.0985 3416 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:08:05.0026 3416 drmkaud - ok
20:08:05.0129 3416 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:08:05.0164 3416 DXGKrnl - ok
20:08:05.0170 3416 EagleX64 - ok
20:08:05.0196 3416 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:08:05.0259 3416 EapHost - ok
20:08:05.0504 3416 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:08:05.0549 3416 ebdrv - ok
20:08:05.0696 3416 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:08:05.0720 3416 EFS - ok
20:08:05.0851 3416 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:08:05.0921 3416 ehRecvr - ok
20:08:05.0949 3416 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:08:05.0962 3416 ehSched - ok
20:08:06.0051 3416 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:08:06.0085 3416 elxstor - ok
20:08:06.0089 3416 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:08:06.0114 3416 ErrDev - ok
20:08:06.0184 3416 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:08:06.0230 3416 EventSystem - ok
20:08:06.0266 3416 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:08:06.0332 3416 exfat - ok
20:08:06.0362 3416 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:08:06.0425 3416 fastfat - ok
20:08:06.0506 3416 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:08:06.0579 3416 Fax - ok
20:08:06.0599 3416 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:08:06.0637 3416 fdc - ok
20:08:06.0654 3416 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:08:06.0702 3416 fdPHost - ok
20:08:06.0754 3416 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:08:06.0816 3416 FDResPub - ok
20:08:06.0837 3416 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:08:06.0849 3416 FileInfo - ok
20:08:06.0869 3416 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:08:06.0902 3416 Filetrace - ok
20:08:06.0916 3416 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:08:06.0927 3416 flpydisk - ok
20:08:06.0962 3416 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:08:06.0977 3416 FltMgr - ok
20:08:07.0096 3416 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:08:07.0183 3416 FontCache - ok
20:08:07.0262 3416 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:07.0285 3416 FontCache3.0.0.0 - ok
20:08:07.0344 3416 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:08:07.0373 3416 FsDepends - ok
20:08:07.0420 3416 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:08:07.0436 3416 Fs_Rec - ok
20:08:07.0469 3416 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:08:07.0486 3416 fvevol - ok
20:08:07.0568 3416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:08:07.0598 3416 gagp30kx - ok
20:08:07.0705 3416 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:08:07.0729 3416 GamesAppService - ok
20:08:07.0762 3416 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:08:07.0784 3416 GEARAspiWDM - ok
20:08:07.0864 3416 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:08:07.0884 3416 GoToAssist - ok
20:08:08.0022 3416 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:08:08.0065 3416 gpsvc - ok
20:08:08.0099 3416 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
20:08:08.0108 3416 hamachi - ok
20:08:08.0356 3416 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:08:08.0398 3416 Hamachi2Svc - ok
20:08:08.0535 3416 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:08:08.0585 3416 hcw85cir - ok
20:08:08.0633 3416 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:08:08.0668 3416 HdAudAddService - ok
20:08:08.0686 3416 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:08:08.0715 3416 HDAudBus - ok
20:08:08.0719 3416 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:08:08.0740 3416 HidBatt - ok
20:08:08.0757 3416 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:08:08.0784 3416 HidBth - ok
20:08:08.0801 3416 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:08:08.0819 3416 HidIr - ok
20:08:08.0852 3416 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
20:08:08.0912 3416 hidserv - ok
20:08:08.0926 3416 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:08:08.0937 3416 HidUsb - ok
20:08:08.0969 3416 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:08:09.0033 3416 hkmsvc - ok
20:08:09.0071 3416 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:08:09.0107 3416 HomeGroupListener - ok
20:08:09.0154 3416 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:08:09.0203 3416 HomeGroupProvider - ok
20:08:09.0227 3416 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:08:09.0256 3416 HpSAMD - ok
20:08:09.0352 3416 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:08:09.0428 3416 HTTP - ok
20:08:09.0447 3416 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:08:09.0457 3416 hwpolicy - ok
20:08:09.0474 3416 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:08:09.0486 3416 i8042prt - ok
20:08:09.0546 3416 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:08:09.0569 3416 iaStorV - ok
20:08:09.0721 3416 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:09.0751 3416 idsvc - ok
