Solved Unable to remove Trogan.Agent svchost.exe with Malwarebytes

here is the log of fix. unforunately, still music/ads playing. ugh.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012
Ran by SYSTEM at 2012-07-04 16:10:11 Run:1
Running from F:\
==============================================
C:\Windows\svchost.exe moved successfully.
==== End of Fixlog ====
 
running combofix now

ComboFix 12-07-04.04 - cdogg 07/04/2012 16:27:47.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5434 [GMT -4:00]
Running from: c:\users\cdogg\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 20:38 . 2012-07-04 20:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-04 19:12 . 2012-07-04 23:39 -------- d-----w- C:\FRST
2012-07-04 14:48 . 2012-07-04 14:48 -------- d-----w- c:\users\cdogg\AppData\Roaming\HPAppData
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\users\cdogg\AppData\Roaming\Malwarebytes
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 02:20 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 00:27 . 2011-12-14 16:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-04 00:27 . 2011-12-14 16:46 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-07-04 00:27 . 2011-12-14 16:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-04 00:25 . 2012-07-04 00:25 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-04 00:25 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-04 00:25 . 2012-07-04 00:25 -------- d--h--w- c:\programdata\Common Files
2012-07-04 00:24 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-03 22:13 . 2012-07-03 22:14 -------- d-----w- C:\8973daadc5ee177a10a1
2012-06-24 14:38 . 2012-06-24 14:38 -------- d-----w- c:\windows\en
2012-06-24 14:34 . 2012-06-24 14:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-24 14:30 . 2012-06-24 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f2779cd91cd521502\MeshBetaRemover.exe
2012-06-24 14:30 . 2012-06-24 14:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DSETUP.dll
2012-06-24 14:30 . 2012-06-24 14:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DXSETUP.exe
2012-06-24 14:30 . 2012-06-24 14:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\dsetup32.dll
2012-06-23 12:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 12:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 12:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 12:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 12:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 12:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 12:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 12:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 12:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 18:25 . 2012-06-16 18:25 -------- d-----w- c:\users\cdogg\AppData\Local\The Witcher 2
2012-06-16 15:49 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\The Witcher 2
2012-06-15 03:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 03:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 03:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 03:56 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 03:56 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 03:56 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 03:56 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 03:56 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-15 03:56 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 03:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-15 03:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-15 03:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-15 03:55 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-15 03:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-15 03:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 03:55 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 03:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 10:57 . 2012-04-27 16:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 10:57 . 2011-08-07 02:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 21:03 . 2012-05-22 21:02 1164080 ----a-w- c:\windows\M4A89GTD-PRO-USB3-ASUS-3027.zip
2012-05-22 20:48 . 2012-05-22 20:49 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-22 20:48 . 2012-05-22 20:49 412264 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-22 20:48 . 2011-03-21 17:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-22 20:36 . 2012-05-22 20:36 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-05-05 02:35 . 2012-05-05 02:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 11:55 . 2011-02-12 18:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-09-29 01:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-04-20 05:27 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-09-29 01:37 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-09-29 01:14 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_13.00.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-10 02:51 . 2012-07-04 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-10 02:51 . 2012-07-04 20:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 13:57 . 2012-07-04 13:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-07-03 12:28 . 2012-07-04 19:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-03 12:28 . 2012-07-04 12:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-04 13:19 . 2012-07-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070420120705\index.dat
- 2012-07-03 12:28 . 2012-07-04 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-03 12:28 . 2012-07-04 20:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-04 13:57 . 2012-07-04 13:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2011-02-12 17:08 . 2012-07-04 20:42 63312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 20:42 35384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-12 16:57 . 2012-07-04 20:42 21162 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4101788207-3307439777-1475344421-1000_UserData.bin
+ 2011-06-17 14:41 . 2012-07-04 18:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-06-17 14:41 . 2012-05-22 00:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-12 19:29 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 19:29 . 2012-07-04 19:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 19:29 . 2012-07-04 19:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-12 19:29 . 2012-07-04 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-04 19:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 20:40 . 2012-07-04 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 20:40 . 2012-07-04 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-04 20:41 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-06-16 16:28 671952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 18:10 671952 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-16 16:28 126078 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-04 18:10 126078 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-02-17 02:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-04 19:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-04 12:57 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-04 20:38 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-04 20:41 6832128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 21:59 . 2012-07-04 20:38 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-12 21:59 . 2012-07-04 12:57 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-03 21:13 . 2012-07-04 20:38 4099744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-04 20:41 11681792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-19 05:17 . 2012-07-04 20:38 29437360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4101788207-3307439777-1475344421-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-04 00:25 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-05-09 176936]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2012-07-04 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\cdogg\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-12 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-01-13 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-04 218440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-2-12 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120703.002\IDSvia64.sys [2012-06-14 509088]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2012-07-04 246600]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-05-22 412264]
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys [2011-01-16 22912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [2010-09-30 13312]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 10:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
- c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
- c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = localhost;<local>
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22,
a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6,
81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9194649F-7143-4308-90C1-D6A35B0E354E}"=hex:51,66,7a,6c,4c,1d,38,12,f1,67,87,
95,71,3f,66,06,ef,d7,95,e3,5e,50,71,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,b7,56,e6,ec,59,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
.
**************************************************************************
.
Completion time: 2012-07-04 17:03:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 21:03
ComboFix2.txt 2012-07-04 13:29
.
Pre-Run: 862,364,758,016 bytes free
Post-Run: 862,815,342,592 bytes free
.
- - End Of File - - AF5BE32AAFDF693E34339D60ED8A2682
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=======================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
 
TDSS Killer Log, others listed to follow.

