Miadear

Members
  • Content count

    10
  • Joined

  • Last visited

About Miadear

  • Rank
    New Member
  1. Hello.... Accidentally downloaded an unknown .exe file and I noticed that my google chrome browser home page has been taken over by http://mystart.incredibar.com. Please help me remove this virus. thanks- Mia
  2. should I get rid of OTL, combo fix and tdsskiller?
  3. after a few reboots and 2 disk? checks, browser and virus protection still seem normal.
  4. ComboFix 12-05-11.03 - Lisa Grueber 05/11/2012 20:47:22.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.2022 [GMT -5:00] Running from: c:\users\Lisa Grueber\Downloads\ComboFix.exe AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18} SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\autorun.inf c:\program files\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 ))))))))))))))))))))))))))))))) . . 2012-05-12 01:55 . 2012-05-12 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-12 01:54 . 2012-05-12 01:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06818D6D-C727-4FA8-B2CC-6A2DC8DB3986}\offreg.dll 2012-05-11 17:09 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06818D6D-C727-4FA8-B2CC-6A2DC8DB3986}\mpengine.dll 2012-05-11 16:18 . 2012-05-11 16:18 74703 ----a-w- c:\windows\system32\mfc45.dll 2012-05-11 04:14 . 2011-09-28 17:12 1189184 ----a-r- c:\windows\system32\drivers\ampse.sys 2012-05-11 04:14 . 2012-05-11 04:14 -------- d-----w- c:\programdata\Authentium 2012-05-11 04:14 . 2012-05-11 04:14 -------- d-----w- c:\program files\Common Files\Authentium 2012-05-11 04:14 . 2012-04-17 13:25 118784 ----a-w- c:\windows\system32\iavlsp.dll 2012-05-11 04:13 . 2012-04-17 14:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll 2012-05-11 04:13 . 2012-04-17 15:11 33280 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-05-11 04:13 . 2012-04-17 15:11 15360 ----a-w- c:\windows\system32\smrgdf.exe 2012-05-11 04:13 . 2012-04-17 13:25 56200 ----a-w- c:\windows\system32\offreg.dll 2012-05-11 04:13 . 2012-05-11 04:13 -------- d-----w- c:\program files\iolo 2012-05-11 03:55 . 2012-05-11 18:39 -------- d-----w- c:\users\Lisa Grueber\AppData\Roaming\iolo 2012-05-11 03:55 . 2012-05-11 16:17 -------- d-----w- c:\programdata\iolo 2012-05-10 23:02 . 2012-05-10 23:02 -------- d-----w- C:\_OTL 2012-05-10 06:20 . 2012-05-10 06:20 -------- d-----w- c:\users\Lisa Grueber\AppData\Roaming\Malwarebytes 2012-05-10 06:20 . 2012-05-10 06:20 -------- d-----w- c:\programdata\Malwarebytes 2012-05-10 06:20 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-10 06:20 . 2012-05-10 06:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-10 05:10 . 2012-05-10 05:10 -------- d-----w- c:\program files\AVG 2012-05-10 05:06 . 2012-05-11 04:07 -------- d-----w- c:\programdata\MFAData 2012-05-08 23:08 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-08 23:08 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 23:08 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-05-08 23:08 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-05-08 23:08 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-05-08 23:08 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-08 23:08 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-08 23:08 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-05-08 23:07 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-08 23:07 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-04-29 22:18 . 2012-04-29 22:18 -------- d-----w- c:\users\Lisa Grueber\AppData\Local\Diagnostics . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-25 15:40 . 2012-03-25 15:41 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-05 19:37 . 2012-03-05 19:37 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-05 19:37 . 2012-03-05 19:37 161792 ----a-w- c:\windows\system32\msls31.dll 2012-03-05 19:37 . 2012-03-05 19:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-05 19:37 . 2012-03-05 19:37 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-05 19:37 . 2012-03-05 19:37 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-05 19:37 . 2012-03-05 19:37 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-03-05 19:37 . 2012-03-05 19:37 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-05 19:37 . 2012-03-05 19:37 367104 ----a-w- c:\windows\system32\html.iec 2012-03-05 19:37 . 2012-03-05 19:37 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-03-05 19:37 . 2012-03-05 19:37 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-03-05 19:37 . 2012-03-05 19:37 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-05 19:37 . 2012-03-05 19:37 152064 ----a-w- c:\windows\system32\wextract.exe 2012-03-05 19:37 . 2012-03-05 19:37 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-03-05 19:37 . 2012-03-05 19:37 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-03-05 19:37 . 2012-03-05 19:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-05 19:37 . 2012-03-05 19:37 11776 ----a-w- c:\windows\system32\mshta.exe 2012-03-05 19:37 . 2012-03-05 19:37 101888 ----a-w- c:\windows\system32\admparse.dll 2012-03-01 05:46 . 2012-04-11 17:52 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 05:37 . 2012-04-11 17:52 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:33 . 2012-04-11 17:52 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 17:52 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:18 . 2012-04-11 18:05 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11 . 2012-04-11 18:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 18:05 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03 . 2012-04-11 18:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-26 18:15 . 2012-02-26 18:15 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin 2012-02-23 15:18 . 