20:08:09.0775 3416 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:08:09.0786 3416 iirsp - ok
20:08:09.0897 3416 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:08:09.0959 3416 IKEEXT - ok
20:08:10.0165 3416 IntcAzAudAddService (30ce3b186d3f661050be6fed23d842ba) C:\windows\system32\drivers\RTKVHD64.sys
20:08:10.0208 3416 IntcAzAudAddService - ok
20:08:10.0354 3416 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:08:10.0381 3416 intelide - ok
20:08:10.0393 3416 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
20:08:10.0411 3416 intelppm - ok
20:08:10.0452 3416 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:08:10.0533 3416 IPBusEnum - ok
20:08:10.0549 3416 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:08:10.0590 3416 IpFilterDriver - ok
20:08:10.0649 3416 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:08:10.0708 3416 iphlpsvc - ok
20:08:10.0717 3416 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:08:10.0739 3416 IPMIDRV - ok
20:08:10.0776 3416 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:08:10.0810 3416 IPNAT - ok
20:08:10.0962 3416 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:08:11.0005 3416 iPod Service - ok
20:08:11.0024 3416 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:08:11.0040 3416 IRENUM - ok
20:08:11.0044 3416 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:08:11.0055 3416 isapnp - ok
20:08:11.0094 3416 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:08:11.0122 3416 iScsiPrt - ok
20:08:11.0141 3416 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:08:11.0151 3416 kbdclass - ok
20:08:11.0174 3416 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
20:08:11.0206 3416 kbdhid - ok
20:08:11.0231 3416 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:11.0252 3416 KeyIso - ok
20:08:11.0288 3416 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
20:08:11.0303 3416 KSecDD - ok
20:08:11.0337 3416 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
20:08:11.0370 3416 KSecPkg - ok
20:08:11.0387 3416 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:08:11.0464 3416 ksthunk - ok
20:08:11.0528 3416 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:08:11.0584 3416 KtmRm - ok
20:08:11.0619 3416 L1C (9ddc68b87a9b837736a2b193ee14a4a5) C:\windows\system32\DRIVERS\L1C62x64.sys
20:08:11.0631 3416 L1C - ok
20:08:11.0670 3416 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
20:08:11.0705 3416 LanmanServer - ok
20:08:11.0744 3416 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:08:11.0825 3416 LanmanWorkstation - ok
20:08:11.0850 3416 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:08:11.0884 3416 lltdio - ok
20:08:11.0932 3416 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:08:11.0984 3416 lltdsvc - ok
20:08:12.0001 3416 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:08:12.0036 3416 lmhosts - ok
20:08:12.0063 3416 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:08:12.0074 3416 LSI_FC - ok
20:08:12.0100 3416 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:08:12.0112 3416 LSI_SAS - ok
20:08:12.0120 3416 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:08:12.0131 3416 LSI_SAS2 - ok
20:08:12.0143 3416 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:08:12.0155 3416 LSI_SCSI - ok
20:08:12.0180 3416 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:08:12.0244 3416 luafv - ok
20:08:12.0273 3416 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:08:12.0285 3416 Mcx2Svc - ok
20:08:12.0292 3416 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:08:12.0303 3416 megasas - ok
20:08:12.0347 3416 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:08:12.0380 3416 MegaSR - ok
20:08:12.0419 3416 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:08:12.0486 3416 MMCSS - ok
20:08:12.0499 3416 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:08:12.0540 3416 Modem - ok
20:08:12.0562 3416 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:08:12.0582 3416 monitor - ok
20:08:12.0605 3416 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:08:12.0616 3416 mouclass - ok
20:08:12.0626 3416 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:08:12.0663 3416 mouhid - ok
20:08:12.0688 3416 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:08:12.0700 3416 mountmgr - ok
20:08:12.0798 3416 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:08:12.0826 3416 MozillaMaintenance - ok
20:08:12.0860 3416 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:08:12.0890 3416 mpio - ok
20:08:12.0914 3416 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:08:12.0948 3416 mpsdrv - ok
20:08:13.0059 3416 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:08:13.0139 3416 MpsSvc - ok
20:08:13.0163 3416 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:08:13.0208 3416 MRxDAV - ok
20:08:13.0256 3416 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:08:13.0312 3416 mrxsmb - ok
20:08:13.0357 3416 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:08:13.0371 3416 mrxsmb10 - ok
20:08:13.0397 3416 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:08:13.0409 3416 mrxsmb20 - ok
