TechSpot

Unable to remove Trogan.Agent svchost.exe with Malwarebytes

Solved
By carthage9000
Jul 4, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Yes, the very same way.
     
  2. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    got it. proceeding. will post momentarily
     
  3. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    here is the log of fix. unforunately, still music/ads playing. ugh.


    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012
    Ran by SYSTEM at 2012-07-04 16:10:11 Run:1
    Running from F:\
    ==============================================
    C:\Windows\svchost.exe moved successfully.
    ==== End of Fixlog ====
     
  4. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    running combofix now

    ComboFix 12-07-04.04 - cdogg 07/04/2012 16:27:47.2.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5434 [GMT -4:00]
    Running from: c:\users\cdogg\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-04 19:12 . 2012-07-04 23:39 -------- d-----w- C:\FRST
    2012-07-04 14:48 . 2012-07-04 14:48 -------- d-----w- c:\users\cdogg\AppData\Roaming\HPAppData
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\users\cdogg\AppData\Roaming\Malwarebytes
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-04 02:20 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-04 00:27 . 2011-12-14 16:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-07-04 00:27 . 2011-12-14 16:46 25920 ----a-w- c:\windows\system32\authuitu.dll
    2012-07-04 00:27 . 2011-12-14 16:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
    2012-07-04 00:25 . 2012-07-04 00:25 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-07-04 00:25 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-07-04 00:25 . 2012-07-04 00:25 -------- d--h--w- c:\programdata\Common Files
    2012-07-04 00:24 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
    2012-07-03 22:13 . 2012-07-03 22:14 -------- d-----w- C:\8973daadc5ee177a10a1
    2012-06-24 14:38 . 2012-06-24 14:38 -------- d-----w- c:\windows\en
    2012-06-24 14:34 . 2012-06-24 14:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-24 14:30 . 2012-06-24 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f2779cd91cd521502\MeshBetaRemover.exe
    2012-06-24 14:30 . 2012-06-24 14:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DSETUP.dll
    2012-06-24 14:30 . 2012-06-24 14:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DXSETUP.exe
    2012-06-24 14:30 . 2012-06-24 14:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\dsetup32.dll
    2012-06-23 12:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 12:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 12:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 12:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 12:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 12:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 12:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 12:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 12:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 18:25 . 2012-06-16 18:25 -------- d-----w- c:\users\cdogg\AppData\Local\The Witcher 2
    2012-06-16 15:49 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\The Witcher 2
    2012-06-15 03:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-15 03:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-15 03:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-15 03:56 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-15 03:56 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-15 03:56 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-15 03:56 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-15 03:56 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-15 03:56 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-15 03:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-15 03:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-15 03:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-15 03:55 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-15 03:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-15 03:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-15 03:55 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-15 03:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-12 10:57 . 2012-04-27 16:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 10:57 . 2011-08-07 02:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-22 21:03 . 2012-05-22 21:02 1164080 ----a-w- c:\windows\M4A89GTD-PRO-USB3-ASUS-3027.zip
    2012-05-22 20:48 . 2012-05-22 20:49 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2012-05-22 20:48 . 2012-05-22 20:49 412264 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2012-05-22 20:48 . 2011-03-21 17:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-05-22 20:36 . 2012-05-22 20:36 16896 ----a-w- c:\windows\AsTaskSched.dll
    2012-05-05 02:35 . 2012-05-05 02:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
    2012-05-02 11:55 . 2011-02-12 18:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
    2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2010-09-29 01:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll
    2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
    2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
    2012-04-06 02:00 . 2011-04-20 05:27 64000 ----a-w- c:\windows\system32\coinst.dll
    2012-04-06 01:54 . 2010-09-29 01:37 7479296 ----a-w- c:\windows\system32\atidxx64.dll
    2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
    2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-04-06 01:09 . 2010-09-29 01:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-04_13.00.11 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-03-10 02:51 . 2012-07-04 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-03-10 02:51 . 2012-07-04 20:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-04 13:57 . 2012-07-04 13:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-03 12:28 . 2012-07-04 19:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    - 2012-07-03 12:28 . 2012-07-04 12:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-07-04 13:19 . 2012-07-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070420120705\index.dat
    - 2012-07-03 12:28 . 2012-07-04 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-07-03 12:28 . 2012-07-04 20:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-07-04 13:57 . 2012-07-04 13:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    + 2011-02-12 17:08 . 2012-07-04 20:42 63312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-04 20:42 35384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-12 16:57 . 2012-07-04 20:42 21162 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4101788207-3307439777-1475344421-1000_UserData.bin
    + 2011-06-17 14:41 . 2012-07-04 18:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-06-17 14:41 . 2012-05-22 00:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-12 19:29 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-12 19:29 . 2012-07-04 19:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-12 19:29 . 2012-07-04 19:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-12 19:29 . 2012-07-04 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-04 19:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-04 20:40 . 2012-07-04 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-04 20:40 . 2012-07-04 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-07-04 20:41 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 02:36 . 2012-06-16 16:28 671952 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-04 18:10 671952 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-16 16:28 126078 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-04 18:10 126078 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:12 . 2012-02-17 02:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-07-04 19:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2012-07-04 12:57 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-04 20:38 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-07-04 20:41 6832128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-12 21:59 . 2012-07-04 20:38 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-02-12 21:59 . 2012-07-04 12:57 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-07-03 21:13 . 2012-07-04 20:38 4099744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-07-04 20:41 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-19 05:17 . 2012-07-04 20:38 29437360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4101788207-3307439777-1475344421-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
    c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
    2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-04 00:25 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-05-09 176936]
    "{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2012-07-04 1451336]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\cdogg\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-12 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-01-13 43608]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-04 218440]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-2-12 4562944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120703.002\IDSvia64.sys [2012-06-14 509088]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
    S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2012-07-04 246600]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-05-22 412264]
    S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys [2011-01-16 22912]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
    S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [2010-09-30 13312]
    S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 16:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 10:57]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
    - c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
    - c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = localhost;<local>
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
    5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22,
    a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6,
    81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9194649F-7143-4308-90C1-D6A35B0E354E}"=hex:51,66,7a,6c,4c,1d,38,12,f1,67,87,
    95,71,3f,66,06,ef,d7,95,e3,5e,50,71,5a
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:30,b7,56,e6,ec,59,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 17:03:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-04 21:03
    ComboFix2.txt 2012-07-04 13:29
    .
    Pre-Run: 862,364,758,016 bytes free
    Post-Run: 862,815,342,592 bytes free
    .
    - - End Of File - - AF5BE32AAFDF693E34339D60ED8A2682
     
  5. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =======================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  6. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    TDSS Killer Log, others listed to follow.