17:16:04.0265 8060 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
17:16:05.0075 8060 ============================================================
17:16:05.0075 8060 Current date / time: 2012/07/04 17:16:05.0075
17:16:05.0075 8060 SystemInfo:
17:16:05.0075 8060
17:16:05.0075 8060 OS Version: 6.1.7601 ServicePack: 1.0
17:16:05.0075 8060 Product type: Workstation
17:16:05.0075 8060 ComputerName: MOTHERSHIP1
17:16:05.0075 8060 UserName: cdogg
17:16:05.0075 8060 Windows directory: C:\Windows
17:16:05.0075 8060 System windows directory: C:\Windows
17:16:05.0075 8060 Running under WOW64
17:16:05.0075 8060 Processor architecture: Intel x64
17:16:05.0075 8060 Number of processors: 6
17:16:05.0075 8060 Page size: 0x1000
17:16:05.0075 8060 Boot type: Normal boot
17:16:05.0075 8060 ============================================================
17:16:07.0135 8060 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:07.0145 8060 Drive \Device\Harddisk1\DR1 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:16:07.0155 8060 ============================================================
17:16:07.0155 8060 \Device\Harddisk0\DR0:
17:16:07.0155 8060 MBR partitions:
17:16:07.0155 8060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:16:07.0155 8060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:16:07.0155 8060 \Device\Harddisk1\DR1:
17:16:07.0155 8060 MBR partitions:
17:16:07.0155 8060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7797E0
17:16:07.0155 8060 ============================================================
17:16:07.0185 8060 C: <-> \Device\Harddisk0\DR0\Partition1
17:16:07.0185 8060 ============================================================
17:16:07.0185 8060 Initialize success
17:16:07.0185 8060 ============================================================
17:16:22.0395 6480 ============================================================
17:16:22.0395 6480 Scan started
17:16:22.0395 6480 Mode: Manual;
17:16:22.0395 6480 ============================================================
17:16:23.0625 6480 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:16:23.0635 6480 1394ohci - ok
17:16:23.0685 6480 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:16:23.0685 6480 ACPI - ok
17:16:23.0695 6480 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:16:23.0715 6480 AcpiPmi - ok
17:16:23.0805 6480 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:16:23.0805 6480 AdobeARMservice - ok
17:16:23.0985 6480 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:16:23.0995 6480 AdobeFlashPlayerUpdateSvc - ok
17:16:24.0085 6480 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:16:24.0115 6480 adp94xx - ok
17:16:24.0155 6480 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:16:24.0165 6480 adpahci - ok
17:16:24.0195 6480 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:16:24.0205 6480 adpu320 - ok
17:16:24.0245 6480 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:16:24.0245 6480 AeLookupSvc - ok
17:16:24.0345 6480 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:16:24.0355 6480 AFD - ok
17:16:24.0375 6480 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:16:24.0385 6480 agp440 - ok
17:16:24.0415 6480 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:16:24.0425 6480 ALG - ok
17:16:24.0445 6480 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:16:24.0445 6480 aliide - ok
17:16:24.0515 6480 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
17:16:24.0515 6480 AMD External Events Utility - ok
17:16:24.0595 6480 AMD FUEL Service - ok
17:16:24.0615 6480 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:16:24.0625 6480 amdide - ok
17:16:24.0685 6480 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:16:24.0695 6480 amdiox64 - ok
17:16:24.0715 6480 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:16:24.0715 6480 AmdK8 - ok
17:16:25.0625 6480 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
17:16:25.0785 6480 amdkmdag - ok
17:16:25.0965 6480 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
17:16:25.0965 6480 amdkmdap - ok
17:16:26.0005 6480 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:16:26.0005 6480 AmdPPM - ok
17:16:26.0085 6480 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:16:26.0105 6480 amdsata - ok
17:16:26.0155 6480 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:16:26.0165 6480 amdsbs - ok
17:16:26.0185 6480 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:16:26.0195 6480 amdxata - ok
17:16:26.0285 6480 AODDriver4.0 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:16:26.0295 6480 AODDriver4.0 - ok
17:16:26.0325 6480 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:16:26.0325 6480 AODDriver4.01 - ok
17:16:26.0345 6480 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:16:26.0345 6480 AODDriver4.1 - ok
17:16:26.0445 6480 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
17:16:26.0455 6480 AODService - ok
17:16:26.0505 6480 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:16:26.0525 6480 AppID - ok
17:16:26.0555 6480 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:16:26.0555 6480 AppIDSvc - ok
17:16:26.0605 6480 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:16:26.0605 6480 Appinfo - ok
17:16:26.0655 6480 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:16:26.0665 6480 arc - ok
17:16:26.0695 6480 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:16:26.0695 6480 arcsas - ok
17:16:26.0805 6480 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
17:16:26.0815 6480 AsIO - ok
17:16:26.0935 6480 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:16:26.0955 6480 aspnet_state - ok
17:16:27.0055 6480 AsSysCtrlService (8c1fd73cc27edd8d3344c632571c224c) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
17:16:27.0055 6480 AsSysCtrlService - ok
17:16:27.0085 6480 AsUpIO (26d66e32e78d3059715b3a17bc679cd9) C:\Windows\syswow64\drivers\AsUpIO.sys
17:16:27.0095 6480 AsUpIO - ok
17:16:27.0125 6480 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:16:27.0125 6480 AsyncMac - ok
17:16:27.0145 6480 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:16:27.0145 6480 atapi - ok
17:16:27.0355 6480 athur (c579174daf19e9330c31c95df1471380) C:\Windows\system32\DRIVERS\athurx.sys
17:16:27.0395 6480 athur - ok
17:16:27.0555 6480 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
17:16:27.0575 6480 AtiHDAudioService - ok
17:16:27.0615 6480 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:16:27.0635 6480 AtiPcie - ok
17:16:27.0745 6480 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:27.0745 6480 AudioEndpointBuilder - ok
17:16:27.0755 6480 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:16:27.0765 6480 AudioSrv - ok
17:16:27.0845 6480 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:16:27.0845 6480 AxInstSV - ok
17:16:27.0925 6480 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:16:27.0975 6480 b06bdrv - ok
17:16:28.0015 6480 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:16:28.0025 6480 b57nd60a - ok
17:16:28.0055 6480 bcgame - ok
17:16:28.0085 6480 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:16:28.0085 6480 BDESVC - ok
17:16:28.0135 6480 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:16:28.0155 6480 Beep - ok
17:16:28.0265 6480 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:16:28.0275 6480 BFE - ok
17:16:28.0505 6480 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys
17:16:28.0525 6480 BHDrvx64 - ok
17:16:28.0635 6480 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
17:16:28.0645 6480 BITS - ok
17:16:28.0695 6480 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:16:28.0705 6480 blbdrive - ok
17:16:28.0745 6480 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:16:28.0755 6480 bowser - ok
17:16:28.0805 6480 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:16:28.0805 6480 BrFiltLo - ok
17:16:28.0815 6480 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:16:28.0825 6480 BrFiltUp - ok
17:16:28.0865 6480 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:16:28.0875 6480 BridgeMP - ok
17:16:28.0905 6480 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:16:28.0915 6480 Browser - ok
17:16:28.0955 6480 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:16:28.0965 6480 Brserid - ok
17:16:28.0985 6480 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:16:28.0985 6480 BrSerWdm - ok
17:16:29.0005 6480 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:16:29.0005 6480 BrUsbMdm - ok
17:16:29.0015 6480 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:16:29.0015 6480 BrUsbSer - ok
17:16:29.0055 6480 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:16:29.0065 6480 BTHMODEM - ok
17:16:29.0095 6480 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:16:29.0105 6480 bthserv - ok
17:16:29.0125 6480 catchme - ok
17:16:29.0215 6480 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
17:16:29.0215 6480 ccSet_N360 - ok
17:16:29.0245 6480 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:16:29.0245 6480 cdfs - ok
17:16:29.0305 6480 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:16:29.0315 6480 cdrom - ok
17:16:29.0345 6480 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:29.0345 6480 CertPropSvc - ok
17:16:29.0385 6480 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:16:29.0385 6480 circlass - ok
17:16:29.0415 6480 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:16:29.0415 6480 CLFS - ok
17:16:29.0475 6480 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:16:29.0485 6480 clr_optimization_v2.0.50727_32 - ok
17:16:29.0515 6480 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:16:29.0525 6480 clr_optimization_v2.0.50727_64 - ok
17:16:29.0585 6480 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:16:29.0585 6480 clr_optimization_v4.0.30319_32 - ok
17:16:29.0635 6480 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:16:29.0635 6480 clr_optimization_v4.0.30319_64 - ok
17:16:29.0675 6480 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:16:29.0685 6480 CmBatt - ok
17:16:29.0725 6480 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:16:29.0745 6480 cmdide - ok
17:16:29.0815 6480 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:16:29.0825 6480 CNG - ok
17:16:29.0845 6480 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:16:29.0845 6480 Compbatt - ok
17:16:29.0885 6480 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:16:29.0905 6480 CompositeBus - ok
17:16:29.0905 6480 COMSysApp - ok
17:16:29.0975 6480 cpuz135 - ok
17:16:29.0995 6480 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:16:29.0995 6480 crcdisk - ok
17:16:30.0065 6480 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:16:30.0065 6480 CryptSvc - ok
17:16:30.0115 6480 CSRBC (c72d445d22c23a14b8b97e36699c22ae) C:\Windows\system32\Drivers\csrbc.sys
17:16:30.0115 6480 CSRBC - ok
17:16:30.0235 6480 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:16:30.0245 6480 DcomLaunch - ok
17:16:30.0285 6480 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:16:30.0305 6480 defragsvc - ok
17:16:30.0335 6480 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:16:30.0335 6480 DfsC - ok
17:16:30.0405 6480 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:16:30.0415 6480 Dhcp - ok
17:16:30.0425 6480 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:16:30.0425 6480 discache - ok
17:16:30.0475 6480 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:16:30.0475 6480 Disk - ok
17:16:30.0515 6480 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:16:30.0525 6480 Dnscache - ok
17:16:30.0555 6480 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:16:30.0575 6480 dot3svc - ok
17:16:30.0595 6480 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:16:30.0595 6480 DPS - ok
17:16:30.0615 6480 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:16:30.0615 6480 drmkaud - ok
17:16:30.0695 6480 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:16:30.0705 6480 DXGKrnl - ok
17:16:30.0725 6480 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:16:30.0725 6480 EapHost - ok
17:16:30.0895 6480 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:16:30.0955 6480 ebdrv - ok
17:16:31.0055 6480 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
17:16:31.0065 6480 eeCtrl - ok
17:16:31.0145 6480 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:16:31.0155 6480 EFS - ok
17:16:31.0295 6480 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:16:31.0315 6480 ehRecvr - ok
17:16:31.0345 6480 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:16:31.0355 6480 ehSched - ok
17:16:31.0455 6480 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:16:31.0465 6480 elxstor - ok
17:16:31.0535 6480 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:16:31.0545 6480 EraserUtilRebootDrv - ok
17:16:31.0575 6480 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:16:31.0585 6480 ErrDev - ok
17:16:31.0675 6480 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:16:31.0685 6480 EventSystem - ok
17:16:31.0715 6480 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:16:31.0715 6480 exfat - ok
17:16:31.0745 6480 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:16:31.0745 6480 fastfat - ok
17:16:31.0825 6480 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:16:31.0845 6480 Fax - ok
17:16:31.0875 6480 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:16:31.0875 6480 fdc - ok
17:16:31.0895 6480 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:16:31.0895 6480 fdPHost - ok
17:16:31.0895 6480 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:16:31.0895 6480 FDResPub - ok
17:16:31.0915 6480 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:16:31.0925 6480 FileInfo - ok
17:16:31.0925 6480 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:16:31.0935 6480 Filetrace - ok
17:16:31.0945 6480 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:16:31.0945 6480 flpydisk - ok
17:16:32.0005 6480 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:16:32.0015 6480 FltMgr - ok
17:16:32.0285 6480 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:16:32.0305 6480 FontCache - ok
17:16:32.0355 6480 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:16:32.0365 6480 FontCache3.0.0.0 - ok
17:16:32.0405 6480 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:16:32.0405 6480 FsDepends - ok
17:16:32.0425 6480 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:16:32.0425 6480 Fs_Rec - ok
17:16:32.0505 6480 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
17:16:32.0525 6480 Futuremark SystemInfo Service - ok
17:16:32.0585 6480 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:16:32.0595 6480 fvevol - ok
17:16:32.0635 6480 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:16:32.0635 6480 gagp30kx - ok
17:16:32.0715 6480 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:16:32.0725 6480 gpsvc - ok
17:16:32.0735 6480 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:16:32.0745 6480 hcw85cir - ok
17:16:32.0825 6480 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:16:32.0845 6480 HdAudAddService - ok
17:16:32.0895 6480 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:16:32.0905 6480 HDAudBus - ok
17:16:32.0925 6480 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:16:32.0925 6480 HidBatt - ok
17:16:32.0945 6480 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:16:32.0945 6480 HidBth - ok
17:16:32.0965 6480 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:16:32.0965 6480 HidIr - ok
17:16:32.0985 6480 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:16:32.0995 6480 hidserv - ok
17:16:33.0015 6480 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:16:33.0015 6480 HidUsb - ok
17:16:33.0045 6480 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:16:33.0045 6480 hkmsvc - ok
17:16:33.0095 6480 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:16:33.0095 6480 HomeGroupListener - ok
17:16:33.0135 6480 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:16:33.0145 6480 HomeGroupProvider - ok
17:16:33.0285 6480 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:16:33.0295 6480 hpqcxs08 - ok
17:16:33.0325 6480 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:16:33.0335 6480 hpqddsvc - ok
17:16:33.0385 6480 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:16:33.0395 6480 HpSAMD - ok
17:16:33.0525 6480 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:16:33.0545 6480 HTTP - ok
17:16:33.0575 6480 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:16:33.0575 6480 hwpolicy - ok
17:16:33.0635 6480 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:16:33.0645 6480 i8042prt - ok
17:16:33.0695 6480 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:16:33.0725 6480 iaStorV - ok
17:16:33.0845 6480 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:16:33.0865 6480 idsvc - ok
17:16:34.0015 6480 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120703.002\IDSvia64.sys
17:16:34.0025 6480 IDSVia64 - ok
17:16:34.0105 6480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:16:34.0115 6480 iirsp - ok
17:16:34.0205 6480 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:16:34.0215 6480 IKEEXT - ok
17:16:34.0615 6480 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
17:16:34.0635 6480 IntcAzAudAddService - ok
17:16:34.0705 6480 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:16:34.0705 6480 intelide - ok
17:16:34.0745 6480 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:16:34.0745 6480 intelppm - ok
17:16:34.0765 6480 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:16:34.0775 6480 IPBusEnum - ok
17:16:34.0805 6480 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:16:34.0815 6480 IpFilterDriver - ok
17:16:34.0865 6480 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:16:34.0875 6480 iphlpsvc - ok
17:16:34.0895 6480 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:16:34.0895 6480 IPMIDRV - ok
17:16:34.0925 6480 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:16:34.0925 6480 IPNAT - ok
17:16:34.0945 6480 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:16:34.0955 6480 IRENUM - ok
17:16:34.0975 6480 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:16:34.0995 6480 isapnp - ok
17:16:35.0035 6480 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:16:35.0065 6480 iScsiPrt - ok
17:16:35.0115 6480 JRAID (c0d9ba660a41ee8a269ef804e6cd0d7b) C:\Windows\system32\DRIVERS\jraid.sys
17:16:35.0125 6480 JRAID - ok
17:16:35.0275 6480 jswpsapi (81534359f525f7c02b2b56b2653bd779) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
17:16:35.0305 6480 jswpsapi - ok
17:16:35.0315 6480 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
17:16:35.0315 6480 JSWPSLWF - ok
17:16:35.0335 6480 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:16:35.0345 6480 kbdclass - ok
17:16:35.0385 6480 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
17:16:35.0385 6480 kbdhid - ok
17:16:35.0395 6480 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:35.0405 6480 KeyIso - ok
17:16:35.0425 6480 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:16:35.0425 6480 KSecDD - ok
17:16:35.0455 6480 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:16:35.0465 6480 KSecPkg - ok
17:16:35.0475 6480 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:16:35.0495 6480 ksthunk - ok
17:16:35.0535 6480 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:16:35.0565 6480 KtmRm - ok
17:16:35.0605 6480 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
17:16:35.0615 6480 LanmanServer - ok
17:16:35.0645 6480 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:16:35.0645 6480 LanmanWorkstation - ok
17:16:35.0695 6480 LHidFilt (2ab5199d61f6c2bbdcaf21acb9276845) C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:16:35.0705 6480 LHidFilt - ok
17:16:35.0755 6480 LightScribeService (3503f257b3203f824b1567238ebe17e2) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:16:35.0755 6480 LightScribeService - ok
17:16:35.0805 6480 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:16:35.0805 6480 lltdio - ok
17:16:35.0855 6480 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:16:35.0855 6480 lltdsvc - ok
17:16:35.0885 6480 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:16:35.0885 6480 lmhosts - ok
17:16:35.0905 6480 LMouFilt (ed2fd8bbd73478cce7c707fb8103cb56) C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:16:35.0905 6480 LMouFilt - ok
17:16:35.0955 6480 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:16:35.0955 6480 LSI_FC - ok
17:16:35.0975 6480 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:16:35.0975 6480 LSI_SAS - ok
17:16:35.0985 6480 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:16:35.0995 6480 LSI_SAS2 - ok
17:16:36.0025 6480 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:16:36.0025 6480 LSI_SCSI - ok
17:16:36.0065 6480 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:16:36.0065 6480 luafv - ok
17:16:36.0135 6480 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:16:36.0135 6480 MBAMProtector - ok
17:16:36.0255 6480 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:16:36.0255 6480 MBAMService - ok
17:16:36.0285 6480 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:16:36.0285 6480 Mcx2Svc - ok
17:16:36.0295 6480 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:16:36.0295 6480 megasas - ok
17:16:36.0345 6480 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:16:36.0355 6480 MegaSR - ok
17:16:36.0425 6480 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:16:36.0435 6480 Microsoft Office Groove Audit Service - ok
17:16:36.0495 6480 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:16:36.0495 6480 MMCSS - ok
17:16:36.0505 6480 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:16:36.0505 6480 Modem - ok
17:16:36.0545 6480 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
 