20:08:13.0442 3416 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:08:13.0452 3416 msahci - ok
20:08:13.0481 3416 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:08:13.0493 3416 msdsm - ok
20:08:13.0543 3416 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:08:13.0577 3416 MSDTC - ok
20:08:13.0598 3416 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:08:13.0632 3416 Msfs - ok
20:08:13.0636 3416 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:08:13.0717 3416 mshidkmdf - ok
20:08:13.0735 3416 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:08:13.0746 3416 msisadrv - ok
20:08:13.0792 3416 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:08:13.0865 3416 MSiSCSI - ok
20:08:13.0869 3416 msiserver - ok
20:08:13.0894 3416 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:08:13.0927 3416 MSKSSRV - ok
20:08:13.0944 3416 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:08:14.0011 3416 MSPCLOCK - ok
20:08:14.0015 3416 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:08:14.0053 3416 MSPQM - ok
20:08:14.0103 3416 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:08:14.0127 3416 MsRPC - ok
20:08:14.0139 3416 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:08:14.0150 3416 mssmbios - ok
20:08:14.0166 3416 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:08:14.0205 3416 MSTEE - ok
20:08:14.0213 3416 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:08:14.0225 3416 MTConfig - ok
20:08:14.0248 3416 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:08:14.0259 3416 Mup - ok
20:08:14.0326 3416 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:08:14.0393 3416 napagent - ok
20:08:14.0437 3416 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:08:14.0466 3416 NativeWifiP - ok
20:08:14.0587 3416 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:08:14.0618 3416 NDIS - ok
20:08:14.0630 3416 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:08:14.0665 3416 NdisCap - ok
20:08:14.0689 3416 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:08:14.0722 3416 NdisTapi - ok
20:08:14.0743 3416 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:08:14.0783 3416 Ndisuio - ok
20:08:14.0816 3416 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:08:14.0859 3416 NdisWan - ok
20:08:14.0879 3416 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:08:14.0912 3416 NDProxy - ok
20:08:14.0932 3416 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:08:14.0974 3416 NetBIOS - ok
20:08:15.0010 3416 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:08:15.0044 3416 NetBT - ok
20:08:15.0084 3416 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:15.0109 3416 Netlogon - ok
20:08:15.0171 3416 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:08:15.0224 3416 Netman - ok
20:08:15.0330 3416 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:15.0357 3416 NetMsmqActivator - ok
20:08:15.0365 3416 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:15.0384 3416 NetPipeActivator - ok
20:08:15.0418 3416 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:08:15.0466 3416 netprofm - ok
20:08:15.0470 3416 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:15.0480 3416 NetTcpActivator - ok
20:08:15.0484 3416 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:15.0495 3416 NetTcpPortSharing - ok
20:08:15.0548 3416 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:08:15.0576 3416 nfrd960 - ok
20:08:15.0632 3416 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:08:15.0686 3416 NlaSvc - ok
20:08:16.0007 3416 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
20:08:16.0056 3416 NOBU - ok
20:08:16.0212 3416 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:08:16.0267 3416 Npfs - ok
20:08:16.0289 3416 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:08:16.0323 3416 nsi - ok
20:08:16.0332 3416 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:08:16.0374 3416 nsiproxy - ok
20:08:16.0551 3416 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:08:16.0586 3416 Ntfs - ok
20:08:16.0729 3416 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:08:16.0779 3416 Null - ok
20:08:16.0825 3416 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:08:16.0851 3416 nvraid - ok
20:08:16.0890 3416 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:08:16.0913 3416 nvstor - ok
20:08:16.0940 3416 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:08:16.0951 3416 nv_agp - ok
20:08:17.0174 3416 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:08:17.0210 3416 odserv - ok
20:08:17.0218 3416 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:08:17.0238 3416 ohci1394 - ok
20:08:17.0290 3416 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:08:17.0318 3416 ose - ok
20:08:17.0391 3416 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:08:17.0440 3416 p2pimsvc - ok
20:08:17.0548 3416 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:08:17.0575 3416 p2psvc - ok
20:08:17.0621 3416 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:08:17.0652 3416 Parport - ok