    17:16:04.0265 8060 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
    17:16:05.0075 8060 ============================================================
    17:16:05.0075 8060 Current date / time: 2012/07/04 17:16:05.0075
    17:16:05.0075 8060 SystemInfo:
    17:16:05.0075 8060
    17:16:05.0075 8060 OS Version: 6.1.7601 ServicePack: 1.0
    17:16:05.0075 8060 Product type: Workstation
    17:16:05.0075 8060 ComputerName: MOTHERSHIP1
    17:16:05.0075 8060 UserName: cdogg
    17:16:05.0075 8060 Windows directory: C:\Windows
    17:16:05.0075 8060 System windows directory: C:\Windows
    17:16:05.0075 8060 Running under WOW64
    17:16:05.0075 8060 Processor architecture: Intel x64
    17:16:05.0075 8060 Number of processors: 6
    17:16:05.0075 8060 Page size: 0x1000
    17:16:05.0075 8060 Boot type: Normal boot
    17:16:05.0075 8060 ============================================================
    17:16:07.0135 8060 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:16:07.0145 8060 Drive \Device\Harddisk1\DR1 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:16:07.0155 8060 ============================================================
    17:16:07.0155 8060 \Device\Harddisk0\DR0:
    17:16:07.0155 8060 MBR partitions:
    17:16:07.0155 8060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:16:07.0155 8060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    17:16:07.0155 8060 \Device\Harddisk1\DR1:
    17:16:07.0155 8060 MBR partitions:
    17:16:07.0155 8060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7797E0
    17:16:07.0155 8060 ============================================================
    17:16:07.0185 8060 C: <-> \Device\Harddisk0\DR0\Partition1
    17:16:07.0185 8060 ============================================================
    17:16:07.0185 8060 Initialize success
    17:16:07.0185 8060 ============================================================
    17:16:22.0395 6480 ============================================================
    17:16:22.0395 6480 Scan started
    17:16:22.0395 6480 Mode: Manual;
    17:16:22.0395 6480 ============================================================
    17:16:23.0625 6480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:16:23.0635 6480 1394ohci - ok
    17:16:23.0685 6480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:16:23.0685 6480 ACPI - ok
    17:16:23.0695 6480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:16:23.0715 6480 AcpiPmi - ok
    17:16:23.0805 6480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:16:23.0805 6480 AdobeARMservice - ok
    17:16:23.0985 6480 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:16:23.0995 6480 AdobeFlashPlayerUpdateSvc - ok
    17:16:24.0085 6480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:16:24.0115 6480 adp94xx - ok
    17:16:24.0155 6480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:16:24.0165 6480 adpahci - ok
    17:16:24.0195 6480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:16:24.0205 6480 adpu320 - ok
    17:16:24.0245 6480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:16:24.0245 6480 AeLookupSvc - ok
    17:16:24.0345 6480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:16:24.0355 6480 AFD - ok
    17:16:24.0375 6480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:16:24.0385 6480 agp440 - ok
    17:16:24.0415 6480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:16:24.0425 6480 ALG - ok
    17:16:24.0445 6480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:16:24.0445 6480 aliide - ok
    17:16:24.0515 6480 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
    17:16:24.0515 6480 AMD External Events Utility - ok
    17:16:24.0595 6480 AMD FUEL Service - ok
    17:16:24.0615 6480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:16:24.0625 6480 amdide - ok
    17:16:24.0685 6480 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    17:16:24.0695 6480 amdiox64 - ok
    17:16:24.0715 6480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:16:24.0715 6480 AmdK8 - ok
    17:16:25.0625 6480 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:16:25.0785 6480 amdkmdag - ok
    17:16:25.0965 6480 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
    17:16:25.0965 6480 amdkmdap - ok
    17:16:26.0005 6480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:16:26.0005 6480 AmdPPM - ok
    17:16:26.0085 6480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:16:26.0105 6480 amdsata - ok
    17:16:26.0155 6480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:16:26.0165 6480 amdsbs - ok
    17:16:26.0185 6480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:16:26.0195 6480 amdxata - ok
    17:16:26.0285 6480 AODDriver4.0 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    17:16:26.0295 6480 AODDriver4.0 - ok
    17:16:26.0325 6480 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    17:16:26.0325 6480 AODDriver4.01 - ok
    17:16:26.0345 6480 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    17:16:26.0345 6480 AODDriver4.1 - ok
    17:16:26.0445 6480 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    17:16:26.0455 6480 AODService - ok
    17:16:26.0505 6480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:16:26.0525 6480 AppID - ok
    17:16:26.0555 6480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:16:26.0555 6480 AppIDSvc - ok
    17:16:26.0605 6480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:16:26.0605 6480 Appinfo - ok
    17:16:26.0655 6480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:16:26.0665 6480 arc - ok
    17:16:26.0695 6480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:16:26.0695 6480 arcsas - ok
    17:16:26.0805 6480 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
    17:16:26.0815 6480 AsIO - ok
    17:16:26.0935 6480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:16:26.0955 6480 aspnet_state - ok
    17:16:27.0055 6480 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    17:16:27.0055 6480 AsSysCtrlService - ok
    17:16:27.0085 6480 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
    17:16:27.0095 6480 AsUpIO - ok
    17:16:27.0125 6480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:16:27.0125 6480 AsyncMac - ok
    17:16:27.0145 6480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:16:27.0145 6480 atapi - ok
    17:16:27.0355 6480 athur (c579174daf19e9330c31c95df1471380) C:\Windows\system32\DRIVERS\athurx.sys
    17:16:27.0395 6480 athur - ok
    17:16:27.0555 6480 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
    17:16:27.0575 6480 AtiHDAudioService - ok
    17:16:27.0615 6480 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    17:16:27.0635 6480 AtiPcie - ok
    17:16:27.0745 6480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:16:27.0745 6480 AudioEndpointBuilder - ok
    17:16:27.0755 6480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:16:27.0765 6480 AudioSrv - ok
    17:16:27.0845 6480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:16:27.0845 6480 AxInstSV - ok
    17:16:27.0925 6480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:16:27.0975 6480 b06bdrv - ok
    17:16:28.0015 6480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:16:28.0025 6480 b57nd60a - ok
    17:16:28.0055 6480 bcgame - ok
    17:16:28.0085 6480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:16:28.0085 6480 BDESVC - ok
    17:16:28.0135 6480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:16:28.0155 6480 Beep - ok
    17:16:28.0265 6480 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:16:28.0275 6480 BFE - ok
    17:16:28.0505 6480 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
    17:16:28.0525 6480 BHDrvx64 - ok
    17:16:28.0635 6480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    17:16:28.0645 6480 BITS - ok
    17:16:28.0695 6480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:16:28.0705 6480 blbdrive - ok
    17:16:28.0745 6480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:16:28.0755 6480 bowser - ok
    17:16:28.0805 6480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:16:28.0805 6480 BrFiltLo - ok
    17:16:28.0815 6480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:16:28.0825 6480 BrFiltUp - ok
    17:16:28.0865 6480 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    17:16:28.0875 6480 BridgeMP - ok
    17:16:28.0905 6480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:16:28.0915 6480 Browser - ok
    17:16:28.0955 6480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:16:28.0965 6480 Brserid - ok
    17:16:28.0985 6480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:16:28.0985 6480 BrSerWdm - ok
    17:16:29.0005 6480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:16:29.0005 6480 BrUsbMdm - ok
    17:16:29.0015 6480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:16:29.0015 6480 BrUsbSer - ok
    17:16:29.0055 6480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:16:29.0065 6480 BTHMODEM - ok
    17:16:29.0095 6480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:16:29.0105 6480 bthserv - ok
    17:16:29.0125 6480 catchme - ok
    17:16:29.0215 6480 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
    17:16:29.0215 6480 ccSet_N360 - ok
    17:16:29.0245 6480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:16:29.0245 6480 cdfs - ok
    17:16:29.0305 6480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    17:16:29.0315 6480 cdrom - ok
    17:16:29.0345 6480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:16:29.0345 6480 CertPropSvc - ok
    17:16:29.0385 6480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:16:29.0385 6480 circlass - ok
    17:16:29.0415 6480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:16:29.0415 6480 CLFS - ok
    17:16:29.0475 6480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:16:29.0485 6480 clr_optimization_v2.0.50727_32 - ok
    17:16:29.0515 6480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:16:29.0525 6480 clr_optimization_v2.0.50727_64 - ok
    17:16:29.0585 6480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:16:29.0585 6480 clr_optimization_v4.0.30319_32 - ok
    17:16:29.0635 6480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:16:29.0635 6480 clr_optimization_v4.0.30319_64 - ok
    17:16:29.0675 6480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:16:29.0685 6480 CmBatt - ok
    17:16:29.0725 6480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:16:29.0745 6480 cmdide - ok
    17:16:29.0815 6480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:16:29.0825 6480 CNG - ok
    17:16:29.0845 6480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:16:29.0845 6480 Compbatt - ok
    17:16:29.0885 6480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:16:29.0905 6480 CompositeBus - ok
    17:16:29.0905 6480 COMSysApp - ok
    17:16:29.0975 6480 cpuz135 - ok
    17:16:29.0995 6480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:16:29.0995 6480 crcdisk - ok
    17:16:30.0065 6480 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:16:30.0065 6480 CryptSvc - ok
    17:16:30.0115 6480 CSRBC (c72d445d22c23a14b8b97e36699c22ae) C:\Windows\system32\Drivers\csrbc.sys
    17:16:30.0115 6480 CSRBC - ok
    17:16:30.0235 6480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:16:30.0245 6480 DcomLaunch - ok
    17:16:30.0285 6480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:16:30.0305 6480 defragsvc - ok
    17:16:30.0335 6480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:16:30.0335 6480 DfsC - ok
    17:16:30.0405 6480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:16:30.0415 6480 Dhcp - ok
    17:16:30.0425 6480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:16:30.0425 6480 discache - ok
    17:16:30.0475 6480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:16:30.0475 6480 Disk - ok
    17:16:30.0515 6480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:16:30.0525 6480 Dnscache - ok
    17:16:30.0555 6480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:16:30.0575 6480 dot3svc - ok
    17:16:30.0595 6480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:16:30.0595 6480 DPS - ok
    17:16:30.0615 6480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:16:30.0615 6480 drmkaud - ok
    17:16:30.0695 6480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:16:30.0705 6480 DXGKrnl - ok
    17:16:30.0725 6480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:16:30.0725 6480 EapHost - ok
    17:16:30.0895 6480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:16:30.0955 6480 ebdrv - ok
    17:16:31.0055 6480 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    17:16:31.0065 6480 eeCtrl - ok
    17:16:31.0145 6480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:16:31.0155 6480 EFS - ok
    17:16:31.0295 6480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:16:31.0315 6480 ehRecvr - ok
    17:16:31.0345 6480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:16:31.0355 6480 ehSched - ok
    17:16:31.0455 6480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:16:31.0465 6480 elxstor - ok
    17:16:31.0535 6480 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    17:16:31.0545 6480 EraserUtilRebootDrv - ok
    17:16:31.0575 6480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:16:31.0585 6480 ErrDev - ok
    17:16:31.0675 6480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:16:31.0685 6480 EventSystem - ok
    17:16:31.0715 6480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:16:31.0715 6480 exfat - ok
    17:16:31.0745 6480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:16:31.0745 6480 fastfat - ok
    17:16:31.0825 6480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:16:31.0845 6480 Fax - ok
    17:16:31.0875 6480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:16:31.0875 6480 fdc - ok
    17:16:31.0895 6480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:16:31.0895 6480 fdPHost - ok
    17:16:31.0895 6480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:16:31.0895 6480 FDResPub - ok
    17:16:31.0915 6480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:16:31.0925 6480 FileInfo - ok
    17:16:31.0925 6480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:16:31.0935 6480 Filetrace - ok
    17:16:31.0945 6480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:16:31.0945 6480 flpydisk - ok
    17:16:32.0005 6480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:16:32.0015 6480 FltMgr - ok
    17:16:32.0285 6480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:16:32.0305 6480 FontCache - ok
    17:16:32.0355 6480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:16:32.0365 6480 FontCache3.0.0.0 - ok
    17:16:32.0405 6480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:16:32.0405 6480 FsDepends - ok
    17:16:32.0425 6480 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:16:32.0425 6480 Fs_Rec - ok
    17:16:32.0505 6480 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    17:16:32.0525 6480 Futuremark SystemInfo Service - ok
    17:16:32.0585 6480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:16:32.0595 6480 fvevol - ok
    17:16:32.0635 6480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:16:32.0635 6480 gagp30kx - ok
    17:16:32.0715 6480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:16:32.0725 6480 gpsvc - ok
    17:16:32.0735 6480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:16:32.0745 6480 hcw85cir - ok
    17:16:32.0825 6480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:16:32.0845 6480 HdAudAddService - ok
    17:16:32.0895 6480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:16:32.0905 6480 HDAudBus - ok
    17:16:32.0925 6480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:16:32.0925 6480 HidBatt - ok
    17:16:32.0945 6480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:16:32.0945 6480 HidBth - ok
    17:16:32.0965 6480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:16:32.0965 6480 HidIr - ok
    17:16:32.0985 6480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    17:16:32.0995 6480 hidserv - ok
    17:16:33.0015 6480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    17:16:33.0015 6480 HidUsb - ok
    17:16:33.0045 6480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:16:33.0045 6480 hkmsvc - ok
    17:16:33.0095 6480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:16:33.0095 6480 HomeGroupListener - ok
    17:16:33.0135 6480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:16:33.0145 6480 HomeGroupProvider - ok
    17:16:33.0285 6480 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    17:16:33.0295 6480 hpqcxs08 - ok
    17:16:33.0325 6480 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    17:16:33.0335 6480 hpqddsvc - ok
    17:16:33.0385 6480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:16:33.0395 6480 HpSAMD - ok
    17:16:33.0525 6480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:16:33.0545 6480 HTTP - ok
    17:16:33.0575 6480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:16:33.0575 6480 hwpolicy - ok
    17:16:33.0635 6480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    17:16:33.0645 6480 i8042prt - ok
    17:16:33.0695 6480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:16:33.0725 6480 iaStorV - ok
    17:16:33.0845 6480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:16:33.0865 6480 idsvc - ok
    17:16:34.0015 6480 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120703.002\IDSvia64.sys
    17:16:34.0025 6480 IDSVia64 - ok
    17:16:34.0105 6480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:16:34.0115 6480 iirsp - ok
    17:16:34.0205 6480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:16:34.0215 6480 IKEEXT - ok
    17:16:34.0615 6480 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
    17:16:34.0635 6480 IntcAzAudAddService - ok
    17:16:34.0705 6480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:16:34.0705 6480 intelide - ok
    17:16:34.0745 6480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:16:34.0745 6480 intelppm - ok
    17:16:34.0765 6480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:16:34.0775 6480 IPBusEnum - ok
    17:16:34.0805 6480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:16:34.0815 6480 IpFilterDriver - ok
    17:16:34.0865 6480 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:16:34.0875 6480 iphlpsvc - ok
    17:16:34.0895 6480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:16:34.0895 6480 IPMIDRV - ok
    17:16:34.0925 6480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:16:34.0925 6480 IPNAT - ok
    17:16:34.0945 6480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:16:34.0955 6480 IRENUM - ok
    17:16:34.0975 6480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:16:34.0995 6480 isapnp - ok
    17:16:35.0035 6480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:16:35.0065 6480 iScsiPrt - ok
    17:16:35.0115 6480 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
    17:16:35.0125 6480 JRAID - ok
    17:16:35.0275 6480 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
    17:16:35.0305 6480 jswpsapi - ok
    17:16:35.0315 6480 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
    17:16:35.0315 6480 JSWPSLWF - ok
    17:16:35.0335 6480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:16:35.0345 6480 kbdclass - ok
    17:16:35.0385 6480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:16:35.0385 6480 kbdhid - ok
    17:16:35.0395 6480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:16:35.0405 6480 KeyIso - ok
    17:16:35.0425 6480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:16:35.0425 6480 KSecDD - ok
    17:16:35.0455 6480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:16:35.0465 6480 KSecPkg - ok
    17:16:35.0475 6480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:16:35.0495 6480 ksthunk - ok
    17:16:35.0535 6480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:16:35.0565 6480 KtmRm - ok
    17:16:35.0605 6480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    17:16:35.0615 6480 LanmanServer - ok
    17:16:35.0645 6480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:16:35.0645 6480 LanmanWorkstation - ok
    17:16:35.0695 6480 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
    17:16:35.0705 6480 LHidFilt - ok
    17:16:35.0755 6480 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    17:16:35.0755 6480 LightScribeService - ok
    17:16:35.0805 6480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:16:35.0805 6480 lltdio - ok
    17:16:35.0855 6480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:16:35.0855 6480 lltdsvc - ok
    17:16:35.0885 6480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:16:35.0885 6480 lmhosts - ok
    17:16:35.0905 6480 LMouFilt (ed2fd8bbd73478cce7c707fb8103cb56) C:\Windows\system32\DRIVERS\LMouFilt.Sys
    17:16:35.0905 6480 LMouFilt - ok
    17:16:35.0955 6480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:16:35.0955 6480 LSI_FC - ok
    17:16:35.0975 6480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:16:35.0975 6480 LSI_SAS - ok
    17:16:35.0985 6480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:16:35.0995 6480 LSI_SAS2 - ok
    17:16:36.0025 6480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:16:36.0025 6480 LSI_SCSI - ok
    17:16:36.0065 6480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:16:36.0065 6480 luafv - ok
    17:16:36.0135 6480 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    17:16:36.0135 6480 MBAMProtector - ok
    17:16:36.0255 6480 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:16:36.0255 6480 MBAMService - ok
    17:16:36.0285 6480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:16:36.0285 6480 Mcx2Svc - ok
    17:16:36.0295 6480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:16:36.0295 6480 megasas - ok
    17:16:36.0345 6480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:16:36.0355 6480 MegaSR - ok
    17:16:36.0425 6480 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    17:16:36.0435 6480 Microsoft Office Groove Audit Service - ok
    17:16:36.0495 6480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:16:36.0495 6480 MMCSS - ok
    17:16:36.0505 6480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:16:36.0505 6480 Modem - ok
    17:16:36.0545 6480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
     