part 2

17:16:36.0555 6480 monitor - ok
17:16:36.0595 6480 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:16:36.0595 6480 mouclass - ok
17:16:36.0645 6480 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:16:36.0645 6480 mouhid - ok
17:16:36.0665 6480 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:16:36.0675 6480 mountmgr - ok
17:16:36.0705 6480 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:16:36.0715 6480 mpio - ok
17:16:36.0725 6480 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:16:36.0745 6480 mpsdrv - ok
17:16:36.0815 6480 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:16:36.0835 6480 MpsSvc - ok
17:16:36.0855 6480 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:16:36.0855 6480 MRxDAV - ok
17:16:36.0885 6480 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:16:36.0895 6480 mrxsmb - ok
17:16:36.0925 6480 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:16:36.0945 6480 mrxsmb10 - ok
17:16:36.0965 6480 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:16:36.0965 6480 mrxsmb20 - ok
17:16:37.0035 6480 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:16:37.0095 6480 msahci - ok
17:16:37.0275 6480 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:16:37.0275 6480 msdsm - ok
17:16:37.0345 6480 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:16:37.0345 6480 MSDTC - ok
17:16:37.0385 6480 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:16:37.0395 6480 Msfs - ok
17:16:37.0405 6480 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:16:37.0405 6480 mshidkmdf - ok
17:16:37.0415 6480 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:16:37.0415 6480 msisadrv - ok
17:16:37.0465 6480 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:16:37.0495 6480 MSiSCSI - ok
17:16:37.0495 6480 msiserver - ok
17:16:37.0535 6480 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:16:37.0535 6480 MSKSSRV - ok
17:16:37.0575 6480 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:16:37.0585 6480 MSPCLOCK - ok
17:16:37.0605 6480 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:16:37.0605 6480 MSPQM - ok
17:16:37.0665 6480 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:16:37.0675 6480 MsRPC - ok
17:16:37.0685 6480 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:16:37.0685 6480 mssmbios - ok
17:16:37.0685 6480 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:16:37.0695 6480 MSTEE - ok
17:16:37.0705 6480 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:16:37.0705 6480 MTConfig - ok
17:16:37.0745 6480 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:16:37.0755 6480 MTsensor - ok
17:16:37.0775 6480 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:16:37.0775 6480 Mup - ok
17:16:37.0885 6480 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe
17:16:37.0885 6480 N360 - ok
17:16:37.0975 6480 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:16:38.0005 6480 napagent - ok
17:16:38.0095 6480 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:16:38.0135 6480 NativeWifiP - ok
17:16:38.0315 6480 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.002\ENG64.SYS
17:16:38.0315 6480 NAVENG - ok
17:16:38.0555 6480 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.002\EX64.SYS
17:16:38.0575 6480 NAVEX15 - ok
17:16:38.0695 6480 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:16:38.0705 6480 NDIS - ok
17:16:38.0735 6480 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:16:38.0745 6480 NdisCap - ok
17:16:38.0775 6480 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:16:38.0795 6480 NdisTapi - ok
17:16:38.0825 6480 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:16:38.0825 6480 Ndisuio - ok
17:16:38.0865 6480 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:16:38.0865 6480 NdisWan - ok
17:16:38.0895 6480 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:16:38.0905 6480 NDProxy - ok
17:16:38.0965 6480 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:16:38.0965 6480 Net Driver HPZ12 - ok
17:16:38.0995 6480 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:16:38.0995 6480 NetBIOS - ok
17:16:39.0035 6480 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:16:39.0045 6480 NetBT - ok
17:16:39.0085 6480 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:39.0085 6480 Netlogon - ok
17:16:39.0155 6480 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:16:39.0165 6480 Netman - ok
17:16:39.0265 6480 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:39.0275 6480 NetMsmqActivator - ok
17:16:39.0285 6480 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:39.0285 6480 NetPipeActivator - ok
17:16:39.0315 6480 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:16:39.0325 6480 netprofm - ok
17:16:39.0345 6480 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:39.0345 6480 NetTcpActivator - ok
17:16:39.0345 6480 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:16:39.0345 6480 NetTcpPortSharing - ok
17:16:39.0375 6480 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:16:39.0385 6480 nfrd960 - ok
17:16:39.0445 6480 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:16:39.0455 6480 NlaSvc - ok
17:16:39.0465 6480 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:16:39.0465 6480 Npfs - ok
17:16:39.0485 6480 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:16:39.0495 6480 nsi - ok
17:16:39.0495 6480 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:16:39.0495 6480 nsiproxy - ok
17:16:39.0645 6480 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:16:39.0665 6480 Ntfs - ok
17:16:39.0745 6480 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:16:39.0745 6480 Null - ok
17:16:39.0805 6480 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
17:16:39.0805 6480 nusb3hub - ok
17:16:39.0865 6480 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:16:39.0885 6480 nusb3xhc - ok
17:16:39.0945 6480 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:16:39.0965 6480 nvraid - ok
17:16:39.0995 6480 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:16:40.0005 6480 nvstor - ok
17:16:40.0035 6480 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:16:40.0035 6480 nv_agp - ok
17:16:40.0115 6480 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:16:40.0135 6480 odserv - ok
17:16:40.0165 6480 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:16:40.0175 6480 ohci1394 - ok
17:16:40.0225 6480 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:16:40.0245 6480 ose - ok
17:16:40.0295 6480 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:40.0305 6480 p2pimsvc - ok
17:16:40.0355 6480 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:16:40.0365 6480 p2psvc - ok
17:16:40.0395 6480 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:16:40.0405 6480 Parport - ok
17:16:40.0425 6480 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:16:40.0475 6480 partmgr - ok
17:16:40.0505 6480 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:16:40.0505 6480 PcaSvc - ok
17:16:40.0535 6480 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:16:40.0535 6480 pci - ok
17:16:40.0555 6480 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:16:40.0555 6480 pciide - ok
17:16:40.0575 6480 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:16:40.0575 6480 pcmcia - ok
17:16:40.0595 6480 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:16:40.0595 6480 pcw - ok
17:16:40.0635 6480 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:16:40.0655 6480 PEAUTH - ok
17:16:40.0745 6480 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:16:40.0755 6480 PerfHost - ok
17:16:40.0945 6480 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:16:40.0975 6480 pla - ok
17:16:41.0055 6480 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:16:41.0065 6480 PlugPlay - ok
17:16:41.0135 6480 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:16:41.0135 6480 Pml Driver HPZ12 - ok
17:16:41.0155 6480 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:16:41.0155 6480 PNRPAutoReg - ok
17:16:41.0175 6480 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:16:41.0185 6480 PNRPsvc - ok
17:16:41.0235 6480 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:16:41.0235 6480 PolicyAgent - ok
17:16:41.0265 6480 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:16:41.0265 6480 Power - ok
17:16:41.0325 6480 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:16:41.0335 6480 PptpMiniport - ok
17:16:41.0355 6480 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:16:41.0355 6480 Processor - ok
17:16:41.0395 6480 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:16:41.0395 6480 ProfSvc - ok
17:16:41.0415 6480 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:41.0415 6480 ProtectedStorage - ok
17:16:41.0475 6480 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:16:41.0485 6480 Psched - ok
17:16:41.0605 6480 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:16:41.0625 6480 ql2300 - ok
17:16:41.0695 6480 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:16:41.0715 6480 ql40xx - ok
17:16:41.0745 6480 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:16:41.0755 6480 QWAVE - ok
17:16:41.0775 6480 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:16:41.0775 6480 QWAVEdrv - ok
17:16:41.0805 6480 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:16:41.0805 6480 RasAcd - ok
17:16:41.0845 6480 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:16:41.0855 6480 RasAgileVpn - ok
17:16:41.0875 6480 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:16:41.0885 6480 RasAuto - ok
17:16:41.0905 6480 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:16:41.0915 6480 Rasl2tp - ok
17:16:41.0945 6480 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:16:41.0955 6480 RasMan - ok
17:16:41.0985 6480 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:16:41.0995 6480 RasPppoe - ok
17:16:42.0035 6480 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:16:42.0035 6480 RasSstp - ok
17:16:42.0075 6480 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:16:42.0085 6480 rdbss - ok
17:16:42.0095 6480 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:16:42.0095 6480 rdpbus - ok
17:16:42.0105 6480 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:16:42.0105 6480 RDPCDD - ok
17:16:42.0145 6480 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:16:42.0145 6480 RDPENCDD - ok
17:16:42.0155 6480 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:16:42.0155 6480 RDPREFMP - ok
17:16:42.0185 6480 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:16:42.0195 6480 RDPWD - ok
17:16:42.0275 6480 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:16:42.0275 6480 rdyboost - ok
17:16:42.0315 6480 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:16:42.0315 6480 RemoteAccess - ok
17:16:42.0345 6480 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:16:42.0355 6480 RemoteRegistry - ok
17:16:42.0395 6480 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:16:42.0395 6480 RpcEptMapper - ok
17:16:42.0415 6480 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:16:42.0415 6480 RpcLocator - ok
17:16:42.0465 6480 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:16:42.0465 6480 RpcSs - ok
17:16:42.0485 6480 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:16:42.0495 6480 rspndr - ok
17:16:42.0535 6480 RTHDMIAzAudService - ok
17:16:42.0605 6480 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:16:42.0615 6480 RTL8167 - ok
17:16:42.0645 6480 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:42.0645 6480 SamSs - ok
17:16:42.0665 6480 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:16:42.0675 6480 sbp2port - ok
17:16:42.0705 6480 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:16:42.0715 6480 SCardSvr - ok
17:16:42.0755 6480 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:16:42.0765 6480 scfilter - ok
17:16:42.0835 6480 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:16:42.0835 6480 Schedule - ok
17:16:42.0875 6480 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
17:16:42.0885 6480 SCMNdisP - ok
17:16:42.0905 6480 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:16:42.0905 6480 SCPolicySvc - ok
17:16:42.0935 6480 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:16:42.0935 6480 SDRSVC - ok
17:16:42.0965 6480 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:16:42.0965 6480 secdrv - ok
17:16:42.0985 6480 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:16:42.0985 6480 seclogon - ok
17:16:43.0005 6480 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:16:43.0005 6480 SENS - ok
17:16:43.0025 6480 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:16:43.0025 6480 SensrSvc - ok
17:16:43.0035 6480 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:16:43.0045 6480 Serenum - ok
17:16:43.0085 6480 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:16:43.0085 6480 Serial - ok
17:16:43.0135 6480 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:16:43.0145 6480 sermouse - ok
17:16:43.0195 6480 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:16:43.0205 6480 SessionEnv - ok
17:16:43.0225 6480 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:16:43.0225 6480 sffdisk - ok
17:16:43.0235 6480 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:16:43.0245 6480 sffp_mmc - ok
17:16:43.0255 6480 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:16:43.0275 6480 sffp_sd - ok
17:16:43.0285 6480 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:16:43.0295 6480 sfloppy - ok
17:16:43.0345 6480 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:16:43.0345 6480 SharedAccess - ok
17:16:43.0395 6480 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:16:43.0395 6480 ShellHWDetection - ok
17:16:43.0415 6480 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:16:43.0415 6480 SiSRaid2 - ok
17:16:43.0435 6480 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:16:43.0435 6480 SiSRaid4 - ok
17:16:43.0465 6480 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:16:43.0465 6480 Smb - ok
17:16:43.0555 6480 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:16:43.0555 6480 SNMPTRAP - ok
17:16:43.0565 6480 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:16:43.0575 6480 spldr - ok
17:16:43.0625 6480 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:16:43.0625 6480 Spooler - ok
17:16:43.0845 6480 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:16:43.0895 6480 sppsvc - ok