20:08:17.0724 3416 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:08:17.0750 3416 partmgr - ok
20:08:17.0800 3416 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:08:17.0870 3416 PcaSvc - ok
20:08:17.0982 3416 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
20:08:18.0007 3416 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
20:08:18.0149 3416 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:08:18.0173 3416 pci - ok
20:08:18.0198 3416 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:08:18.0225 3416 pciide - ok
20:08:18.0285 3416 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:08:18.0319 3416 pcmcia - ok
20:08:18.0343 3416 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:08:18.0365 3416 pcw - ok
20:08:18.0460 3416 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:08:18.0547 3416 PEAUTH - ok
20:08:18.0640 3416 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:08:18.0680 3416 PerfHost - ok
20:08:18.0843 3416 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:08:18.0900 3416 pla - ok
20:08:18.0971 3416 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:08:19.0008 3416 PlugPlay - ok
20:08:19.0028 3416 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:08:19.0040 3416 PNRPAutoReg - ok
20:08:19.0073 3416 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:08:19.0088 3416 PNRPsvc - ok
20:08:19.0165 3416 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:08:19.0230 3416 PolicyAgent - ok
20:08:19.0263 3416 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:08:19.0346 3416 Power - ok
20:08:19.0418 3416 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:08:19.0477 3416 PptpMiniport - ok
20:08:19.0494 3416 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:08:19.0515 3416 Processor - ok
20:08:19.0577 3416 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
20:08:19.0632 3416 ProfSvc - ok
20:08:19.0672 3416 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:19.0699 3416 ProtectedStorage - ok
20:08:19.0727 3416 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:08:19.0778 3416 Psched - ok
20:08:19.0807 3416 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:08:19.0817 3416 PxHlpa64 - ok
20:08:19.0967 3416 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:08:20.0000 3416 ql2300 - ok
20:08:20.0155 3416 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:08:20.0181 3416 ql40xx - ok
20:08:20.0225 3416 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:08:20.0252 3416 QWAVE - ok
20:08:20.0268 3416 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:08:20.0296 3416 QWAVEdrv - ok
20:08:20.0317 3416 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:08:20.0377 3416 RasAcd - ok
20:08:20.0404 3416 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:08:20.0438 3416 RasAgileVpn - ok
20:08:20.0458 3416 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:08:20.0523 3416 RasAuto - ok
20:08:20.0550 3416 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:08:20.0615 3416 Rasl2tp - ok
20:08:20.0658 3416 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:08:20.0712 3416 RasMan - ok
20:08:20.0729 3416 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:08:20.0796 3416 RasPppoe - ok
20:08:20.0817 3416 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:08:20.0852 3416 RasSstp - ok
20:08:20.0893 3416 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:08:20.0946 3416 rdbss - ok
20:08:20.0964 3416 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:08:20.0978 3416 rdpbus - ok
20:08:21.0001 3416 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:08:21.0066 3416 RDPCDD - ok
20:08:21.0079 3416 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:08:21.0113 3416 RDPENCDD - ok
20:08:21.0129 3416 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:08:21.0162 3416 RDPREFMP - ok
20:08:21.0216 3416 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
20:08:21.0249 3416 RDPWD - ok
20:08:21.0280 3416 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:08:21.0294 3416 rdyboost - ok
20:08:21.0325 3416 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:08:21.0392 3416 RemoteAccess - ok
20:08:21.0435 3416 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:08:21.0489 3416 RemoteRegistry - ok
20:08:21.0522 3416 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:08:21.0562 3416 RFCOMM - ok
20:08:21.0811 3416 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:08:21.0847 3416 RoxMediaDB12OEM - ok
20:08:21.0895 3416 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:08:21.0921 3416 RoxWatch12 - ok
20:08:22.0077 3416 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:08:22.0124 3416 RpcEptMapper - ok
20:08:22.0152 3416 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:08:22.0177 3416 RpcLocator - ok
20:08:22.0237 3416 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
20:08:22.0282 3416 RpcSs - ok
20:08:22.0338 3416 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:08:22.0394 3416 rspndr - ok
20:08:22.0447 3416 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\windows\system32\Drivers\RtsUStor.sys