  7. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    part 2

    17:16:36.0555 6480 monitor - ok
    17:16:36.0595 6480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:16:36.0595 6480 mouclass - ok
    17:16:36.0645 6480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:16:36.0645 6480 mouhid - ok
    17:16:36.0665 6480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:16:36.0675 6480 mountmgr - ok
    17:16:36.0705 6480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:16:36.0715 6480 mpio - ok
    17:16:36.0725 6480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:16:36.0745 6480 mpsdrv - ok
    17:16:36.0815 6480 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:16:36.0835 6480 MpsSvc - ok
    17:16:36.0855 6480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:16:36.0855 6480 MRxDAV - ok
    17:16:36.0885 6480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:16:36.0895 6480 mrxsmb - ok
    17:16:36.0925 6480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:16:36.0945 6480 mrxsmb10 - ok
    17:16:36.0965 6480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:16:36.0965 6480 mrxsmb20 - ok
    17:16:37.0035 6480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:16:37.0095 6480 msahci - ok
    17:16:37.0275 6480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:16:37.0275 6480 msdsm - ok
    17:16:37.0345 6480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:16:37.0345 6480 MSDTC - ok
    17:16:37.0385 6480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:16:37.0395 6480 Msfs - ok
    17:16:37.0405 6480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:16:37.0405 6480 mshidkmdf - ok
    17:16:37.0415 6480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:16:37.0415 6480 msisadrv - ok
    17:16:37.0465 6480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:16:37.0495 6480 MSiSCSI - ok
    17:16:37.0495 6480 msiserver - ok
    17:16:37.0535 6480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:16:37.0535 6480 MSKSSRV - ok
    17:16:37.0575 6480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:16:37.0585 6480 MSPCLOCK - ok
    17:16:37.0605 6480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:16:37.0605 6480 MSPQM - ok
    17:16:37.0665 6480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:16:37.0675 6480 MsRPC - ok
    17:16:37.0685 6480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:16:37.0685 6480 mssmbios - ok
    17:16:37.0685 6480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:16:37.0695 6480 MSTEE - ok
    17:16:37.0705 6480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:16:37.0705 6480 MTConfig - ok
    17:16:37.0745 6480 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    17:16:37.0755 6480 MTsensor - ok
    17:16:37.0775 6480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:16:37.0775 6480 Mup - ok
    17:16:37.0885 6480 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
    17:16:37.0885 6480 N360 - ok
    17:16:37.0975 6480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:16:38.0005 6480 napagent - ok
    17:16:38.0095 6480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:16:38.0135 6480 NativeWifiP - ok
    17:16:38.0315 6480 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.002\ENG64.SYS
    17:16:38.0315 6480 NAVENG - ok
    17:16:38.0555 6480 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.002\EX64.SYS
    17:16:38.0575 6480 NAVEX15 - ok
    17:16:38.0695 6480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:16:38.0705 6480 NDIS - ok
    17:16:38.0735 6480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:16:38.0745 6480 NdisCap - ok
    17:16:38.0775 6480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:16:38.0795 6480 NdisTapi - ok
    17:16:38.0825 6480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:16:38.0825 6480 Ndisuio - ok
    17:16:38.0865 6480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:16:38.0865 6480 NdisWan - ok
    17:16:38.0895 6480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:16:38.0905 6480 NDProxy - ok
    17:16:38.0965 6480 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
    17:16:38.0965 6480 Net Driver HPZ12 - ok
    17:16:38.0995 6480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:16:38.0995 6480 NetBIOS - ok
    17:16:39.0035 6480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:16:39.0045 6480 NetBT - ok
    17:16:39.0085 6480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:16:39.0085 6480 Netlogon - ok
    17:16:39.0155 6480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:16:39.0165 6480 Netman - ok
    17:16:39.0265 6480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:16:39.0275 6480 NetMsmqActivator - ok
    17:16:39.0285 6480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:16:39.0285 6480 NetPipeActivator - ok
    17:16:39.0315 6480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:16:39.0325 6480 netprofm - ok
    17:16:39.0345 6480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:16:39.0345 6480 NetTcpActivator - ok
    17:16:39.0345 6480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:16:39.0345 6480 NetTcpPortSharing - ok
    17:16:39.0375 6480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:16:39.0385 6480 nfrd960 - ok
    17:16:39.0445 6480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:16:39.0455 6480 NlaSvc - ok
    17:16:39.0465 6480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:16:39.0465 6480 Npfs - ok
    17:16:39.0485 6480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:16:39.0495 6480 nsi - ok
    17:16:39.0495 6480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:16:39.0495 6480 nsiproxy - ok
    17:16:39.0645 6480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:16:39.0665 6480 Ntfs - ok
    17:16:39.0745 6480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:16:39.0745 6480 Null - ok
    17:16:39.0805 6480 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
    17:16:39.0805 6480 nusb3hub - ok
    17:16:39.0865 6480 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    17:16:39.0885 6480 nusb3xhc - ok
    17:16:39.0945 6480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:16:39.0965 6480 nvraid - ok
    17:16:39.0995 6480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:16:40.0005 6480 nvstor - ok
    17:16:40.0035 6480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:16:40.0035 6480 nv_agp - ok
    17:16:40.0115 6480 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    17:16:40.0135 6480 odserv - ok
    17:16:40.0165 6480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:16:40.0175 6480 ohci1394 - ok
    17:16:40.0225 6480 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:16:40.0245 6480 ose - ok
    17:16:40.0295 6480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:16:40.0305 6480 p2pimsvc - ok
    17:16:40.0355 6480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:16:40.0365 6480 p2psvc - ok
    17:16:40.0395 6480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:16:40.0405 6480 Parport - ok
    17:16:40.0425 6480 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:16:40.0475 6480 partmgr - ok
    17:16:40.0505 6480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:16:40.0505 6480 PcaSvc - ok
    17:16:40.0535 6480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:16:40.0535 6480 pci - ok
    17:16:40.0555 6480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:16:40.0555 6480 pciide - ok
    17:16:40.0575 6480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:16:40.0575 6480 pcmcia - ok
    17:16:40.0595 6480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:16:40.0595 6480 pcw - ok
    17:16:40.0635 6480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:16:40.0655 6480 PEAUTH - ok
    17:16:40.0745 6480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:16:40.0755 6480 PerfHost - ok
    17:16:40.0945 6480 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:16:40.0975 6480 pla - ok
    17:16:41.0055 6480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:16:41.0065 6480 PlugPlay - ok
    17:16:41.0135 6480 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
    17:16:41.0135 6480 Pml Driver HPZ12 - ok
    17:16:41.0155 6480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:16:41.0155 6480 PNRPAutoReg - ok
    17:16:41.0175 6480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:16:41.0185 6480 PNRPsvc - ok
    17:16:41.0235 6480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:16:41.0235 6480 PolicyAgent - ok
    17:16:41.0265 6480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:16:41.0265 6480 Power - ok
    17:16:41.0325 6480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:16:41.0335 6480 PptpMiniport - ok
    17:16:41.0355 6480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:16:41.0355 6480 Processor - ok
    17:16:41.0395 6480 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    17:16:41.0395 6480 ProfSvc - ok
    17:16:41.0415 6480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:16:41.0415 6480 ProtectedStorage - ok
    17:16:41.0475 6480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:16:41.0485 6480 Psched - ok
    17:16:41.0605 6480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:16:41.0625 6480 ql2300 - ok
    17:16:41.0695 6480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:16:41.0715 6480 ql40xx - ok
    17:16:41.0745 6480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:16:41.0755 6480 QWAVE - ok
    17:16:41.0775 6480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:16:41.0775 6480 QWAVEdrv - ok
    17:16:41.0805 6480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:16:41.0805 6480 RasAcd - ok
    17:16:41.0845 6480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:16:41.0855 6480 RasAgileVpn - ok
    17:16:41.0875 6480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:16:41.0885 6480 RasAuto - ok
    17:16:41.0905 6480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:16:41.0915 6480 Rasl2tp - ok
    17:16:41.0945 6480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:16:41.0955 6480 RasMan - ok
    17:16:41.0985 6480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:16:41.0995 6480 RasPppoe - ok
    17:16:42.0035 6480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:16:42.0035 6480 RasSstp - ok
    17:16:42.0075 6480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:16:42.0085 6480 rdbss - ok
    17:16:42.0095 6480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:16:42.0095 6480 rdpbus - ok
    17:16:42.0105 6480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:16:42.0105 6480 RDPCDD - ok
    17:16:42.0145 6480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:16:42.0145 6480 RDPENCDD - ok
    17:16:42.0155 6480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:16:42.0155 6480 RDPREFMP - ok
    17:16:42.0185 6480 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:16:42.0195 6480 RDPWD - ok
    17:16:42.0275 6480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:16:42.0275 6480 rdyboost - ok
    17:16:42.0315 6480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:16:42.0315 6480 RemoteAccess - ok
    17:16:42.0345 6480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:16:42.0355 6480 RemoteRegistry - ok
    17:16:42.0395 6480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:16:42.0395 6480 RpcEptMapper - ok
    17:16:42.0415 6480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:16:42.0415 6480 RpcLocator - ok
    17:16:42.0465 6480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:16:42.0465 6480 RpcSs - ok
    17:16:42.0485 6480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:16:42.0495 6480 rspndr - ok
    17:16:42.0535 6480 RTHDMIAzAudService - ok
    17:16:42.0605 6480 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:16:42.0615 6480 RTL8167 - ok
    17:16:42.0645 6480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:16:42.0645 6480 SamSs - ok
    17:16:42.0665 6480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:16:42.0675 6480 sbp2port - ok
    17:16:42.0705 6480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:16:42.0715 6480 SCardSvr - ok
    17:16:42.0755 6480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:16:42.0765 6480 scfilter - ok
    17:16:42.0835 6480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:16:42.0835 6480 Schedule - ok
    17:16:42.0875 6480 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
    17:16:42.0885 6480 SCMNdisP - ok
    17:16:42.0905 6480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:16:42.0905 6480 SCPolicySvc - ok
    17:16:42.0935 6480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:16:42.0935 6480 SDRSVC - ok
    17:16:42.0965 6480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:16:42.0965 6480 secdrv - ok
    17:16:42.0985 6480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:16:42.0985 6480 seclogon - ok
    17:16:43.0005 6480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    17:16:43.0005 6480 SENS - ok
    17:16:43.0025 6480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:16:43.0025 6480 SensrSvc - ok
    17:16:43.0035 6480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:16:43.0045 6480 Serenum - ok
    17:16:43.0085 6480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:16:43.0085 6480 Serial - ok
    17:16:43.0135 6480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:16:43.0145 6480 sermouse - ok
    17:16:43.0195 6480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:16:43.0205 6480 SessionEnv - ok
    17:16:43.0225 6480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:16:43.0225 6480 sffdisk - ok
    17:16:43.0235 6480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:16:43.0245 6480 sffp_mmc - ok
    17:16:43.0255 6480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:16:43.0275 6480 sffp_sd - ok
    17:16:43.0285 6480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:16:43.0295 6480 sfloppy - ok
    17:16:43.0345 6480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:16:43.0345 6480 SharedAccess - ok
    17:16:43.0395 6480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:16:43.0395 6480 ShellHWDetection - ok
    17:16:43.0415 6480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:16:43.0415 6480 SiSRaid2 - ok
    17:16:43.0435 6480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:16:43.0435 6480 SiSRaid4 - ok
    17:16:43.0465 6480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:16:43.0465 6480 Smb - ok
    17:16:43.0555 6480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:16:43.0555 6480 SNMPTRAP - ok
    17:16:43.0565 6480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:16:43.0575 6480 spldr - ok
    17:16:43.0625 6480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:16:43.0625 6480 Spooler - ok