17:16:43.0965 6480 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:16:43.0985 6480 sppuinotify - ok
17:16:44.0095 6480 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
17:16:44.0105 6480 SRTSP - ok
17:16:44.0125 6480 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
17:16:44.0125 6480 SRTSPX - ok
17:16:44.0175 6480 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:16:44.0195 6480 srv - ok
17:16:44.0235 6480 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:16:44.0265 6480 srv2 - ok
17:16:44.0285 6480 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:16:44.0295 6480 srvnet - ok
17:16:44.0355 6480 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:16:44.0365 6480 SSDPSRV - ok
17:16:44.0385 6480 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:16:44.0385 6480 SstpSvc - ok
17:16:44.0435 6480 Steam Client Service - ok
17:16:44.0465 6480 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:16:44.0465 6480 stexstor - ok
17:16:44.0515 6480 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:16:44.0525 6480 StillCam - ok
17:16:44.0665 6480 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:16:44.0675 6480 stisvc - ok
17:16:44.0685 6480 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:16:44.0685 6480 swenum - ok
17:16:44.0725 6480 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:16:44.0745 6480 swprv - ok
17:16:44.0835 6480 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
17:16:44.0845 6480 SymDS - ok
17:16:44.0925 6480 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
17:16:44.0935 6480 SymEFA - ok
17:16:44.0965 6480 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
17:16:44.0975 6480 SymEvent - ok
17:16:45.0015 6480 SymIM (b681d1b0f9596684225dcc9b94c6bacf) C:\Windows\system32\DRIVERS\SymIMv.sys
17:16:45.0025 6480 SymIM - ok
17:16:45.0065 6480 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
17:16:45.0065 6480 SymIRON - ok
17:16:45.0105 6480 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
17:16:45.0105 6480 SymNetS - ok
17:16:45.0245 6480 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:16:45.0265 6480 SysMain - ok
17:16:45.0365 6480 T2Fltr (e4e85e55f66f4f620cc8ee8c4e26139c) C:\Windows\system32\drivers\T2Fltr.sys
17:16:45.0375 6480 T2Fltr - ok
17:16:45.0405 6480 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:16:45.0415 6480 TabletInputService - ok
17:16:45.0445 6480 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:16:45.0445 6480 TapiSrv - ok
17:16:45.0465 6480 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:16:45.0475 6480 TBS - ok
17:16:45.0665 6480 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:16:45.0695 6480 Tcpip - ok
17:16:45.0905 6480 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:16:45.0915 6480 TCPIP6 - ok
17:16:45.0975 6480 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:16:45.0975 6480 tcpipreg - ok
17:16:46.0015 6480 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:16:46.0015 6480 TDPIPE - ok
17:16:46.0045 6480 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:16:46.0055 6480 TDTCP - ok
17:16:46.0115 6480 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:16:46.0115 6480 tdx - ok
17:16:46.0145 6480 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:16:46.0145 6480 TermDD - ok
17:16:46.0205 6480 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:16:46.0215 6480 TermService - ok
17:16:46.0225 6480 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:16:46.0225 6480 Themes - ok
17:16:46.0245 6480 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:16:46.0245 6480 THREADORDER - ok
17:16:46.0265 6480 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:16:46.0265 6480 TrkWks - ok
17:16:46.0335 6480 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:16:46.0335 6480 TrustedInstaller - ok
17:16:46.0375 6480 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:16:46.0375 6480 tssecsrv - ok
17:16:46.0445 6480 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:16:46.0455 6480 TsUsbFlt - ok
17:16:46.0825 6480 TuneUp.UtilitiesSvc (dc0f2a0c445ef104bc240954d3a460c2) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
17:16:46.0835 6480 TuneUp.UtilitiesSvc - ok
17:16:46.0885 6480 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
17:16:46.0885 6480 TuneUpUtilitiesDrv - ok
17:16:47.0045 6480 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:16:47.0045 6480 tunnel - ok
17:16:47.0075 6480 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:16:47.0075 6480 uagp35 - ok
17:16:47.0135 6480 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:16:47.0155 6480 udfs - ok
17:16:47.0195 6480 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:16:47.0205 6480 UI0Detect - ok
17:16:47.0225 6480 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:16:47.0235 6480 uliagpkx - ok
17:16:47.0275 6480 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:16:47.0285 6480 umbus - ok
17:16:47.0305 6480 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:16:47.0325 6480 UmPass - ok
17:16:47.0375 6480 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:16:47.0385 6480 upnphost - ok
17:16:47.0425 6480 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
17:16:47.0435 6480 usbaudio - ok
17:16:47.0465 6480 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:16:47.0465 6480 usbccgp - ok
17:16:47.0505 6480 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:16:47.0515 6480 usbcir - ok
17:16:47.0535 6480 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:16:47.0545 6480 usbehci - ok
17:16:47.0595 6480 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:16:47.0605 6480 usbhub - ok
17:16:47.0625 6480 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:16:47.0635 6480 usbohci - ok
17:16:47.0645 6480 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:16:47.0645 6480 usbprint - ok
17:16:47.0685 6480 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:16:47.0695 6480 USBSTOR - ok
17:16:47.0715 6480 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:16:47.0715 6480 usbuhci - ok
17:16:47.0735 6480 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:16:47.0745 6480 UxSms - ok
17:16:47.0765 6480 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:16:47.0765 6480 VaultSvc - ok
17:16:47.0795 6480 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:16:47.0795 6480 vdrvroot - ok
17:16:47.0885 6480 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:16:47.0905 6480 vds - ok
17:16:47.0915 6480 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:16:47.0925 6480 vga - ok
17:16:47.0935 6480 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:16:47.0945 6480 VgaSave - ok
17:16:47.0975 6480 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:16:47.0975 6480 vhdmp - ok
17:16:47.0995 6480 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:16:48.0005 6480 viaide - ok
17:16:48.0055 6480 VJoystick (b7f49333d2513eb1edaffdc269a23b68) C:\Windows\system32\DRIVERS\VJoystick.sys
17:16:48.0065 6480 VJoystick - ok
17:16:48.0115 6480 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
17:16:48.0115 6480 VKbms - ok
17:16:48.0135 6480 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:16:48.0135 6480 volmgr - ok
17:16:48.0195 6480 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:16:48.0215 6480 volmgrx - ok
17:16:48.0275 6480 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:16:48.0275 6480 volsnap - ok
17:16:48.0335 6480 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:16:48.0335 6480 vsmraid - ok
17:16:48.0505 6480 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:16:48.0535 6480 VSS - ok
17:16:48.0615 6480 vToolbarUpdater (69869a0e6380831d8582378cc5e46e7e) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
17:16:48.0615 6480 vToolbarUpdater - ok
17:16:48.0745 6480 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:16:48.0745 6480 vwifibus - ok
17:16:48.0795 6480 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:16:48.0795 6480 vwififlt - ok
17:16:48.0825 6480 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:16:48.0835 6480 vwifimp - ok
17:16:48.0895 6480 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:16:48.0905 6480 W32Time - ok
17:16:48.0925 6480 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:16:48.0925 6480 WacomPen - ok
17:16:48.0985 6480 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:48.0995 6480 WANARP - ok
17:16:49.0015 6480 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:16:49.0025 6480 Wanarpv6 - ok
17:16:49.0185 6480 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:16:49.0225 6480 WatAdminSvc - ok
17:16:49.0345 6480 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:16:49.0365 6480 wbengine - ok
17:16:49.0475 6480 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:16:49.0495 6480 WbioSrvc - ok
17:16:49.0565 6480 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:16:49.0575 6480 wcncsvc - ok
17:16:49.0585 6480 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:16:49.0595 6480 WcsPlugInService - ok
17:16:49.0625 6480 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:16:49.0635 6480 Wd - ok
17:16:49.0695 6480 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:16:49.0705 6480 Wdf01000 - ok
17:16:49.0735 6480 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:16:49.0745 6480 WdiServiceHost - ok
17:16:49.0745 6480 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:16:49.0745 6480 WdiSystemHost - ok
17:16:49.0815 6480 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:16:49.0815 6480 WebClient - ok
17:16:49.0845 6480 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:16:49.0855 6480 Wecsvc - ok
17:16:49.0875 6480 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:16:49.0875 6480 wercplsupport - ok
17:16:49.0915 6480 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:16:49.0915 6480 WerSvc - ok
17:16:49.0955 6480 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:16:49.0955 6480 WfpLwf - ok
17:16:49.0975 6480 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:16:49.0975 6480 WIMMount - ok
17:16:49.0995 6480 WinDefend - ok
17:16:50.0015 6480 WinHttpAutoProxySvc - ok
17:16:50.0085 6480 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:16:50.0095 6480 Winmgmt - ok
17:16:50.0245 6480 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:16:50.0305 6480 WinRM - ok
17:16:50.0445 6480 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:16:50.0455 6480 WinUsb - ok
17:16:50.0565 6480 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:16:50.0575 6480 Wlansvc - ok
17:16:50.0625 6480 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:16:50.0635 6480 wlcrasvc - ok
17:16:50.0935 6480 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:16:50.0965 6480 wlidsvc - ok
17:16:51.0055 6480 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:16:51.0065 6480 WmiAcpi - ok
17:16:51.0135 6480 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:16:51.0145 6480 wmiApSrv - ok
17:16:51.0195 6480 WMPNetworkSvc - ok
17:16:51.0215 6480 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:16:51.0215 6480 WPCSvc - ok
17:16:51.0255 6480 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:16:51.0265 6480 WPDBusEnum - ok
17:16:51.0285 6480 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:16:51.0295 6480 ws2ifsl - ok
17:16:51.0325 6480 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
17:16:51.0335 6480 wscsvc - ok
17:16:51.0365 6480 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:16:51.0365 6480 WSDPrintDevice - ok
17:16:51.0375 6480 WSearch - ok
17:16:51.0435 6480 WSWNA1100 (3e366f57cbb540c965bab1f2be6d7998) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
17:16:51.0445 6480 WSWNA1100 - ok
17:16:51.0635 6480 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:16:51.0665 6480 wuauserv - ok
17:16:51.0755 6480 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:16:51.0755 6480 WudfPf - ok
17:16:51.0915 6480 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:16:51.0915 6480 WUDFRd - ok
17:16:51.0955 6480 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:16:51.0955 6480 wudfsvc - ok
17:16:52.0005 6480 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:16:52.0025 6480 WwanSvc - ok
17:16:52.0065 6480 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:16:52.0085 6480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:16:52.0085 6480 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:16:52.0095 6480 MBR (0x1B8) (973e9ba32fdbb305c552ed3e1ebf0686) \Device\Harddisk1\DR1
17:16:57.0835 6480 \Device\Harddisk1\DR1 - ok
17:16:57.0835 6480 Boot (0x1200) (4fe36b9915f5d861cadb67c857178eaf) \Device\Harddisk0\DR0\Partition0
17:16:57.0845 6480 \Device\Harddisk0\DR0\Partition0 - ok
17:16:57.0845 6480 Boot (0x1200) (031b08983b8d8d8d81430848a32777df) \Device\Harddisk0\DR0\Partition1
17:16:57.0855 6480 \Device\Harddisk0\DR0\Partition1 - ok
17:16:57.0855 6480 Boot (0x1200) (3ba5e1251f1849875eab8fc6ab856c90) \Device\Harddisk1\DR1\Partition0
17:16:57.0855 6480 \Device\Harddisk1\DR1\Partition0 - ok
17:16:57.0855 6480 ============================================================
17:16:57.0855 6480 Scan finished
17:16:57.0855 6480 ============================================================
17:16:57.0865 6804 Detected object count: 1
17:16:57.0865 6804 Actual detected object count: 1
17:17:11.0425 6804 \Device\Harddisk0\DR0\# - copied to quarantine
17:17:11.0425 6804 \Device\Harddisk0\DR0 - copied to quarantine
17:17:11.0465 6804 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:17:11.0465 6804 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:17:11.0475 6804 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
17:17:11.0475 6804 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
17:17:11.0485 6804 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:17:11.0495 6804 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:17:11.0495 6804 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:17:11.0505 6804 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:17:11.0515 6804 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:17:11.0525 6804 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
17:17:11.0525 6804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:17:11.0525 6804 \Device\Harddisk0\DR0 - ok
17:17:15.0365 6804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:17:31.0875 6496 Deinitialize success
 
aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 17:29:30
-----------------------------
17:29:30.109 OS Version: Windows x64 6.1.7601 Service Pack 1
17:29:30.109 Number of processors: 6 586 0xA00
17:29:30.109 ComputerName: MOTHERSHIP1 UserName: cdogg
17:29:33.229 Initialize success
17:30:15.221 AVAST engine defs: 12070400
17:30:43.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:30:43.921 Disk 0 Vendor: WDC_WD1001FALS-00J7B0 05.00K05 Size: 953869MB BusType: 3
17:30:43.951 Disk 0 MBR read successfully
17:30:43.961 Disk 0 MBR scan
17:30:43.971 Disk 0 Windows 7 default MBR code
17:30:43.981 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:30:44.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
17:30:44.021 Disk 0 scanning C:\Windows\system32\drivers
17:30:54.861 Service scanning
17:31:13.131 Modules scanning
17:31:13.141 Disk 0 trace - called modules:
17:31:13.161 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:31:13.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a15060]
17:31:13.171 3 CLASSPNP.SYS[fffff88001bd143f] -> nt!IofCallDriver -> [0xfffffa80079629b0]
17:31:13.181 5 ACPI.sys[fffff88000ec17a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007a08680]
17:31:16.131 AVAST engine scan C:\Windows
17:31:21.241 AVAST engine scan C:\Windows\system32
17:34:28.172 AVAST engine scan C:\Windows\system32\drivers
17:34:39.122 AVAST engine scan C:\Users\cdogg
17:38:24.142 AVAST engine scan C:\ProgramData
17:41:26.752 Scan finished successfully
17:41:55.062 Disk 0 MBR has been saved successfully to "C:\Users\cdogg\Desktop\MBR.dat"
17:41:55.062 The log file has been saved successfully to "C:\Users\cdogg\Desktop\aswMBR.txt"
 
RougeKiller Log

RogueKiller V7.6.2 [07/02/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: cdogg [Admin rights]
Mode: Scan -- Date: 07/04/2012 17:47:07
¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] RunDAOD.job @ : C:\Windows\DAODx.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
 
Now the good news. I'm not sure what all the reports revealed but the music/ads have stopped playing when I start IE or open Outlook. Good news it seems.
 
The TDSS Killer seemed to be the one to knock it out. Stopped soon after that ran.

Ran Malwarebytes again (quick scan) and it did not detect the Trojan.agent anylonger.

Next question, should we worry about the external drive being infected???

Finally, I'd like to make a donation for all your efforts, I can simply follow the link at the bottom of your posts correct???
 
Good :)

Yeah you had a rootkit which was removed by TDSSKiller.

Please post fresh Combofix log.
 