20:08:22.0466 3416 RSUSBSTOR - ok
20:08:22.0505 3416 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:22.0516 3416 SamSs - ok
20:08:22.0534 3416 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:08:22.0546 3416 sbp2port - ok
20:08:22.0768 3416 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:08:22.0805 3416 SBSDWSCService - ok
20:08:22.0863 3416 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:08:22.0908 3416 SCardSvr - ok
20:08:22.0952 3416 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:08:23.0017 3416 scfilter - ok
20:08:23.0126 3416 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:08:23.0184 3416 Schedule - ok
20:08:23.0214 3416 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:08:23.0247 3416 SCPolicySvc - ok
20:08:23.0269 3416 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:08:23.0294 3416 SDRSVC - ok
20:08:23.0316 3416 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:08:23.0375 3416 secdrv - ok
20:08:23.0390 3416 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:08:23.0423 3416 seclogon - ok
20:08:23.0442 3416 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
20:08:23.0487 3416 SENS - ok
20:08:23.0505 3416 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:08:23.0546 3416 SensrSvc - ok
20:08:23.0569 3416 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:08:23.0584 3416 Serenum - ok
20:08:23.0607 3416 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:08:23.0620 3416 Serial - ok
20:08:23.0625 3416 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:08:23.0642 3416 sermouse - ok
20:08:23.0673 3416 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:08:23.0736 3416 SessionEnv - ok
20:08:23.0741 3416 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:08:23.0755 3416 sffdisk - ok
20:08:23.0759 3416 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:08:23.0774 3416 sffp_mmc - ok
20:08:23.0778 3416 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:08:23.0804 3416 sffp_sd - ok
20:08:23.0808 3416 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:08:23.0829 3416 sfloppy - ok
20:08:23.0977 3416 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:08:24.0001 3416 SftService - ok
20:08:24.0057 3416 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:08:24.0106 3416 SharedAccess - ok
20:08:24.0164 3416 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:08:24.0220 3416 ShellHWDetection - ok
20:08:24.0287 3416 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:08:24.0298 3416 SiSRaid2 - ok
20:08:24.0308 3416 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:08:24.0320 3416 SiSRaid4 - ok
20:08:24.0342 3416 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:08:24.0387 3416 Smb - ok
20:08:24.0406 3416 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:08:24.0427 3416 SNMPTRAP - ok
20:08:24.0447 3416 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:08:24.0457 3416 spldr - ok
20:08:24.0525 3416 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:08:24.0583 3416 Spooler - ok
20:08:24.0849 3416 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:08:24.0934 3416 sppsvc - ok
20:08:25.0058 3416 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:08:25.0117 3416 sppuinotify - ok
20:08:25.0206 3416 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:08:25.0253 3416 srv - ok
20:08:25.0307 3416 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:08:25.0361 3416 srv2 - ok
20:08:25.0389 3416 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:08:25.0401 3416 srvnet - ok
20:08:25.0431 3416 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:08:25.0468 3416 SSDPSRV - ok
20:08:25.0490 3416 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:08:25.0526 3416 SstpSvc - ok
20:08:25.0556 3416 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:08:25.0567 3416 stexstor - ok
20:08:25.0632 3416 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:08:25.0665 3416 stisvc - ok
20:08:25.0777 3416 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:08:25.0798 3416 stllssvr - ok
20:08:25.0818 3416 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:08:25.0828 3416 swenum - ok
20:08:25.0962 3416 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:08:25.0992 3416 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:08:25.0992 3416 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:08:26.0047 3416 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:08:26.0106 3416 swprv - ok
20:08:26.0272 3416 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:08:26.0322 3416 SysMain - ok
20:08:26.0445 3416 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:08:26.0464 3416 TabletInputService - ok
20:08:26.0499 3416 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:08:26.0535 3416 TapiSrv - ok
20:08:26.0555 3416 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:08:26.0592 3416 TBS - ok
20:08:26.0835 3416 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:08:26.0875 3416 Tcpip - ok
20:08:27.0130 3416 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:08:27.0172 3416 TCPIP6 - ok