    17:16:43.0845 6480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:16:43.0895 6480 sppsvc - ok
    17:16:43.0965 6480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:16:43.0985 6480 sppuinotify - ok
    17:16:44.0095 6480 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
    17:16:44.0105 6480 SRTSP - ok
    17:16:44.0125 6480 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
    17:16:44.0125 6480 SRTSPX - ok
    17:16:44.0175 6480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:16:44.0195 6480 srv - ok
    17:16:44.0235 6480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:16:44.0265 6480 srv2 - ok
    17:16:44.0285 6480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:16:44.0295 6480 srvnet - ok
    17:16:44.0355 6480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:16:44.0365 6480 SSDPSRV - ok
    17:16:44.0385 6480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:16:44.0385 6480 SstpSvc - ok
    17:16:44.0435 6480 Steam Client Service - ok
    17:16:44.0465 6480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:16:44.0465 6480 stexstor - ok
    17:16:44.0515 6480 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    17:16:44.0525 6480 StillCam - ok
    17:16:44.0665 6480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:16:44.0675 6480 stisvc - ok
    17:16:44.0685 6480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:16:44.0685 6480 swenum - ok
    17:16:44.0725 6480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:16:44.0745 6480 swprv - ok
    17:16:44.0835 6480 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
    17:16:44.0845 6480 SymDS - ok
    17:16:44.0925 6480 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
    17:16:44.0935 6480 SymEFA - ok
    17:16:44.0965 6480 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    17:16:44.0975 6480 SymEvent - ok
    17:16:45.0015 6480 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
    17:16:45.0025 6480 SymIM - ok
    17:16:45.0065 6480 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
    17:16:45.0065 6480 SymIRON - ok
    17:16:45.0105 6480 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
    17:16:45.0105 6480 SymNetS - ok
    17:16:45.0245 6480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:16:45.0265 6480 SysMain - ok
    17:16:45.0365 6480 T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
    17:16:45.0375 6480 T2Fltr - ok
    17:16:45.0405 6480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:16:45.0415 6480 TabletInputService - ok
    17:16:45.0445 6480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:16:45.0445 6480 TapiSrv - ok
    17:16:45.0465 6480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:16:45.0475 6480 TBS - ok
    17:16:45.0665 6480 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:16:45.0695 6480 Tcpip - ok
    17:16:45.0905 6480 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:16:45.0915 6480 TCPIP6 - ok
    17:16:45.0975 6480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:16:45.0975 6480 tcpipreg - ok
    17:16:46.0015 6480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:16:46.0015 6480 TDPIPE - ok
    17:16:46.0045 6480 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:16:46.0055 6480 TDTCP - ok
    17:16:46.0115 6480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:16:46.0115 6480 tdx - ok
    17:16:46.0145 6480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:16:46.0145 6480 TermDD - ok
    17:16:46.0205 6480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:16:46.0215 6480 TermService - ok
    17:16:46.0225 6480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:16:46.0225 6480 Themes - ok
    17:16:46.0245 6480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:16:46.0245 6480 THREADORDER - ok
    17:16:46.0265 6480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:16:46.0265 6480 TrkWks - ok
    17:16:46.0335 6480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:16:46.0335 6480 TrustedInstaller - ok
    17:16:46.0375 6480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:16:46.0375 6480 tssecsrv - ok
    17:16:46.0445 6480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:16:46.0455 6480 TsUsbFlt - ok
    17:16:46.0825 6480 TuneUp.UtilitiesSvc (dc0f2a0c445ef104bc240954d3a460c2) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    17:16:46.0835 6480 TuneUp.UtilitiesSvc - ok
    17:16:46.0885 6480 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
    17:16:46.0885 6480 TuneUpUtilitiesDrv - ok
    17:16:47.0045 6480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:16:47.0045 6480 tunnel - ok
    17:16:47.0075 6480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:16:47.0075 6480 uagp35 - ok
    17:16:47.0135 6480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:16:47.0155 6480 udfs - ok
    17:16:47.0195 6480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:16:47.0205 6480 UI0Detect - ok
    17:16:47.0225 6480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:16:47.0235 6480 uliagpkx - ok
    17:16:47.0275 6480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:16:47.0285 6480 umbus - ok
    17:16:47.0305 6480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:16:47.0325 6480 UmPass - ok
    17:16:47.0375 6480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:16:47.0385 6480 upnphost - ok
    17:16:47.0425 6480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    17:16:47.0435 6480 usbaudio - ok
    17:16:47.0465 6480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:16:47.0465 6480 usbccgp - ok
    17:16:47.0505 6480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:16:47.0515 6480 usbcir - ok
    17:16:47.0535 6480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:16:47.0545 6480 usbehci - ok
    17:16:47.0595 6480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:16:47.0605 6480 usbhub - ok
    17:16:47.0625 6480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    17:16:47.0635 6480 usbohci - ok
    17:16:47.0645 6480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:16:47.0645 6480 usbprint - ok
    17:16:47.0685 6480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:16:47.0695 6480 USBSTOR - ok
    17:16:47.0715 6480 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:16:47.0715 6480 usbuhci - ok
    17:16:47.0735 6480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:16:47.0745 6480 UxSms - ok
    17:16:47.0765 6480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:16:47.0765 6480 VaultSvc - ok
    17:16:47.0795 6480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:16:47.0795 6480 vdrvroot - ok
    17:16:47.0885 6480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:16:47.0905 6480 vds - ok
    17:16:47.0915 6480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:16:47.0925 6480 vga - ok
    17:16:47.0935 6480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:16:47.0945 6480 VgaSave - ok
    17:16:47.0975 6480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:16:47.0975 6480 vhdmp - ok
    17:16:47.0995 6480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:16:48.0005 6480 viaide - ok
    17:16:48.0055 6480 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
    17:16:48.0065 6480 VJoystick - ok
    17:16:48.0115 6480 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
    17:16:48.0115 6480 VKbms - ok
    17:16:48.0135 6480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:16:48.0135 6480 volmgr - ok
    17:16:48.0195 6480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:16:48.0215 6480 volmgrx - ok
    17:16:48.0275 6480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:16:48.0275 6480 volsnap - ok
    17:16:48.0335 6480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:16:48.0335 6480 vsmraid - ok
    17:16:48.0505 6480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:16:48.0535 6480 VSS - ok
    17:16:48.0615 6480 vToolbarUpdater (69869a0e6380831d8582378cc5e46e7e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    17:16:48.0615 6480 vToolbarUpdater - ok
    17:16:48.0745 6480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    17:16:48.0745 6480 vwifibus - ok
    17:16:48.0795 6480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:16:48.0795 6480 vwififlt - ok
    17:16:48.0825 6480 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:16:48.0835 6480 vwifimp - ok
    17:16:48.0895 6480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:16:48.0905 6480 W32Time - ok
    17:16:48.0925 6480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:16:48.0925 6480 WacomPen - ok
    17:16:48.0985 6480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:16:48.0995 6480 WANARP - ok
    17:16:49.0015 6480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:16:49.0025 6480 Wanarpv6 - ok
    17:16:49.0185 6480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:16:49.0225 6480 WatAdminSvc - ok
    17:16:49.0345 6480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:16:49.0365 6480 wbengine - ok
    17:16:49.0475 6480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:16:49.0495 6480 WbioSrvc - ok
    17:16:49.0565 6480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:16:49.0575 6480 wcncsvc - ok
    17:16:49.0585 6480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:16:49.0595 6480 WcsPlugInService - ok
    17:16:49.0625 6480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:16:49.0635 6480 Wd - ok
    17:16:49.0695 6480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:16:49.0705 6480 Wdf01000 - ok
    17:16:49.0735 6480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:16:49.0745 6480 WdiServiceHost - ok
    17:16:49.0745 6480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:16:49.0745 6480 WdiSystemHost - ok
    17:16:49.0815 6480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:16:49.0815 6480 WebClient - ok
    17:16:49.0845 6480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:16:49.0855 6480 Wecsvc - ok
    17:16:49.0875 6480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:16:49.0875 6480 wercplsupport - ok
    17:16:49.0915 6480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:16:49.0915 6480 WerSvc - ok
    17:16:49.0955 6480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:16:49.0955 6480 WfpLwf - ok
    17:16:49.0975 6480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:16:49.0975 6480 WIMMount - ok
    17:16:49.0995 6480 WinDefend - ok
    17:16:50.0015 6480 WinHttpAutoProxySvc - ok
    17:16:50.0085 6480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:16:50.0095 6480 Winmgmt - ok
    17:16:50.0245 6480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:16:50.0305 6480 WinRM - ok
    17:16:50.0445 6480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:16:50.0455 6480 WinUsb - ok
    17:16:50.0565 6480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:16:50.0575 6480 Wlansvc - ok
    17:16:50.0625 6480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:16:50.0635 6480 wlcrasvc - ok
    17:16:50.0935 6480 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:16:50.0965 6480 wlidsvc - ok
    17:16:51.0055 6480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:16:51.0065 6480 WmiAcpi - ok
    17:16:51.0135 6480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:16:51.0145 6480 wmiApSrv - ok
    17:16:51.0195 6480 WMPNetworkSvc - ok
    17:16:51.0215 6480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:16:51.0215 6480 WPCSvc - ok
    17:16:51.0255 6480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:16:51.0265 6480 WPDBusEnum - ok
    17:16:51.0285 6480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:16:51.0295 6480 ws2ifsl - ok
    17:16:51.0325 6480 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    17:16:51.0335 6480 wscsvc - ok
    17:16:51.0365 6480 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:16:51.0365 6480 WSDPrintDevice - ok
    17:16:51.0375 6480 WSearch - ok
    17:16:51.0435 6480 WSWNA1100 (3e366f57cbb540c965bab1f2be6d7998) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    17:16:51.0445 6480 WSWNA1100 - ok
    17:16:51.0635 6480 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:16:51.0665 6480 wuauserv - ok
    17:16:51.0755 6480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:16:51.0755 6480 WudfPf - ok
    17:16:51.0915 6480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:16:51.0915 6480 WUDFRd - ok
    17:16:51.0955 6480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:16:51.0955 6480 wudfsvc - ok
    17:16:52.0005 6480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:16:52.0025 6480 WwanSvc - ok
    17:16:52.0065 6480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:16:52.0085 6480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    17:16:52.0085 6480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    17:16:52.0095 6480 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1
    17:16:57.0835 6480 \Device\Harddisk1\DR1 - ok
    17:16:57.0835 6480 Boot (0x1200) (4fe36b9915f5d861cadb67c857178eaf) \Device\Harddisk0\DR0\Partition0
    17:16:57.0845 6480 \Device\Harddisk0\DR0\Partition0 - ok
    17:16:57.0845 6480 Boot (0x1200) (031b08983b8d8d8d81430848a32777df) \Device\Harddisk0\DR0\Partition1
    17:16:57.0855 6480 \Device\Harddisk0\DR0\Partition1 - ok
    17:16:57.0855 6480 Boot (0x1200) (3ba5e1251f1849875eab8fc6ab856c90) \Device\Harddisk1\DR1\Partition0
    17:16:57.0855 6480 \Device\Harddisk1\DR1\Partition0 - ok
    17:16:57.0855 6480 ============================================================
    17:16:57.0855 6480 Scan finished
    17:16:57.0855 6480 ============================================================
    17:16:57.0865 6804 Detected object count: 1
    17:16:57.0865 6804 Actual detected object count: 1
    17:17:11.0425 6804 \Device\Harddisk0\DR0\# - copied to quarantine
    17:17:11.0425 6804 \Device\Harddisk0\DR0 - copied to quarantine
    17:17:11.0465 6804 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    17:17:11.0465 6804 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    17:17:11.0475 6804 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    17:17:11.0475 6804 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    17:17:11.0485 6804 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    17:17:11.0495 6804 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    17:17:11.0495 6804 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    17:17:11.0525 6804 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    17:17:11.0525 6804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    17:17:11.0525 6804 \Device\Harddisk0\DR0 - ok
    17:17:15.0365 6804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    17:17:31.0875 6496 Deinitialize success
     