Hopefully last combo fix log


ComboFix 12-07-04.04 - cdogg 07/04/2012 23:02:35.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7678.5502 [GMT -4:00]
Running from: c:\users\cdogg\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 03:15 . 2012-07-05 03:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-05 01:04 . 2012-07-05 01:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-04 21:17 . 2012-07-04 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-04 19:12 . 2012-07-04 23:39 -------- d-----w- C:\FRST
2012-07-04 14:48 . 2012-07-04 14:48 -------- d-----w- c:\users\cdogg\AppData\Roaming\HPAppData
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\users\cdogg\AppData\Roaming\Malwarebytes
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-04 02:20 . 2012-07-04 02:20 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 02:20 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 00:27 . 2011-12-14 16:47 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-07-04 00:27 . 2011-12-14 16:46 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-07-04 00:27 . 2011-12-14 16:46 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-07-04 00:25 . 2012-07-05 01:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-04 00:25 . 2012-07-05 01:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-04 00:25 . 2012-07-04 00:25 -------- d--h--w- c:\programdata\Common Files
2012-07-04 00:24 . 2012-07-04 00:26 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-07-03 22:13 . 2012-07-03 22:14 -------- d-----w- C:\8973daadc5ee177a10a1
2012-06-24 14:38 . 2012-06-24 14:38 -------- d-----w- c:\windows\en
2012-06-24 14:34 . 2012-06-24 14:34 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-24 14:30 . 2012-06-24 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f2779cd91cd521502\MeshBetaRemover.exe
2012-06-24 14:30 . 2012-06-24 14:30 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DSETUP.dll
2012-06-24 14:30 . 2012-06-24 14:30 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\DXSETUP.exe
2012-06-24 14:30 . 2012-06-24 14:30 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f22a66181cd521501\dsetup32.dll
2012-06-23 12:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 12:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 12:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 12:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 12:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 12:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 12:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 12:29 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 12:29 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 18:25 . 2012-06-16 18:25 -------- d-----w- c:\users\cdogg\AppData\Local\The Witcher 2
2012-06-16 15:49 . 2012-06-18 11:27 -------- d-----w- c:\program files (x86)\The Witcher 2
2012-06-15 03:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-15 03:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-15 03:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-15 03:56 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-15 03:56 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-15 03:56 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-15 03:56 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-15 03:56 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-15 03:56 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-15 03:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-15 03:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-15 03:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-15 03:55 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-15 03:55 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-15 03:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-15 03:55 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-15 03:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 10:57 . 2012-04-27 16:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-12 10:57 . 2011-08-07 02:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-22 21:03 . 2012-05-22 21:02 1164080 ----a-w- c:\windows\M4A89GTD-PRO-USB3-ASUS-3027.zip
2012-05-22 20:48 . 2012-05-22 20:49 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-05-22 20:48 . 2012-05-22 20:49 412264 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-05-22 20:48 . 2011-03-21 17:22 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-05-22 20:36 . 2012-05-22 20:36 16896 ----a-w- c:\windows\AsTaskSched.dll
2012-05-05 02:35 . 2012-05-05 02:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:55 42392 ----a-w- c:\windows\SysWow64\xfcodec.dll
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-05-02 11:55 . 2011-02-12 18:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-04_13.00.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-03-10 02:51 . 2012-07-04 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-10 02:51 . 2012-07-04 20:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-04 13:57 . 2012-07-04 13:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-07-03 12:28 . 2012-07-04 19:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-03 12:28 . 2012-07-04 12:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-04 13:19 . 2012-07-04 18:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012070420120705\index.dat
- 2012-07-03 12:28 . 2012-07-04 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-03 12:28 . 2012-07-04 20:12 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-04 13:57 . 2012-07-04 13:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2011-02-12 17:08 . 2012-07-04 23:06 63866 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 23:06 35424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-12 16:57 . 2012-07-04 23:06 21206 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4101788207-3307439777-1475344421-1000_UserData.bin
+ 2011-06-17 14:41 . 2012-07-04 18:32 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-06-17 14:41 . 2012-05-22 00:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-12 19:29 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 19:29 . 2012-07-05 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-12 19:29 . 2012-07-05 00:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-12 19:29 . 2012-07-04 03:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-05 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-04 03:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-05 03:17 . 2012-07-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-05 03:17 . 2012-07-05 03:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-04 12:58 . 2012-07-04 12:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-05 01:04 311296 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-06-16 16:28 671952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 18:10 671952 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-16 16:28 126078 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-04 18:10 126078 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-02-17 02:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-04 19:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-04 12:57 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-05 03:16 403032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-07-05 01:04 6832128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-12 21:59 . 2012-07-05 03:16 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-12 21:59 . 2012-07-04 12:57 3697008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-03 21:13 . 2012-07-04 21:17 4099744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-07-05 01:04 11780096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-19 05:17 . 2012-07-05 03:16 29440536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4101788207-3307439777-1475344421-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}]
c:\program files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
2012-05-22 19:55 93184 ----a-w- c:\program files (x86)\OApps\bho_project.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-05 01:04 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-05-09 176936]
"{A531D99C-5A22-449b-83DA-872725C6D0ED}"= "c:\program files (x86)\alotappbar\bin\ALOTHelper.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-07-05 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{a531d99c-5a22-449b-83da-872725c6d0ed}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\cdogg\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-12 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2012-01-13 43608]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-05 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-2-12 4562944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 257224]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-13 1255736]
R4 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2012-03-29 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120704.001\IDSvia64.sys [2012-06-14 509088]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-07-05 935480]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-05-22 412264]
S3 T2Fltr;Razer Nostromo;c:\windows\system32\drivers\T2Fltr.sys [2011-01-16 22912]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
S3 VJoystick;Virtual JoyStick KMDF HID Minidriver;c:\windows\system32\DRIVERS\VJoystick.sys [2010-09-30 13312]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 10:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
- c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
- c:\users\cdogg\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-30 02:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = localhost;<local>
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"=hex:51,66,7a,6c,4c,1d,38,12,6c,b0,49,
5a,57,31,a3,01,fd,07,82,94,cf,f2,8a,b7
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22,
a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6,
81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9194649F-7143-4308-90C1-D6A35B0E354E}"=hex:51,66,7a,6c,4c,1d,38,12,f1,67,87,
95,71,3f,66,06,ef,d7,95,e3,5e,50,71,5a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:30,b7,56,e6,ec,59,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,8d,6a,98,61,6f,10,47,a5,47,fd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-07-04 23:34:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-05 03:34
ComboFix2.txt 2012-07-04 21:03
ComboFix3.txt 2012-07-04 13:29
.
Pre-Run: 862,431,563,776 bytes free
Post-Run: 862,593,712,128 bytes free
.
- - End Of File - - 3CA6C4DAF27779E2BDDEE416173019B5
 
question: 1) can I now get rid of all the saved logs I've been keeping?

2) is it safe to delete the MBR file created for the desktop during all the scans

3) is it safe to attach the external drive?
 
Combofix log looks good.

1. I'll let you know.
2. Yes.
3. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on your computer to protect it from any infected USB device. Then at some point scan it with your AV program.

Next....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
going to rack out, but tomorrow I'll start back with the aforementioned instructions and post the appropriate logs. big thanks and deep bows for your help. I promise I will donate tomorrow (though I know it is not necessary)
 
OTL log from this morning

OTL logfile created on: 7/5/2012 7:41:11 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
PRC - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccsvchst.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/12 15:01:11 | 000,557,056 | ---- | M] (BitLeader) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/04 21:04:49 | 000,132,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/07/04 21:04:45 | 001,104,440 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
MOD - [2010/06/01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2009/02/26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/04 21:04:46 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/06/12 06:57:50 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/26 15:03:36 | 000,135,584 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 19:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ccSvcHst.exe -- (N360)
SRV - [2012/03/25 23:36:12 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 12:47:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/14 00:52:36 | 000,136,616 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2010/06/24 02:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 17:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/22 16:48:31 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/02 07:55:44 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/29 02:28:38 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/29 02:28:34 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2012/03/29 02:28:30 | 001,092,728 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/03/29 02:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2012/03/29 02:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/29 02:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/03/29 02:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/13 15:08:57 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0602010.005\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:27:56 | 000,038,400 | ---- | M] (CSR plc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\csrbc.sys -- (CSRBC)
DRV:64bit: - [2011/01/16 13:58:08 | 000,022,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\T2Fltr.sys -- (T2Fltr)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010/09/30 10:53:58 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VJoystick.sys -- (VJoystick)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/10 04:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/05/15 03:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/23 16:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2007/01/23 16:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012/07/04 20:49:28 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\ex64.sys -- (NAVEX15)
DRV - [2012/07/04 20:49:28 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\VirusDefs\20120704.017\eng64.sys -- (NAVENG)
DRV - [2012/07/03 22:19:54 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/06/14 14:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\Definitions\IPSDefs\20120704.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/05/30 23:14:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 BC 3B AA 72 DA CB 01 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 42 9A 68 FD 59 CD 01 [binary data]
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
 
OTL part 2

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\IPSFFPlgn\ [2012/05/02 08:06:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.0.9\coFFPlgn\ [2012/07/05 07:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/07/04 21:04:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 12:57:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 00:00:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/21 12:57:43 | 000,000,000 | ---D | M]