2011-12-13 04:54 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34 . 2012-03-14 19:17 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14 . 2012-03-14 19:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13 . 2012-03-14 19:17 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2009-01-23 20:55 . 2009-01-23 20:55 184320 ----a-w- c:\program files\SecSNMP.dll 2006-09-02 00:05 . 2006-09-02 00:05 4218880 ----a-w- c:\program files\Ssres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk /p \??\g:\0autocheck autochk *\0autocheck smrgdf c:\users\Lisa Grueber\AppData\Roaming\iolo\\0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2011-09-28 142144] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-19 1343400] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2011-09-28 138048] S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2011-09-28 1189184] S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120] S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2011-09-28 97088] S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2011-09-28 97088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344] . . Contents of the 'Scheduled Tasks' folder . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000Core.job - c:\users\Lisa Grueber\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 16:50] . 2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000UA.job - c:\users\Lisa Grueber\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 16:50] . . ------- Supplementary Scan ------- . uStart Page = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\iavlsp.dll TCP: DhcpNameServer = 192.168.1.254 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-RunOnce-SMRequiresRestart - (no file) SafeBoot-AMP SafeBoot-AMPSE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*] "value"="?\0c\04\0f\14\12\18?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-05-11 21:02:14 ComboFix-quarantined-files.txt 2012-05-12 02:02 . Pre-Run: 39,312,089,088 bytes free Post-Run: 39,075,274,752 bytes free . - - End Of File - - CF73583B41755D6E1C25385272DBB0A2
  5. <p>issue seems to be fixed. I uninstalled system mechanic and re-installed. now functioning properly. also, search-nu is no longer controlling browser home.</p> <p> </p> <p>ran OTL again...</p> <p> </p> <p> </p> <p> </p> <p> </p> <div>OTL logfile created on: 5/11/2012 1:04:14 PM - Run 3</div> <div>OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lisa Grueber\Desktop</div> <div> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 9.0.8112.16421)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>2.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.03% Memory free</div> <div>5.98 Gb Paging File | 4.29 Gb Available in Paging File | 71.75% Paging File free</div> <div>Paging file location(s): ?:\pagefile.sys [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 93.06 Gb Total Space | 36.72 Gb Free Space | 39.46% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: LISA-LAPTOP | User Name: Lisa Grueber | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: Current user | Quick Scan</div> <div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - [2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe</div> <div>PRC - [2012/04/17 10:51:36 | 001,432,536 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe</div> <div>PRC - [2012/04/17 10:46:32 | 004,782,648 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\System Mechanic Professional\SysMech.exe</div> <div>PRC - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe</div> <div>PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</div> <div>PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</div> <div>PRC - [2011/09/28 11:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe</div> <div>PRC - [2011/09/28 11:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe</div> <div>PRC - [2011/09/05 12:04:56 | 001,489,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe</div> <div>PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div> <div>PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe</div> <div>PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</div> <div>PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe</div> <div>PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe</div> <div>PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe</div> <div>PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - [2012/04/27 21:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll</div> <div>MOD - [2012/04/27 21:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll</div> <div>MOD - [2012/04/27 21:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll</div> <div>MOD - [2012/04/27 21:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll</div> <div>MOD - [2012/04/27 21:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll</div> <div>MOD - [2012/04/27 20:09:18 | 008,743,584 | ---- | M] () -- C:\Users\LISAGR~1\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll</div> <div>MOD - [2012/04/27 20:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll</div> <div>MOD - [2012/04/17 10:18:28 | 000,360,784 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\lorraine.dll</div> <div>MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll</div> <div>MOD - [2011/09/05 12:04:56 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll</div> <div>MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll</div> <div>MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div> <div> </div> <div> </div> <div>========== Win32 Services (SafeList) ==========</div> <div> </div> <div>SRV - [2012/04/17 09:30:36 | 001,047,336 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)</div> <div>SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)</div> <div>SRV - [2011/12/19 04:01:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)</div> <div>SRV - [2011/09/28 11:59:12 | 000,142,144 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)</div> <div>SRV - [2011/09/28 11:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)</div> <div>SRV - [2011/09/28 11:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)</div> <div>SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)</div> <div>SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)</div> <div>SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)</div> <div>SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk)</div> <div>DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)</div> <div>DRV - [2011/09/28 12:12:32 | 000,138,048 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\amp.sys -- (AMP)</div> <div>DRV - [2011/09/28 12:12:28 | 001,189,184 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ampse.sys -- (AMPSE)</div> <div>DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)</div> <div>DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)</div> <div>DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)</div> <div>DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)</div> <div>DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)</div> <div>DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)</div> <div>DRV - [2008/12/09 11:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</div> <div> </div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = </div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp</div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US</div> <div>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 3E 06 E6 4C 1E CD 01 [binary data]</div> <div>IE - HKCU\..\SearchScopes,DefaultScope = </div> <div>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div> <div>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/19 00:36:37 | 000,000,000 | ---D | M]</div> <div> </div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}</div> <div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div> <div>CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll</div> <div>CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll</div> <div>CHR - Extension: YouTube = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</div> <div>CHR - Extension: Google Search = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</div> <div>CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\</div> <div>CHR - Extension: Gmail = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</div> <div> </div> <div>O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</div> <div>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</div> <div>O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.</div> <div>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)</div> <div>O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</div> <div>O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</div> <div>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)</div> <div>O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)</div> <div>O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC)</div> <div>O13 - gopher Prefix: missing</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</div> <div>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254</div> <div>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151B6E5A-0129-45E3-9ADA-CD9E0138C759}: DhcpNameServer = 192.168.1.254</div> <div>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found</div> <div>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</div> <div>O34 - HKLM BootExecute: (autocheck autochk /p \??\G:)</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = comfile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/05/10 23:14:33 | 001,189,184 | R--- | C] (Commtouch, Inc.) -- C:\Windows\System32\drivers\ampse.sys</div> <div>[2012/05/10 23:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Authentium</div> <div>[2012/05/10 23:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium</div> <div>[2012/05/10 23:14:10 | 000,118,784 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\iavlsp.dll</div> <div>[2012/05/10 23:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional</div> <div>[2012/05/10 23:13:47 | 002,095,816 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll</div> <div>[2012/05/10 23:13:41 | 000,033,280 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe</div> <div>[2012/05/10 23:13:41 | 000,015,360 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe</div> <div>[2012/05/10 23:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\iolo</div> <div>[2012/05/10 22:55:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\iolo</div> <div>[2012/05/10 22:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo</div> <div>[2012/05/10 18:16:51 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa Grueber\Desktop\tdsskiller (1).exe</div> <div>[2012/05/10 18:02:33 | 000,000,000 | ---D | C] -- C:\_OTL</div> <div>[2012/05/10 10:35:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe</div> <div>[2012/05/10 01:20:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\Malwarebytes</div> <div>[2012/05/10 01:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</div> <div>[2012/05/10 01:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</div> <div>[2012/05/10 01:20:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys</div> <div>[2012/05/10 01:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware</div> <div>[2012/05/10 00:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div> <div>[2012/05/10 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData</div> <div>[2012/04/29 