  8. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-04 17:29:30
    -----------------------------
    17:29:30.109 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:29:30.109 Number of processors: 6 586 0xA00
    17:29:30.109 ComputerName: MOTHERSHIP1 UserName: cdogg
    17:29:33.229 Initialize success
    17:30:15.221 AVAST engine defs: 12070400
    17:30:43.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:30:43.921 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
    17:30:43.951 Disk 0 MBR read successfully
    17:30:43.961 Disk 0 MBR scan
    17:30:43.971 Disk 0 Windows 7 default MBR code
    17:30:43.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    17:30:44.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    17:30:44.021 Disk 0 scanning C:\Windows\system32\drivers
    17:30:54.861 Service scanning
    17:31:13.131 Modules scanning
    17:31:13.141 Disk 0 trace - called modules:
    17:31:13.161 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    17:31:13.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a15060]
    17:31:13.171 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> [0xfffffa80079629b0]
    17:31:13.181 5 ACPI.sys[fffff88000ec17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a08680]
    17:31:16.131 AVAST engine scan C:\Windows
    17:31:21.241 AVAST engine scan C:\Windows\system32
    17:34:28.172 AVAST engine scan C:\Windows\system32\drivers
    17:34:39.122 AVAST engine scan C:\Users\cdogg
    17:38:24.142 AVAST engine scan C:\ProgramData
    17:41:26.752 Scan finished successfully
    17:41:55.062 Disk 0 MBR has been saved successfully to "C:\Users\cdogg\Desktop\MBR.dat"
    17:41:55.062 The log file has been saved successfully to "C:\Users\cdogg\Desktop\aswMBR.txt"
     
  9. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    RougeKiller Log

    RogueKiller V7.6.2 [07/02/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: cdogg [Admin rights]
    Mode: Scan -- Date: 07/04/2012 17:47:07
    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 5 ¤¤¤
    [SUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
     
  10. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    Now the good news. I'm not sure what all the reports revealed but the music/ads have stopped playing when I start IE or open Outlook. Good news it seems.
     
  11. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    The TDSS Killer seemed to be the one to knock it out. Stopped soon after that ran.

    Ran Malwarebytes again (quick scan) and it did not detect the Trojan.agent anylonger.

    Next question, should we worry about the external drive being infected???

    Finally, I'd like to make a donation for all your efforts, I can simply follow the link at the bottom of your posts correct???
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Good :)

    Yeah you had a rootkit which was removed by TDSSKiller.

    Please post fresh Combofix log.
     