[2011/04/23 15:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Extensions
[2012/07/04 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions
[2012/05/18 20:43:14 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/05/27 14:42:33 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\appbar@alot.com
[2012/05/27 14:41:47 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\cdogg\AppData\Roaming\Mozilla\Firefox\Profiles\s8om1tpo.default\extensions\plugin@videofiledownload.com
[2011/05/13 09:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/13 09:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/05/21 12:57:43 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPLGN
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/04 21:04:45 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2304157
CHR - default_search_provider: suggest_url = http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cdogg\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\cdogg\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: VideoFileDownload = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\cdogg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/07/04 23:17:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.2.1.5\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000..\Run: [Akamai NetSession Interface] C:\Users\cdogg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D254D2-1360-493F-8C98-4BA78C645981}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/05 07:33:04 | 000,000,000 | -HS- | M] () - E:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2012/07/05 07:37:44 | 000,000,016 | -H-- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 07:40:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
[2012/07/05 07:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/07/05 07:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/07/05 07:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/07/04 23:34:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 23:19:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\AVG Secure Search
[2012/07/04 23:18:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/04 21:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/04 17:43:39 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\RK_Quarantine
[2012/07/04 17:17:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/04 17:15:31 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\tdsskiller
[2012/07/04 17:14:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
[2012/07/04 15:12:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/04 10:48:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\HPAppData
[2012/07/04 08:41:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 08:41:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 08:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 08:37:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 08:33:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/04 08:26:52 | 004,571,247 | R--- | C] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
[2012/07/03 22:20:58 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Roaming\Malwarebytes
[2012/07/03 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 22:20:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/03 22:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/03 20:27:04 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/07/03 20:27:01 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/07/03 20:27:01 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/07/03 20:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/07/03 20:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/03 20:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/03 20:25:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/03 20:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012/07/03 18:13:33 | 000,000,000 | ---D | C] -- C:\8973daadc5ee177a10a1
[2012/06/24 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F6C4472-9867-469B-BD19-EEAFB50D65FC}
[2012/06/24 11:31:21 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{3F1F5EC3-D9B6-4F7F-B274-EE8FCD9FF326}
[2012/06/24 10:38:08 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/24 10:30:16 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A9DA36BB-8E18-4A68-B18E-72C6AC5E4622}
[2012/06/24 10:30:07 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{A0261B66-7107-4D63-A43A-674735BAEA7B}
[2012/06/24 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{DA2E36D8-3290-48C7-9DB0-AC57047F00F2}
[2012/06/24 10:29:48 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{14223F85-F2A5-423D-BBDB-07E5911BDECD}
[2012/06/24 10:29:38 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4ACE3DB2-2F6E-4844-B089-9F9D3A8E3695}
[2012/06/24 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{B84F3D9E-17F9-4077-A9F4-4C6178337CEE}
[2012/06/24 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{996F26B0-BCD4-419C-AA95-C917650D4070}
[2012/06/24 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{26E0C199-863D-4834-9545-C63BBB59E3D0}
[2012/06/24 10:28:50 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{1E512A57-A1FE-4F03-9602-1C34799EA9C7}
[2012/06/24 10:28:41 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{810F3454-77CF-4CEE-870F-7F72B1401ADB}
[2012/06/24 10:28:32 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8C293ACF-6298-4947-9758-1D6DC39FDAA2}
[2012/06/24 10:28:12 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{7B8B9561-CBCD-4ACF-A348-A8A107D143DB}
[2012/06/24 10:26:52 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{4DA0D27D-E643-47BD-B792-9DC632EF8B35}
[2012/06/24 10:26:43 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{D03F2C5E-C69E-4CC3-AD8E-F3F63C78F861}
[2012/06/24 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6F98346C-15B0-4AFE-95A8-67C0C16EAD37}
[2012/06/24 10:26:24 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{0DA02574-F956-43DE-BBE1-71DE828D4464}
[2012/06/24 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{E69D1D9C-556A-4513-BC5B-17547717D8E8}
[2012/06/24 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{95EFAD8B-DD59-4BC6-B6AF-1F9DFFF6D059}
[2012/06/24 10:25:55 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{6A4C0581-F508-4703-98B0-92A281352A20}
[2012/06/24 10:25:35 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{99822CDD-752A-4188-BDDB-8B81376A4C5E}
[2012/06/24 10:23:20 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{2A4F2857-0E1E-4C8C-BFD0-35A2EF6841E2}
[2012/06/24 10:23:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\{8D34F3E6-D6FF-45E6-9DDB-9B65987F211C}
[2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Documents\Witcher 2
[2012/06/16 14:25:02 | 000,000,000 | ---D | C] -- C:\Users\cdogg\AppData\Local\The Witcher 2
[2012/06/16 12:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2012/06/16 11:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Witcher 2
[2012/06/15 23:18:28 | 000,000,000 | ---D | C] -- C:\Users\cdogg\Desktop\Ebay
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/05 07:40:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\cdogg\Desktop\OTL.exe
[2012/07/05 07:37:09 | 000,823,346 | ---- | M] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
[2012/07/05 07:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/05 07:33:46 | 000,796,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/05 07:33:46 | 000,671,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/05 07:33:46 | 000,126,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/05 07:13:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000UA.job
[2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 07:12:19 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 07:05:12 | 000,000,343 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/05 07:04:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/05 07:04:11 | 1743,347,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 00:13:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4101788207-3307439777-1475344421-1000Core.job
[2012/07/04 23:17:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/04 17:14:08 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\cdogg\Desktop\aswMBR.exe
[2012/07/04 17:13:16 | 002,116,179 | ---- | M] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
[2012/07/04 16:21:55 | 004,571,247 | R--- | M] (Swearware) -- C:\Users\cdogg\Desktop\ComboFix.exe
[2012/07/04 14:24:26 | 565,692,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/03 22:20:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 20:26:44 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/03 20:26:44 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/03 09:15:17 | 000,774,394 | ---- | M] () -- C:\Users\cdogg\Desktop\zach rec.pdf
[2012/07/02 20:15:11 | 000,002,404 | ---- | M] () -- C:\Users\cdogg\Desktop\Google Chrome.lnk
[2012/07/01 15:41:25 | 000,003,721 | ---- | M] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
[2012/06/16 12:28:35 | 000,790,278 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/16 12:17:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2012/06/15 00:44:18 | 000,430,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 07:37:07 | 000,823,346 | ---- | C] () -- C:\Users\cdogg\Desktop\USBVaccine.zip
[2012/07/04 17:13:10 | 002,116,179 | ---- | C] () -- C:\Users\cdogg\Desktop\tdsskiller.zip
[2012/07/04 08:41:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 08:41:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 08:41:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 08:41:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 08:41:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 22:20:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 20:26:44 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2012/07/03 20:26:43 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012/07/03 20:26:29 | 000,002,199 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/07/03 09:15:17 | 000,774,394 | ---- | C] () -- C:\Users\cdogg\Desktop\zach rec.pdf
[2012/07/01 15:41:22 | 000,003,721 | ---- | C] () -- C:\Users\cdogg\Desktop\ETS scheduling pdf.htm
[2012/06/16 12:17:22 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
[2012/05/27 16:45:44 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test two with xfire unigine_20120527_1645.html
[2012/05/27 14:53:43 | 000,003,373 | ---- | C] () -- C:\Users\cdogg\test one unigine_20120527_1453.html
[2012/05/27 14:47:09 | 000,003,072 | ---- | C] () -- C:\Users\cdogg\AppData\Local\file__0.localstorage
[2012/05/22 16:52:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/05/22 16:52:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/05/22 16:27:59 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/05/22 16:27:59 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/05/22 16:21:57 | 000,032,217 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/05/21 13:10:24 | 000,208,672 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2012/05/21 13:10:24 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2012/05/21 12:53:27 | 000,173,199 | ---- | C] () -- C:\Windows\hpoins40.dat
[2012/05/21 12:53:27 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2012/05/02 22:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 13:10:23 | 000,030,002 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp20.html
[2012/01/13 14:58:32 | 000,028,607 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp56.html
[2012/01/13 14:57:47 | 000,001,955 | ---- | C] () -- C:\Users\cdogg\AppData\Local\Temp1.html
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/29 11:26:04 | 000,028,160 | ---- | C] () -- C:\Users\cdogg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/19 11:16:36 | 000,001,940 | ---- | C] () -- C:\Users\cdogg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/23 15:37:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/12 19:11:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/02/12 15:40:36 | 000,000,093 | ---- | C] () -- C:\Users\cdogg\AppData\Local\fusioncache.dat
[2011/02/12 15:38:36 | 000,790,278 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/12 15:00:16 | 000,000,343 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/02/12 13:06:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/03/08 17:53:33 | 000,000,003 | ---- | C] () -- C:\Users\cdogg\My Documentslang.ini

========== LOP Check ==========

[2011/02/12 19:35:40 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Belkin
[2012/03/19 15:38:50 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\ChessBase
[2011/05/19 11:42:38 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\FileZilla
[2012/03/03 11:37:21 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Garmin
[2012/05/20 23:52:06 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TeamViewer
[2011/03/18 23:04:02 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\The Creative Assembly
[2011/03/11 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Tific
[2012/01/29 23:07:44 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\TuneUp Software
[2011/02/12 15:40:41 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Turbine
[2011/03/04 09:46:13 | 000,000,000 | ---D | M] -- C:\Users\cdogg\AppData\Roaming\Win7codecs
[2012/06/02 19:24:43 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
< End of report >
 
OTL Extras

OTL Extras logfile created on: 7/5/2012 7:41:11 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\cdogg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.50 Gb Total Physical Memory | 5.38 Gb Available Physical Memory | 71.78% Memory free
14.99 Gb Paging File | 12.59 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 803.45 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 7.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.94% Space Free | Partition Type: FAT32
Drive G: | 298.02 Gb Total Space | 249.21 Gb Free Space | 83.62% Space Free | Partition Type: FAT32

Computer Name: MOTHERSHIP1 | User Name: cdogg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0033750A-00EE-46C5-BB2E-AFE2938EA091}" = lport=138 | protocol=17 | dir=in | app=system |
"{08F5FAF5-3960-4AEA-A723-483273EE988D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0C245F6D-DEEA-4420-B2A4-68AA24902607}" = lport=139 | protocol=6 | dir=in | app=system |
"{12F216B3-5594-4E8A-84AE-04AF096FCB64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1A4B06EE-64B9-4F23-8B19-47365F46BEDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{206174B1-7B82-4733-817F-5841364B6E9B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32F28A25-EC37-434A-B32F-2E9B72E64E06}" = rport=445 | protocol=6 | dir=out | app=system |
"{340A8656-7AE5-4A6B-B568-99FE75296962}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3448676D-C2F0-4DE5-9EE7-2DC5100A8102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C81798E-525A-4E8A-B068-80CB0DD4CEB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{421D1689-D0E8-4721-B7C5-20C18C95F53A}" = lport=445 | protocol=6 | dir=in | app=system |
"{42D265BD-F389-482A-9C69-E8AE1D50AD67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5003A548-B448-4D14-894F-5824996C2901}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51CDF072-2FC6-407F-8098-2C140F1A94AE}" = rport=137 | protocol=17 | dir=out | app=system |
"{737D3E1F-E747-4360-BAAD-40E4AA09CF8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F468B9E-99B7-404E-848A-16425BAD3501}" = rport=139 | protocol=6 | dir=out | app=system |
"{910D6FD4-B6AB-4D63-93C6-F0CD16424522}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9F5F3969-3271-4C56-8DC5-04713DCE69FD}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A354DCC6-A103-4878-BFFE-4F9AFEA7B150}" = lport=137 | protocol=17 | dir=in | app=system |
"{AA601A61-B257-49F0-866A-B97D8EC55461}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AB054356-8935-4842-B343-7ACD0584735E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6A369A1-6481-4B3D-A44C-79F371486D19}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF7613EA-7DF0-49F7-8AAA-085D45EFF4C8}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface |
"{C0A55FCE-8845-4A99-89C6-610AEA7D0F96}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D55A24BD-956E-4AC0-BA20-80DD810E36FA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF98E61E-A357-496A-A06A-57FF257E699C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E24911DF-119C-48C7-A80D-AE82AC1FE043}" = rport=138 | protocol=17 | dir=out | app=system |
"{F355526D-F8E2-4909-A387-0CBBB1B2B5C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034A5725-01E2-4990-89AD-7947446BE76F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{090C55AA-44EB-4BF4-A067-807B2D01A3DA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{0CB76765-03E5-4212-851A-B2D0336AB3F6}" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
"{113298C4-9340-4806-ACFD-E71FEFAAC2DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{1168B419-BB30-4D4D-9AA7-26C7AA63BE1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{143961A3-D582-422E-8509-A1CC309B0DE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1F8BE0D4-9FC5-4ED8-8BA5-7F1844AFB480}" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{22CA6DB2-0AA4-43B9-926E-6B799E6F2154}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{258FCE23-1732-4500-83CA-8149DD241591}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{2A0A26C7-8082-4CD7-8FB9-4BF0878E5298}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2EBDEF2A-0630-4760-B5AE-BDDC75D1E0DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{36AD416D-7EC6-4E03-BC07-1939DB1507EE}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{3DE5519A-A646-4E45-B028-CC0A72632160}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3F587ED6-8AC1-4849-A3F8-8C3E925F1D72}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40CF9A73-7CCA-48FB-862A-F65C41C5BD9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{432C9D38-02AC-4279-A3E5-F7E20B3AFA36}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{44093A77-FCC9-4325-897B-A1736C2FE38E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{4788C395-027D-4C43-B8F9-9DC88ECA3D69}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{49E26066-DFDE-435D-8BE5-375245C80965}" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"{4AB06E50-1B66-41E2-BFA1-E81D44A149E9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{563E539E-EE05-4CB2-88B7-1CEE93E3A3B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{574C8642-9861-46F9-8FF2-AA3E83622630}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5BBE3FA2-0DC0-4836-BC78-5758AFAC8C3A}" = dir=in | app=d:\setup\hpznui40.exe |
"{5CF665CD-EF6C-4626-9A9A-EAF46247C565}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E352939-D175-4F09-AD87-FB40CF98F013}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{60760BAC-0451-42A0-9700-DF0512678FF9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{64923F2D-C848-45B7-8382-9EDA44EE9F39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{666E1851-6530-46F4-BEA9-D9E330E70CEE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{6B9F84DF-6D21-4D17-999A-05407AF7938B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{6C9161AC-F9EC-4327-A24D-55B26588C2AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{713EDD61-7B5D-41C1-BA7F-DEBDC3469A42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{726B479E-5F61-4937-A430-D70C3CED3220}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{77205D41-14F8-4664-826A-215940693054}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7AF13FC1-398C-486C-B631-1BBF91606009}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7B2F2C32-5C13-4439-8960-D582FD2617F6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{8379370A-4747-454A-A718-26954116BDBA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{839E3C8D-246A-4A6C-B121-152A0770011D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{84643AF5-985A-4417-B180-70D5073AA005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86E354A1-896F-4BD7-B042-2CBE7ED3215B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C558697-D5B8-4D57-968A-96151D935522}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{8DB26C6D-411C-4BF0-BD94-296079F9FD23}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{9A26B0A4-AA51-4A16-9715-C3A561C14DCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9A7F85F8-F6D7-427F-994F-0796E8F284DC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{9B44295A-29F4-482B-83B4-801B13744D0F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{9D58B0E5-7998-47FC-8282-4C27F8671B9D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{A101EC72-710B-4679-9CE1-6EBE746C4A35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A647E5B2-1F56-4674-A960-038423FDAF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A8136A3F-F666-4BE3-9CA9-4810A2EA0045}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A9CD48EA-8FC6-4ECF-B535-DE0C2CBF7438}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AA868EC1-9F5F-4126-887E-1411A91320C3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B334F282-4E34-449F-9CC6-A0B0714DFD62}" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\temp\7zs681b\hppiw.exe |
"{B4DB5119-1FBA-4E8F-AC37-5A40C5CF9541}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6291112-9279-4FE5-B02C-38A3FBA5D7A4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BADBE6C7-1B95-40E2-B500-F5F2DA10F04C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC6CDA11-1B9C-4A44-8D8D-6EB66A00DB3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D07C8D38-CA11-4390-A7ED-B1D74A7EC618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8E58190-40E5-4EF7-8A3A-47F8B95C8678}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DA6731B6-CC17-4A36-A0FF-B660BEAE5FD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E037FE8F-7811-46A4-822B-19B7F962E38B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{E33E9C29-D116-499D-BD32-7FAEA7AA24DF}" = protocol=6 | dir=out | app=system |
"{E5A00B13-E033-447C-9689-ADBA574A2073}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F18BF587-0E00-4383-9D33-711A9859844C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F71D8C7A-5363-4016-8B58-5CB70E18530E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F79299CF-4DBE-4921-AE8C-468929D5FAEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{1350AB2C-D2FB-4EB4-87BF-E485BB3DD43E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{1D919A8F-C21B-44AF-A0C8-4866265BFDA3}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"TCP Query User{92BC4AB5-CA72-4058-84A5-DDB0A424FD1D}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{C223AB9C-FD93-462D-A17A-D3CF15A98A0B}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"TCP Query User{E310B7FE-B93C-412F-B420-2621CADD7D60}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3B0854B9-66F3-45C3-9667-2085A635C3B4}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{97FBFD63-7F5A-4D8D-B4DE-60365680BCF9}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B2F16716-5138-4D8D-B55F-2CDE3168F663}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{D63A2736-7977-4354-9255-B4C96C2417EF}C:\users\cdogg\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\cdogg\appdata\local\akamai\netsession_win.exe |
"UDP Query User{FC3A1435-459C-4AB2-A060-A5FA0B0190D1}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"88C277C6E63CBDAF35A096E80A5B97A29A619D3A" = Windows Driver Package - Cambridge Silicon Radio Ltd. (CSRBC) USB (02/03/2011 2.4.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"Unigine Heaven DX11 Benchmark (Basic Edition)_is1" = Heaven DX11 Benchmark version 3.0
"WhoCrashed_is1" = WhoCrashed 3.03
 