20:08:27.0260 3416 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:08:27.0331 3416 tcpipreg - ok
20:08:27.0349 3416 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:08:27.0369 3416 TDPIPE - ok
20:08:27.0406 3416 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:08:27.0448 3416 TDTCP - ok
20:08:27.0477 3416 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:08:27.0522 3416 tdx - ok
20:08:27.0838 3416 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:08:27.0890 3416 TeamViewer7 - ok
20:08:28.0042 3416 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:08:28.0069 3416 TermDD - ok
20:08:28.0163 3416 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:08:28.0218 3416 TermService - ok
20:08:28.0234 3416 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:08:28.0252 3416 Themes - ok
20:08:28.0286 3416 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:08:28.0333 3416 THREADORDER - ok
20:08:28.0360 3416 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:08:28.0438 3416 TrkWks - ok
20:08:28.0493 3416 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:08:28.0542 3416 TrustedInstaller - ok
20:08:28.0566 3416 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:08:28.0628 3416 tssecsrv - ok
20:08:28.0650 3416 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:08:28.0680 3416 TsUsbFlt - ok
20:08:28.0712 3416 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:08:28.0723 3416 TsUsbGD - ok
20:08:28.0752 3416 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:08:28.0804 3416 tunnel - ok
20:08:28.0812 3416 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:08:28.0824 3416 uagp35 - ok
20:08:28.0862 3416 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:08:28.0926 3416 udfs - ok
20:08:28.0956 3416 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:08:28.0998 3416 UI0Detect - ok
20:08:29.0006 3416 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:08:29.0017 3416 uliagpkx - ok
20:08:29.0034 3416 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:08:29.0063 3416 umbus - ok
20:08:29.0080 3416 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:08:29.0103 3416 UmPass - ok
20:08:29.0153 3416 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:08:29.0211 3416 upnphost - ok
20:08:29.0246 3416 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
20:08:29.0299 3416 USBAAPL64 - ok
20:08:29.0348 3416 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
20:08:29.0400 3416 usbccgp - ok
20:08:29.0446 3416 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:08:29.0479 3416 usbcir - ok
20:08:29.0526 3416 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:08:29.0553 3416 usbehci - ok
20:08:29.0609 3416 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:08:29.0634 3416 usbhub - ok
20:08:29.0655 3416 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
20:08:29.0694 3416 usbohci - ok
20:08:29.0703 3416 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
20:08:29.0741 3416 usbprint - ok
20:08:29.0775 3416 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:08:29.0825 3416 USBSTOR - ok
20:08:29.0867 3416 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
20:08:29.0899 3416 usbuhci - ok
20:08:29.0959 3416 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:08:29.0991 3416 usbvideo - ok
20:08:30.0037 3416 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:08:30.0092 3416 UxSms - ok
20:08:30.0139 3416 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:30.0168 3416 VaultSvc - ok
20:08:30.0177 3416 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:08:30.0188 3416 vdrvroot - ok
20:08:30.0250 3416 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:08:30.0293 3416 vds - ok
20:08:30.0319 3416 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:08:30.0333 3416 vga - ok
20:08:30.0352 3416 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:08:30.0422 3416 VgaSave - ok
20:08:30.0448 3416 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:08:30.0461 3416 vhdmp - ok
20:08:30.0466 3416 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:08:30.0477 3416 viaide - ok
20:08:30.0493 3416 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:08:30.0504 3416 volmgr - ok
20:08:30.0543 3416 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:08:30.0559 3416 volmgrx - ok
20:08:30.0599 3416 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:08:30.0625 3416 volsnap - ok
20:08:30.0652 3416 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:08:30.0681 3416 vsmraid - ok
20:08:30.0858 3416 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:08:30.0967 3416 VSS - ok
20:08:31.0159 3416 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
20:08:31.0197 3416 vToolbarUpdater12.1.5 - ok
20:08:31.0351 3416 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:08:31.0387 3416 vwifibus - ok
20:08:31.0407 3416 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:08:31.0424 3416 vwififlt - ok
20:08:31.0483 3416 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:08:31.0542 3416 W32Time - ok