  13. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    Hopefully last combo fix log


    ComboFix 12-07-04.04 - cdogg 07/04/2012 23:02:35.3.6 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5502 [GMT -4:00]
    Running from: c:\users\cdogg\Desktop\ComboFix.exe
    AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-07-05 01:04 . 2012-07-05 01:04 -------- d-----w- c:\programdata\AVG Secure Search
    2012-07-04 21:17 . 2012-07-04 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-04 19:12 . 2012-07-04 23:39 -------- d-----w- C:\FRST
    2012-07-04 14:48 . 2012-07-04 14:48 -------- d-----w- c:\users\cdogg\AppData\Roaming\HPAppData
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\users\cdogg\AppData\Roaming\Malwarebytes
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-04 02:20 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-04 00:27 . 2011-12-14 16:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
    2012-07-04 00:27 . 2011-12-14 16:46 25920 ----a-w- c:\windows\system32\authuitu.dll
    2012-07-04 00:27 . 2011-12-14 16:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
    2012-07-04 00:25 . 2012-07-05 01:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-07-04 00:25 . 2012-07-05 01:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-07-04 00:25 . 2012-07-04 00:25 -------- d--h--w- c:\programdata\Common Files
    2012-07-04 00:24 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
    2012-07-03 22:13 . 2012-07-03 22:14 -------- d-----w- C:\8973daadc5ee177a10a1
    2012-06-24 14:38 . 2012-06-24 14:38 -------- d-----w- c:\windows\en
    2012-06-24 14:34 . 2012-06-24 14:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-24 14:30 . 2012-06-24 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f2779cd91cd521502\MeshBetaRemover.exe
    2012-06-24 14:30 . 2012-06-24 14:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DSETUP.dll
    2012-06-24 14:30 . 2012-06-24 14:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DXSETUP.exe
    2012-06-24 14:30 . 2012-06-24 14:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\dsetup32.dll
    2012-06-23 12:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 12:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 12:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 12:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 12:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 12:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 12:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 12:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 12:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-16 18:25 . 2012-06-16 18:25 -------- d-----w- c:\users\cdogg\AppData\Local\The Witcher 2
    2012-06-16 15:49 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\The Witcher 2
    2012-06-15 03:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-15 03:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-15 03:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-15 03:56 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-15 03:56 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-15 03:56 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-15 03:56 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-15 03:56 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-15 03:56 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-15 03:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-15 03:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-15 03:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-15 03:55 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-15 03:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-15 03:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-15 03:55 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-15 03:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-12 10:57 . 2012-04-27 16:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 10:57 . 2011-08-07 02:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-22 21:03 . 2012-05-22 21:02 1164080 ----a-w- c:\windows\M4A89GTD-PRO-USB3-ASUS-3027.zip
    2012-05-22 20:48 . 2012-05-22 20:49 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2012-05-22 20:48 . 2012-05-22 20:49 412264 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    2012-05-22 20:48 . 2011-03-21 17:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
    2012-05-22 20:36 . 2012-05-22 20:36 16896 ----a-w- c:\windows\AsTaskSched.dll
    2012-05-05 02:35 . 2012-05-05 02:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
    2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
    2012-05-02 11:55 . 2011-02-12 18:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-07-04_13.00.11 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-03-10 02:51 . 2012-07-04 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-03-10 02:51 . 2012-07-04 20:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-07-04 13:57 . 2012-07-04 13:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
    + 2012-07-03 12:28 . 2012-07-04 19:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    - 2012-07-03 12:28 . 2012-07-04 12:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    + 2012-07-04 13:19 . 2012-07-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070420120705\index.dat
    - 2012-07-03 12:28 . 2012-07-04 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-07-03 12:28 . 2012-07-04 20:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-07-04 13:57 . 2012-07-04 13:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
    + 2011-02-12 17:08 . 2012-07-04 23:06 63866 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-07-04 23:06 35424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-02-12 16:57 . 2012-07-04 23:06 21206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4101788207-3307439777-1475344421-1000_UserData.bin
    + 2011-06-17 14:41 . 2012-07-04 18:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-06-17 14:41 . 2012-05-22 00:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-12 19:29 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-12 19:29 . 2012-07-05 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-12 19:29 . 2012-07-05 00:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-12 19:29 . 2012-07-04 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-07-05 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-05 03:17 . 2012-07-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-07-05 03:17 . 2012-07-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-07-14 04:54 . 2012-07-05 01:04 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 02:36 . 2012-06-16 16:28 671952 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-07-04 18:10 671952 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-16 16:28 126078 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-07-04 18:10 126078 c:\windows\system32\perfc009.dat
    - 2009-07-14 05:12 . 2012-02-17 02:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-07-04 19:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2012-07-04 12:57 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-07-05 03:16 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-07-05 01:04 6832128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-02-12 21:59 . 2012-07-05 03:16 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-02-12 21:59 . 2012-07-04 12:57 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2012-07-03 21:13 . 2012-07-04 21:17 4099744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-07-05 01:04 11780096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-19 05:17 . 2012-07-05 03:16 29440536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4101788207-3307439777-1475344421-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
    c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
    2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-05 01:04 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-05-09 176936]
    "{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-07-05 2068536]
    .
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    .
    [HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\cdogg\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-12 557056]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-01-13 43608]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-05 1104440]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-2-12 4562944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
    .
    R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
    R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
    R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120704.001\IDSvia64.sys [2012-06-14 509088]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
    S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
    S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-07-05 935480]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-05-22 412264]
    S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys [2011-01-16 22912]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
    S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [2010-09-30 13312]
    S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-01-22 16:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 10:57]
    .
    2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
    - c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
    .
    2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
    - c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = localhost;<local>
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
    FF - ProfilePath - c:\users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
    5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
    eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
    "{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22,
    a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
    06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
    "{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
    07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6,
    81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9194649F-7143-4308-90C1-D6A35B0E354E}"=hex:51,66,7a,6c,4c,1d,38,12,f1,67,87,
    95,71,3f,66,06,ef,d7,95,e3,5e,50,71,5a
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
    f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
    "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
    fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
    51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:30,b7,56,e6,ec,59,cd,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-04 23:34:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-05 03:34
    ComboFix2.txt 2012-07-04 21:03
    ComboFix3.txt 2012-07-04 13:29
    .
    Pre-Run: 862,431,563,776 bytes free
    Post-Run: 862,593,712,128 bytes free
    .
    - - End Of File - - 3CA6C4DAF27779E2BDDEE416173019B5
     
  14. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    question: 1) can I now get rid of all the saved logs I've been keeping?

    2) is it safe to delete the MBR file created for the desktop during all the scans

    3) is it safe to attach the external drive?
     
  15. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Combofix log looks good.

    1. I'll let you know.
    2. Yes.
    3. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device. Then at some point scan it with your AV program.

    Next....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    going to rack out, but tomorrow I'll start back with the aforementioned instructions and post the appropriate logs. big thanks and deep bows for your help. I promise I will donate tomorrow (though I know it is not necessary)
     
  17. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    OTL log from this morning

    OTL logfile created on: 7/5/2012 7:41:11 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
    14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
    Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
    Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

    Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
    PRC - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    PRC - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/02/12 15:01:11 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
    PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/07/15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
    PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
    PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
    PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/04 21:04:49 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
    MOD - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
    MOD - [2010/06/01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll
    MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
    MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
    MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
    MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
    SRV - [2012/06/12 06:57:50 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
    SRV - [2012/03/25 23:36:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/14 12:47:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
    SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
    SRV - [2009/11/05 17:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/22 16:48:31 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2012/05/02 07:55:44 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/03/29 02:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
    DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/01/13 15:08:57 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 20:27:56 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
    DRV:64bit: - [2011/01/16 13:58:08 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\T2Fltr.sys -- (T2Fltr)
    DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
    DRV:64bit: - [2010/09/30 10:53:58 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VJoystick.sys -- (VJoystick)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/11/10 04:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
    DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2008/05/15 03:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
    DRV:64bit: - [2007/01/23 16:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2007/01/23 16:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV - [2012/07/04 20:49:28 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\ex64.sys -- (NAVEX15)
    DRV - [2012/07/04 20:49:28 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\eng64.sys -- (NAVENG)
    DRV - [2012/07/03 22:19:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120704.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/05/30 23:14:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/12/12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 42 9A 68 FD 59 CD 01 [binary data]
    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
     
  18. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    OTL part 2

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/02 08:06:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/07/05 07:05:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/07/04 21:04:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 12:57:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 00:00:20 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]