Extras Part 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{375B0ACB-49BA-463E-96D0-E95F994DF594}" = AMD OverDrive Beta
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3FB61967-FF66-43B6-89F9-DF15FD9F3015}" = Razer Nostromo
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{49C5BD36-F5B9-4E6A-9DC1-04818B9D55E3}" = Razer Nostromo Firmware Updater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4ED980CB-C288-6A80-A3EA-AEECC543058B}" = Application Profiles
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E617721F-B66C-4D5A-AA2A-B2D60820CDC3}" = B209a-m
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"alotAppbar" = ALOT Appbar
"AVG Secure Search" = AVG Security Toolbar
"CameraUserGuide-PSELPH100HS_IXUS115HS" = Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide
"CameraUserGuide-PSELPH300HS_IXUS220HS" = Canon PowerShot ELPH 300 HS_IXUS 220 HS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo III" = Diablo III
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.4.0
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.6.14)" = Mozilla Firefox (3.6.14)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"N360" = Norton 360 Premier Edition
"PhotoStitch" = Canon Utilities PhotoStitch
"SMH10 Manager" = SMH10 Manager 1.3
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"Steam App 440" = Team Fortress 2
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"vfd-adk" = VideoFileDownload
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4101788207-3307439777-1475344421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/3/2012 10:13:14 AM | Computer Name = mothership1 | Source = VSS | ID = 8194
Description =

Error - 7/3/2012 8:28:36 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x0002df85 Faulting process
id: 0x1e98 Faulting application start time: 0x01cd597a085aeca1 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 3167bbbb-c56f-11e1-a033-bcaec5297ea8

Error - 7/4/2012 12:45:18 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: NOTEPAD.EXE, version: 6.1.7600.16385, time
stamp: 0x4a5bc60f Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x057afce4 Faulting process id: 0x16fc Faulting application
start time: 0x01cd599d454a0620 Faulting application path: C:\Windows\SysWOW64\NOTEPAD.EXE
Faulting
module path: unknown Report Id: 0da3dbf6-c593-11e1-a71b-bcaec5297ea8

Error - 7/4/2012 9:42:31 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 0.0.0.0, time stamp:
0x4a5bc3c5 Faulting module name: MSHTML.dll, version: 9.0.8112.16446, time stamp:
0x4fb58407 Exception code: 0xc00000fd Fault offset: 0x002b8839 Faulting process id:
0x10c8 Faulting application start time: 0x01cd59e4e8f961fb Faulting application path:
\\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\system32\MSHTML.dll
Report
Id: 19dac301-c5de-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 10:07:16 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: jscript9.dll, version: 9.0.8112.16446, time
stamp: 0x4fb57f7f Exception code: 0xc0000005 Fault offset: 0x0005d082 Faulting process
id: 0xf9c Faulting application start time: 0x01cd59eb26b21cbe Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report
Id: 8f464af3-c5e1-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 10:41:37 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: wmploc.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4ce7ba86 Exception code: 0xc0000005 Fault offset: 0x68ede474 Faulting process
id: 0x20fc Faulting application start time: 0x01cd59ee8f08d12c Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: wmploc.dll Report
Id: 5b49509b-c5e6-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 11:23:11 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
id: 0xdf8 Faulting application start time: 0x01cd59f6cf873a94 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OApps\bho_project.dll Report Id: 29e013d3-c5ec-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 11:23:15 AM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: bho_project.dll, version: 1.0.0.1, time
stamp: 0x4fbbef1a Exception code: 0xc0000005 Fault offset: 0x00002e78 Faulting process
id: 0x39f8 Faulting application start time: 0x01cd59f8edd52177 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\OApps\bho_project.dll Report Id: 2c703e2e-c5ec-11e1-bf5e-bcaec5297ea8

Error - 7/4/2012 2:26:15 PM | Computer Name = mothership1 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 7/4/2012 3:15:13 PM | Computer Name = mothership1 | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x3e316ea2 Faulting process id: 0x1214 Faulting application
start time: 0x01cd5a16fd35c9cc Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 94049ee7-c60c-11e1-886d-bcaec5297ea8

[ Media Center Events ]
Error - 2/14/2011 4:00:34 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:00:33 PM - Failed to retrieve NetTV (Error: Invalid security token.)

Error - 2/14/2011 4:01:38 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:01:38 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
to the remote server)

Error - 2/14/2011 4:02:39 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 3:02:35 PM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 4/28/2011 9:01:02 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 9:00:57 PM - Error connecting to the internet. 9:00:57 PM - Unable
to contact server..

Error - 5/5/2011 7:49:51 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 7:49:51 AM - Error connecting to the internet. 7:49:51 AM - Unable
to contact server..

Error - 5/5/2011 7:50:01 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 7:49:56 AM - Error connecting to the internet. 7:49:56 AM - Unable
to contact server..

Error - 5/12/2011 11:51:14 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 11:51:10 PM - Error connecting to the internet. 11:51:10 PM - Unable
to contact server..

Error - 5/26/2011 11:08:08 PM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 11:07:47 PM - Error connecting to the internet. 11:07:47 PM - Unable
to contact server..

Error - 5/27/2011 12:08:13 AM | Computer Name = mothership1 | Source = MCUpdate | ID = 0
Description = 12:08:12 AM - Error connecting to the internet. 12:08:12 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/15/2011 4:55:24 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 96
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/16/2011 11:08:10 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/20/2011 8:25:52 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/29/2011 2:51:19 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/22/2011 8:51:39 AM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/25/2012 9:51:43 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/10/2012 10:58:29 PM | Computer Name = mothership1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 11:17:43 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 7/4/2012 11:17:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:17:53 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7034
Description = The ASUS System Control Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/4/2012 11:18:38 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =

Error - 7/4/2012 11:43:35 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:43:47 PM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/4/2012 11:44:35 PM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =

Error - 7/5/2012 7:04:25 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/5/2012 7:05:09 AM | Computer Name = mothership1 | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 7/5/2012 7:05:25 AM | Computer Name = mothership1 | Source = DCOM | ID = 10016
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL log after fix

All processes killed
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :OTL> in the current context!
Error: Unable to interpret <• IE - HKU\S-1-5-21-4101788207-3307439777-1475344421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;<local>> in the current context!
Error: Unable to interpret <• O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll File not found> in the current context!
Error: Unable to interpret <• O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <• O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <• > in the current context!
Error: Unable to interpret <• :Commands> in the current context!
Error: Unable to interpret <• [purity]> in the current context!
Error: Unable to interpret <• [emptytemp]> in the current context!
Error: Unable to interpret <• [emptyjava]> in the current context!
Error: Unable to interpret <• [emptyflash]> in the current context!
Error: Unable to interpret <• [Reboot]> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07052012_110609
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Security Check Log

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Security Toolbar
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6.14) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
FSS log

Farbar Service Scanner Version: 02-07-2012
Ran by cdogg (administrator) on 05-07-2012 at 11:15:34
Running from "C:\Users\cdogg\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
You must log in or register to reply here.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
465
eriksnyman1
E
AlexGrama7
Unable to Connect External Monitor via USB-C on Lenovo Legion 5 (15ARH05H)
Replies
3
Views
924
AlexGrama7
AlexGrama7
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back