20:08:31.0569 3416 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:08:31.0607 3416 WacomPen - ok
20:08:31.0630 3416 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:08:31.0672 3416 WANARP - ok
20:08:31.0675 3416 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:08:31.0709 3416 Wanarpv6 - ok
20:08:31.0854 3416 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:08:31.0897 3416 WatAdminSvc - ok
20:08:32.0050 3416 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:08:32.0099 3416 wbengine - ok
20:08:32.0235 3416 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:08:32.0273 3416 WbioSrvc - ok
20:08:32.0319 3416 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:08:32.0349 3416 wcncsvc - ok
20:08:32.0369 3416 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:08:32.0413 3416 WcsPlugInService - ok
20:08:32.0463 3416 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:08:32.0483 3416 Wd - ok
20:08:32.0555 3416 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:08:32.0582 3416 Wdf01000 - ok
20:08:32.0602 3416 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:08:32.0661 3416 WdiServiceHost - ok
20:08:32.0664 3416 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:08:32.0682 3416 WdiSystemHost - ok
20:08:32.0722 3416 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:08:32.0780 3416 WebClient - ok
20:08:32.0817 3416 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:08:32.0884 3416 Wecsvc - ok
20:08:32.0903 3416 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:08:32.0939 3416 wercplsupport - ok
20:08:32.0957 3416 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:08:32.0999 3416 WerSvc - ok
20:08:33.0060 3416 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:08:33.0104 3416 WfpLwf - ok
20:08:33.0148 3416 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:08:33.0172 3416 WimFltr - ok
20:08:33.0193 3416 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:08:33.0213 3416 WIMMount - ok
20:08:33.0266 3416 WinDefend - ok
20:08:33.0284 3416 WinHttpAutoProxySvc - ok
20:08:33.0360 3416 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:08:33.0407 3416 Winmgmt - ok
20:08:33.0623 3416 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:08:33.0693 3416 WinRM - ok
20:08:33.0841 3416 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:08:33.0877 3416 WinUsb - ok
20:08:33.0988 3416 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:08:34.0026 3416 Wlansvc - ok
20:08:34.0105 3416 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:08:34.0128 3416 wlcrasvc - ok
20:08:34.0371 3416 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:08:34.0413 3416 wlidsvc - ok
20:08:34.0561 3416 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:08:34.0605 3416 WmiAcpi - ok
20:08:34.0672 3416 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:08:34.0701 3416 wmiApSrv - ok
20:08:34.0755 3416 WMPNetworkSvc - ok
20:08:34.0785 3416 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:08:34.0826 3416 WPCSvc - ok
20:08:34.0853 3416 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:08:34.0867 3416 WPDBusEnum - ok
20:08:34.0884 3416 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:08:34.0919 3416 ws2ifsl - ok
20:08:34.0944 3416 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
20:08:34.0998 3416 wscsvc - ok
20:08:35.0001 3416 WSearch - ok
20:08:35.0268 3416 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
20:08:35.0314 3416 wuauserv - ok
20:08:35.0472 3416 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:08:35.0550 3416 WudfPf - ok
20:08:35.0585 3416 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:08:35.0619 3416 WUDFRd - ok
20:08:35.0654 3416 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:08:35.0706 3416 wudfsvc - ok
20:08:35.0736 3416 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:08:35.0781 3416 WwanSvc - ok
20:08:35.0806 3416 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:08:36.0340 3416 \Device\Harddisk0\DR0 - ok
20:08:36.0348 3416 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
20:08:36.0351 3416 \Device\Harddisk0\DR0\Partition0 - ok
20:08:36.0393 3416 Boot (0x1200) (42830d70bbef9b5ec0b23baae40fa686) \Device\Harddisk0\DR0\Partition1
20:08:36.0395 3416 \Device\Harddisk0\DR0\Partition1 - ok
20:08:36.0395 3416 ============================================================
20:08:36.0395 3416 Scan finished
20:08:36.0395 3416 ============================================================
20:08:36.0406 3824 Detected object count: 1
20:08:36.0406 3824 Actual detected object count: 1
20:09:32.0466 3824 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:09:32.0467 3824 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:10:22.0750 3864 Deinitialize success

#4
RKinner

Posted 03 August 2012 - 07:36 PM

Malware Expert

Expert
24,748 posts

The logs are out of order but it appears that they are all there and that we got rid of the bug. I think you should clear System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

What does AVG say now? (Files in c:\qoobox\ and C:\_OTL\ are disabled virus files.) Any problems left?

Ron