    [2011/04/23 15:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Extensions
    [2012/07/04 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions
    [2012/05/18 20:43:14 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    [2012/05/27 14:42:33 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\appbar@alot.com
    [2012/05/27 14:41:47 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\plugin@videofiledownload.com
    [2011/05/13 09:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/05/13 09:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2012/05/21 12:57:43 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
    [2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/07/04 21:04:45 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2304157
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: VideoFileDownload = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
    CHR - Extension: Norton Identity Protection = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
    CHR - Extension: Gmail = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/07/04 23:17:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
    O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll (VideoFileDownload)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
    O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000..\Run: [Akamai NetSession Interface] C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D254D2-1360-493F-8C98-4BA78C645981}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/07/05 07:33:04 | 000,000,000 | -HS- | M] () - E:\autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2012/07/05 07:37:44 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/05 07:40:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
    [2012/07/05 07:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2012/07/05 07:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    [2012/07/05 07:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
    [2012/07/04 23:34:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/04 23:19:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\AVG Secure Search
    [2012/07/04 23:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/04 21:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/07/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\RK_Quarantine
    [2012/07/04 17:17:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/04 17:15:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\tdsskiller
    [2012/07/04 17:14:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
    [2012/07/04 15:12:44 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/04 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\HPAppData
    [2012/07/04 08:41:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/04 08:41:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/04 08:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/04 08:37:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/04 08:33:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/04 08:26:52 | 004,571,247 | R--- | C] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
    [2012/07/03 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\Malwarebytes
    [2012/07/03 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/03 22:20:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/03 20:27:04 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
    [2012/07/03 20:27:01 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
    [2012/07/03 20:27:01 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
    [2012/07/03 20:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
    [2012/07/03 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/07/03 20:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/07/03 20:25:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/07/03 20:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
    [2012/07/03 18:13:33 | 000,000,000 | ---D | C] -- C:\8973daadc5ee177a10a1
    [2012/06/24 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F6C4472-9867-469B-BD19-EEAFB50D65FC}
    [2012/06/24 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{3F1F5EC3-D9B6-4F7F-B274-EE8FCD9FF326}
    [2012/06/24 10:38:08 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/06/24 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A9DA36BB-8E18-4A68-B18E-72C6AC5E4622}
    [2012/06/24 10:30:07 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A0261B66-7107-4D63-A43A-674735BAEA7B}
    [2012/06/24 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{DA2E36D8-3290-48C7-9DB0-AC57047F00F2}
    [2012/06/24 10:29:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{14223F85-F2A5-423D-BBDB-07E5911BDECD}
    [2012/06/24 10:29:38 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4ACE3DB2-2F6E-4844-B089-9F9D3A8E3695}
    [2012/06/24 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{B84F3D9E-17F9-4077-A9F4-4C6178337CEE}
    [2012/06/24 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{996F26B0-BCD4-419C-AA95-C917650D4070}
    [2012/06/24 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{26E0C199-863D-4834-9545-C63BBB59E3D0}
    [2012/06/24 10:28:50 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{1E512A57-A1FE-4F03-9602-1C34799EA9C7}
    [2012/06/24 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{810F3454-77CF-4CEE-870F-7F72B1401ADB}
    [2012/06/24 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8C293ACF-6298-4947-9758-1D6DC39FDAA2}
    [2012/06/24 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{7B8B9561-CBCD-4ACF-A348-A8A107D143DB}
    [2012/06/24 10:26:52 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4DA0D27D-E643-47BD-B792-9DC632EF8B35}
    [2012/06/24 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{D03F2C5E-C69E-4CC3-AD8E-F3F63C78F861}
    [2012/06/24 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F98346C-15B0-4AFE-95A8-67C0C16EAD37}
    [2012/06/24 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{0DA02574-F956-43DE-BBE1-71DE828D4464}
    [2012/06/24 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{E69D1D9C-556A-4513-BC5B-17547717D8E8}
    [2012/06/24 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{95EFAD8B-DD59-4BC6-B6AF-1F9DFFF6D059}
    [2012/06/24 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6A4C0581-F508-4703-98B0-92A281352A20}
    [2012/06/24 10:25:35 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{99822CDD-752A-4188-BDDB-8B81376A4C5E}
    [2012/06/24 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{2A4F2857-0E1E-4C8C-BFD0-35A2EF6841E2}
    [2012/06/24 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8D34F3E6-D6FF-45E6-9DDB-9B65987F211C}
    [2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Documents\Witcher 2
    [2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\The Witcher 2
    [2012/06/16 12:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
    [2012/06/16 11:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Witcher 2
    [2012/06/15 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\Ebay
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
    [2012/07/05 07:37:09 | 000,823,346 | ---- | M] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
    [2012/07/05 07:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/05 07:33:46 | 000,796,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/05 07:33:46 | 000,671,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/05 07:33:46 | 000,126,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/05 07:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
    [2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/05 07:05:12 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
    [2012/07/05 07:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/05 07:04:11 | 1743,347,711 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/05 00:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
    [2012/07/04 23:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/04 17:14:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
    [2012/07/04 17:13:16 | 002,116,179 | ---- | M] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
    [2012/07/04 16:21:55 | 004,571,247 | R--- | M] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
    [2012/07/04 14:24:26 | 565,692,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/03 22:20:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/03 20:26:44 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
    [2012/07/03 20:26:44 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    [2012/07/03 09:15:17 | 000,774,394 | ---- | M] () -- C:\Users\cdogg\Desktop\zach rec.pdf
    [2012/07/02 20:15:11 | 000,002,404 | ---- | M] () -- C:\Users\cdogg\Desktop\Google Chrome.lnk
    [2012/07/01 15:41:25 | 000,003,721 | ---- | M] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
    [2012/06/16 12:28:35 | 000,790,278 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/16 12:17:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
    [2012/06/15 00:44:18 | 000,430,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/05 07:37:07 | 000,823,346 | ---- | C] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
    [2012/07/04 17:13:10 | 002,116,179 | ---- | C] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
    [2012/07/04 08:41:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/04 08:41:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/04 08:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/04 08:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/04 08:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/03 22:20:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/03 20:26:44 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
    [2012/07/03 20:26:43 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
    [2012/07/03 20:26:29 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
    [2012/07/03 09:15:17 | 000,774,394 | ---- | C] () -- C:\Users\cdogg\Desktop\zach rec.pdf
    [2012/07/01 15:41:22 | 000,003,721 | ---- | C] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
    [2012/06/16 12:17:22 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
    [2012/05/27 16:45:44 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test two with xfire unigine_20120527_1645.html
    [2012/05/27 14:53:43 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test one unigine_20120527_1453.html
    [2012/05/27 14:47:09 | 000,003,072 | ---- | C] () -- C:\Users\cdogg\AppData\Local\file__0.localstorage
    [2012/05/22 16:52:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/05/22 16:52:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/05/22 16:27:59 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/05/22 16:27:59 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/05/22 16:21:57 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/05/21 13:10:24 | 000,208,672 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
    [2012/05/21 13:10:24 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
    [2012/05/21 12:53:27 | 000,173,199 | ---- | C] () -- C:\Windows\hpoins40.dat
    [2012/05/21 12:53:27 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
    [2012/05/02 22:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/01/20 13:10:23 | 000,030,002 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp20.html
    [2012/01/13 14:58:32 | 000,028,607 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp56.html
    [2012/01/13 14:57:47 | 000,001,955 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp1.html
    [2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
    [2011/09/29 11:26:04 | 000,028,160 | ---- | C] () -- C:\Users\cdogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/05/19 11:16:36 | 000,001,940 | ---- | C] () -- C:\Users\cdogg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/04/23 15:37:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/02/12 19:11:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/02/12 15:40:36 | 000,000,093 | ---- | C] () -- C:\Users\cdogg\AppData\Local\fusioncache.dat
    [2011/02/12 15:38:36 | 000,790,278 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/12 15:00:16 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2011/02/12 13:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2008/03/08 17:53:33 | 000,000,003 | ---- | C] () -- C:\Users\cdogg\My Documentslang.ini

    ========== LOP Check ==========

    [2011/02/12 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Belkin
    [2012/03/19 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\ChessBase
    [2011/05/19 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\FileZilla
    [2012/03/03 11:37:21 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Garmin
    [2012/05/20 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TeamViewer
    [2011/03/18 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\The Creative Assembly
    [2011/03/11 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Tific
    [2012/01/29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TuneUp Software
    [2011/02/12 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Turbine
    [2011/03/04 09:46:13 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Win7codecs
    [2012/06/02 19:24:43 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
    < End of report >
     
  19. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    OTL Extras

    OTL Extras logfile created on: 7/5/2012 7:41:11 AM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
    14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
    Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
    Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

    Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0033750A-00EE-46C5-BB2E-AFE2938EA091}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08F5FAF5-3960-4AEA-A723-483273EE988D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{0C245F6D-DEEA-4420-B2A4-68AA24902607}" = lport=139 | protocol=6 | dir=in | app=system |
    "{12F216B3-5594-4E8A-84AE-04AF096FCB64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{1A4B06EE-64B9-4F23-8B19-47365F46BEDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{206174B1-7B82-4733-817F-5841364B6E9B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{32F28A25-EC37-434A-B32F-2E9B72E64E06}" = rport=445 | protocol=6 | dir=out | app=system |
    "{340A8656-7AE5-4A6B-B568-99FE75296962}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3448676D-C2F0-4DE5-9EE7-2DC5100A8102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3C81798E-525A-4E8A-B068-80CB0DD4CEB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{421D1689-D0E8-4721-B7C5-20C18C95F53A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{42D265BD-F389-482A-9C69-E8AE1D50AD67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{5003A548-B448-4D14-894F-5824996C2901}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{51CDF072-2FC6-407F-8098-2C140F1A94AE}" = rport=137 | protocol=17 | dir=out | app=system |
    "{737D3E1F-E747-4360-BAAD-40E4AA09CF8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{8F468B9E-99B7-404E-848A-16425BAD3501}" = rport=139 | protocol=6 | dir=out | app=system |
    "{910D6FD4-B6AB-4D63-93C6-F0CD16424522}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{9F5F3969-3271-4C56-8DC5-04713DCE69FD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{A354DCC6-A103-4878-BFFE-4F9AFEA7B150}" = lport=137 | protocol=17 | dir=in | app=system |
    "{AA601A61-B257-49F0-866A-B97D8EC55461}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{AB054356-8935-4842-B343-7ACD0584735E}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B6A369A1-6481-4B3D-A44C-79F371486D19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BF7613EA-7DF0-49F7-8AAA-085D45EFF4C8}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
    "{C0A55FCE-8845-4A99-89C6-610AEA7D0F96}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{D55A24BD-956E-4AC0-BA20-80DD810E36FA}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{DF98E61E-A357-496A-A06A-57FF257E699C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E24911DF-119C-48C7-A80D-AE82AC1FE043}" = rport=138 | protocol=17 | dir=out | app=system |
    "{F355526D-F8E2-4909-A387-0CBBB1B2B5C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{034A5725-01E2-4990-89AD-7947446BE76F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{090C55AA-44EB-4BF4-A067-807B2D01A3DA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{0CB76765-03E5-4212-851A-B2D0336AB3F6}" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
    "{113298C4-9340-4806-ACFD-E71FEFAAC2DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "{1168B419-BB30-4D4D-9AA7-26C7AA63BE1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{143961A3-D582-422E-8509-A1CC309B0DE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{1F8BE0D4-9FC5-4ED8-8BA5-7F1844AFB480}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "{22CA6DB2-0AA4-43B9-926E-6B799E6F2154}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{258FCE23-1732-4500-83CA-8149DD241591}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{2A0A26C7-8082-4CD7-8FB9-4BF0878E5298}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2EBDEF2A-0630-4760-B5AE-BDDC75D1E0DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{36AD416D-7EC6-4E03-BC07-1939DB1507EE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{3DE5519A-A646-4E45-B028-CC0A72632160}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{3F587ED6-8AC1-4849-A3F8-8C3E925F1D72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{40CF9A73-7CCA-48FB-862A-F65C41C5BD9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{432C9D38-02AC-4279-A3E5-F7E20B3AFA36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{44093A77-FCC9-4325-897B-A1736C2FE38E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{4788C395-027D-4C43-B8F9-9DC88ECA3D69}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{49E26066-DFDE-435D-8BE5-375245C80965}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "{4AB06E50-1B66-41E2-BFA1-E81D44A149E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{563E539E-EE05-4CB2-88B7-1CEE93E3A3B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{574C8642-9861-46F9-8FF2-AA3E83622630}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5BBE3FA2-0DC0-4836-BC78-5758AFAC8C3A}" = dir=in | app=d:\setup\hpznui40.exe |
    "{5CF665CD-EF6C-4626-9A9A-EAF46247C565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{5E352939-D175-4F09-AD87-FB40CF98F013}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "{60760BAC-0451-42A0-9700-DF0512678FF9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{64923F2D-C848-45B7-8382-9EDA44EE9F39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{666E1851-6530-46F4-BEA9-D9E330E70CEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "{6B9F84DF-6D21-4D17-999A-05407AF7938B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{6C9161AC-F9EC-4327-A24D-55B26588C2AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{713EDD61-7B5D-41C1-BA7F-DEBDC3469A42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{726B479E-5F61-4937-A430-D70C3CED3220}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{77205D41-14F8-4664-826A-215940693054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7AF13FC1-398C-486C-B631-1BBF91606009}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{7B2F2C32-5C13-4439-8960-D582FD2617F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{8379370A-4747-454A-A718-26954116BDBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{839E3C8D-246A-4A6C-B121-152A0770011D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{84643AF5-985A-4417-B180-70D5073AA005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{86E354A1-896F-4BD7-B042-2CBE7ED3215B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8C558697-D5B8-4D57-968A-96151D935522}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "{8DB26C6D-411C-4BF0-BD94-296079F9FD23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{9A26B0A4-AA51-4A16-9715-C3A561C14DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9A7F85F8-F6D7-427F-994F-0796E8F284DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "{9B44295A-29F4-482B-83B4-801B13744D0F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{9D58B0E5-7998-47FC-8282-4C27F8671B9D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{A101EC72-710B-4679-9CE1-6EBE746C4A35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A647E5B2-1F56-4674-A960-038423FDAF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A8136A3F-F666-4BE3-9CA9-4810A2EA0045}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A9CD48EA-8FC6-4ECF-B535-DE0C2CBF7438}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{AA868EC1-9F5F-4126-887E-1411A91320C3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{B334F282-4E34-449F-9CC6-A0B0714DFD62}" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
    "{B4DB5119-1FBA-4E8F-AC37-5A40C5CF9541}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B6291112-9279-4FE5-B02C-38A3FBA5D7A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{BADBE6C7-1B95-40E2-B500-F5F2DA10F04C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BC6CDA11-1B9C-4A44-8D8D-6EB66A00DB3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D07C8D38-CA11-4390-A7ED-B1D74A7EC618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D8E58190-40E5-4EF7-8A3A-47F8B95C8678}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{DA6731B6-CC17-4A36-A0FF-B660BEAE5FD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{E037FE8F-7811-46A4-822B-19B7F962E38B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{E33E9C29-D116-499D-BD32-7FAEA7AA24DF}" = protocol=6 | dir=out | app=system |
    "{E5A00B13-E033-447C-9689-ADBA574A2073}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F18BF587-0E00-4383-9D33-711A9859844C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{F71D8C7A-5363-4016-8B58-5CB70E18530E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{F79299CF-4DBE-4921-AE8C-468929D5FAEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{1350AB2C-D2FB-4EB4-87BF-E485BB3DD43E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "TCP Query User{1D919A8F-C21B-44AF-A0C8-4866265BFDA3}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
    "TCP Query User{92BC4AB5-CA72-4058-84A5-DDB0A424FD1D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "TCP Query User{C223AB9C-FD93-462D-A17A-D3CF15A98A0B}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{E310B7FE-B93C-412F-B420-2621CADD7D60}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{3B0854B9-66F3-45C3-9667-2085A635C3B4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "UDP Query User{97FBFD63-7F5A-4D8D-B4DE-60365680BCF9}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{B2F16716-5138-4D8D-B55F-2CDE3168F663}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
    "UDP Query User{D63A2736-7977-4354-9255-B4C96C2417EF}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{FC3A1435-459C-4AB2-A060-A5FA0B0190D1}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
    "{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "88C277C6E63CBDAF35A096E80A5B97A29A619D3A" = Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0)
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies
    "Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
    "WhoCrashed_is1" = WhoCrashed 3.03
     
  20. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    Extras Part 2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.2
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 25
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{375B0ACB-49BA-463E-96D0-E95F994DF594}" = AMD OverDrive Beta
    "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
    "{3FB61967-FF66-43B6-89F9-DF15FD9F3015}" = Razer Nostromo
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
    "{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}" = Razer Nostromo Firmware Updater
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
    "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
    "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "alotAppbar" = ALOT Appbar
    "AVG Secure Search" = AVG Security Toolbar
    "CameraUserGuide-PSELPH100HS_IXUS115HS" = Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
    "CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon MOV Decoder" = Canon MOV Decoder
    "Canon MOV Encoder" = Canon MOV Encoder
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Diablo III" = Diablo III
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "FileZilla Client" = FileZilla Client 3.4.0
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
    "MyCamera" = Canon Utilities MyCamera
    "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
    "N360" = Norton 360 Premier Edition
    "PhotoStitch" = Canon Utilities PhotoStitch
    "SMH10 Manager" = SMH10 Manager 1.3
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "Steam App 440" = Team Fortress 2
    "The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "vfd-adk" = VideoFileDownload
    "WinLiveSuite" = Windows Live Essentials
    "Xfire" = Xfire (remove only)
    "XfireXO Toolbar" = XfireXO Toolbar
    "Yahoo! Companion" = Yahoo! Toolbar
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/3/2012 10:13:14 AM | Computer Name = mothership1 | Source = VSS | ID = 8194
    Description =

    Error - 7/3/2012 8:28:36 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002df85 Faulting process
    id: 0x1e98 Faulting application start time: 0x01cd597a085aeca1 Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 3167bbbb-c56f-11e1-a033-bcaec5297ea8

    Error - 7/4/2012 12:45:18 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
    stamp: 0x4a5bc60f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x057afce4 Faulting process id: 0x16fc Faulting application
    start time: 0x01cd599d454a0620 Faulting application path: C:\Windows\SysWOW64\NOTEPAD.EXE
    Faulting
    module path: unknown Report Id: 0da3dbf6-c593-11e1-a71b-bcaec5297ea8

    Error - 7/4/2012 9:42:31 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
    0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time stamp:
    0x4fb58407 Exception code: 0xc00000fd Fault offset: 0x002b8839 Faulting process id:
    0x10c8 Faulting application start time: 0x01cd59e4e8f961fb Faulting application path:
    \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
    Report
    Id: 19dac301-c5de-11e1-bf5e-bcaec5297ea8

    Error - 7/4/2012 10:07:16 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16446, time
    stamp: 0x4fb57f7f Exception code: 0xc0000005 Fault offset: 0x0005d082 Faulting process
    id: 0xf9c Faulting application start time: 0x01cd59eb26b21cbe Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
    Report
    Id: 8f464af3-c5e1-11e1-bf5e-bcaec5297ea8

    Error - 7/4/2012 10:41:37 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: wmploc.dll_unloaded, version: 0.0.0.0, time
    stamp: 0x4ce7ba86 Exception code: 0xc0000005 Fault offset: 0x68ede474 Faulting process
    id: 0x20fc Faulting application start time: 0x01cd59ee8f08d12c Faulting application
    path: \\.\globalroot\systemroot\svchost.exe Faulting module path: wmploc.dll Report
    Id: 5b49509b-c5e6-11e1-bf5e-bcaec5297ea8

    Error - 7/4/2012 11:23:11 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
    stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
    id: 0xdf8 Faulting application start time: 0x01cd59f6cf873a94 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\OApps\bho_project.dll Report Id: 29e013d3-c5ec-11e1-bf5e-bcaec5297ea8

    Error - 7/4/2012 11:23:15 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
    time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
    stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
    id: 0x39f8 Faulting application start time: 0x01cd59f8edd52177 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\OApps\bho_project.dll Report Id: 2c703e2e-c5ec-11e1-bf5e-bcaec5297ea8

    Error - 7/4/2012 2:26:15 PM | Computer Name = mothership1 | Source = Microsoft Office 12 | ID = 2000
    Description = Accepted Safe Mode action : Microsoft Office Outlook.

    Error - 7/4/2012 3:15:13 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x3e316ea2 Faulting process id: 0x1214 Faulting application
    start time: 0x01cd5a16fd35c9cc Faulting application path: \\.\globalroot\systemroot\svchost.exe
    Faulting
    module path: unknown Report Id: 94049ee7-c60c-11e1-886d-bcaec5297ea8

    [ Media Center Events ]
    Error - 2/14/2011 4:00:34 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 3:00:33 PM - Failed to retrieve NetTV (Error: Invalid security token.)

    Error - 2/14/2011 4:01:38 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 3:01:38 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 2/14/2011 4:02:39 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 3:02:35 PM - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 4/28/2011 9:01:02 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 9:00:57 PM - Error connecting to the internet. 9:00:57 PM - Unable
    to contact server..

    Error - 5/5/2011 7:49:51 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 7:49:51 AM - Error connecting to the internet. 7:49:51 AM - Unable
    to contact server..

    Error - 5/5/2011 7:50:01 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 7:49:56 AM - Error connecting to the internet. 7:49:56 AM - Unable
    to contact server..

    Error - 5/12/2011 11:51:14 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 11:51:10 PM - Error connecting to the internet. 11:51:10 PM - Unable
    to contact server..

    Error - 5/26/2011 11:08:08 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 11:07:47 PM - Error connecting to the internet. 11:07:47 PM - Unable
    to contact server..

    Error - 5/27/2011 12:08:13 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
    Description = 12:08:12 AM - Error connecting to the internet. 12:08:12 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 3/15/2011 4:55:24 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 96
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 4/16/2011 11:08:10 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/20/2011 8:25:52 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/29/2011 2:51:19 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 12/22/2011 8:51:39 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 2/25/2012 9:51:43 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/10/2012 10:58:29 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/4/2012 11:17:43 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 7/4/2012 11:17:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/4/2012 11:17:53 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7034
    Description = The ASUS System Control Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 7/4/2012 11:18:38 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
    Description =

    Error - 7/4/2012 11:43:35 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/4/2012 11:43:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/4/2012 11:44:35 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
    Description =

    Error - 7/5/2012 7:04:25 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/5/2012 7:05:09 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
    Description = The AODDriver4.1 service failed to start due to the following error:
    %%2

    Error - 7/5/2012 7:05:25 AM | Computer Name = mothership1 | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>
      O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
      O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    OTL log after fix

    All processes killed
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :OTL> in the current context!
    Error: Unable to interpret <• IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>> in the current context!
    Error: Unable to interpret <• O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found> in the current context!
    Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
    Error: Unable to interpret <• O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)> in the current context!
    Error: Unable to interpret <• > in the current context!
    Error: Unable to interpret <• :Commands> in the current context!
    Error: Unable to interpret <• [purity]> in the current context!
    Error: Unable to interpret <• [emptytemp]> in the current context!
    Error: Unable to interpret <• [emptyjava]> in the current context!
    Error: Unable to interpret <• [emptyflash]> in the current context!
    Error: Unable to interpret <• [Reboot]> in the current context!

    OTL by OldTimer - Version 3.2.53.1 log created on 07052012_110609
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  23. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG Security Toolbar
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (3.6.14) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  24. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    FSS log

    Farbar Service Scanner Version: 02-07-2012
    Ran by cdogg (administrator) on 05-07-2012 at 11:15:34
    Running from "C:\Users\cdogg\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  25. carthage9000

    carthage9000 TS Rookie Topic Starter Posts: 42

    completed TFC. no log issued and no restart but did clean 880mb (?) of files.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.