17:18:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Local\Diagnostics</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/05/11 13:15:46 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/11 13:15:46 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</div> <div>[2012/05/11 13:05:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000UA.job</div> <div>[2012/05/11 11:18:17 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini</div> <div>[2012/05/11 11:18:00 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll</div> <div>[2012/05/11 11:17:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</div> <div>[2012/05/11 11:17:24 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/05/10 22:27:54 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</div> <div>[2012/05/10 20:05:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000Core.job</div> <div>[2012/05/10 19:54:42 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini</div> <div>[2012/05/10 18:17:05 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa Grueber\Desktop\tdsskiller (1).exe</div> <div>[2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe</div> <div>[2012/05/09 17:05:23 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat</div> <div>[2012/05/09 17:05:23 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat</div> <div>[2012/04/17 10:11:44 | 000,033,280 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iolobtdfg.exe</div> <div>[2012/04/17 10:11:34 | 000,015,360 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\smrgdf.exe</div> <div>[2012/04/17 09:37:02 | 002,095,816 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\Incinerator32.dll</div> <div>[2012/04/17 08:25:20 | 000,118,784 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\iavlsp.dll</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/05/11 11:18:00 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll</div> <div>[2012/04/11 17:39:28 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini</div> <div>[2012/04/05 18:47:45 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini</div> <div> </div> <div>========== LOP Check ==========</div> <div> </div> <div>[2012/03/12 11:26:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\ConverterLite</div> <div>[2012/03/10 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\FileZilla</div> <div>[2012/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\iolo</div> <div>[2012/02/10 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\PDF Writer</div> <div>[2009/07/13 23:53:46 | 000,019,216 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</div> <div> </div> <div>========== Purity Check ==========</div> <div> </div> <div> </div> <div> </div> <div>< End of report ></div> <div> </div> <div> </div> <div> </div> <div> </div> <div> </div>
  6. OTL logfile created on: 5/10/2012 10:03:03 PM - Run 2 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lisa Grueber\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.60% Memory free 5.98 Gb Paging File | 3.87 Gb Available in Paging File | 64.66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 38.03 Gb Free Space | 40.87% Space Free | Partition Type: NTFS Computer Name: LISA-LAPTOP | User Name: Lisa Grueber | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/10 18:17:05 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa Grueber\Desktop\tdsskiller (1).exe PRC - [2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe PRC - [2012/05/10 00:13:33 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe PRC - [2012/05/10 00:13:32 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe PRC - [2011/09/28 12:59:12 | 000,142,144 | ---- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2011/09/28 12:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2011/09/28 12:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012/05/10 00:13:34 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll MOD - [2012/05/10 00:13:32 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/04/27 21:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll MOD - [2012/04/27 21:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/27 21:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/27 21:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/27 21:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/27 20:09:18 | 008,743,584 | ---- | M] () -- C:\Users\LISAGR~1\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll MOD - [2012/04/27 20:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV - [2012/05/10 00:13:33 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011/12/19 04:01:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/09/28 12:59:12 | 000,142,144 | ---- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2011/09/28 12:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2011/09/28 12:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/09/28 13:12:32 | 000,138,048 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\amp.sys -- (AMP) DRV - [2011/09/28 13:12:28 | 001,189,184 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ampse.sys -- (AMPSE) DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008/12/09 11:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 3E 06 E6 4C 1E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/19 00:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/10 00:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 00:11:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/10 00:13:53 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={C48CB541-59B4-48D4-A688-9CD953DDC072}&mid=0a3cd4bf8c6547d0a68ad15f95c8d7b2-d9403418a31d243e153ab121023e35b3be56a910〈=en&ds=AVG&pr=pr&d=2012-05-10 00:13:37&v=11.0.0.9&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151B6E5A-0129-45E3-9ADA-CD9E0138C759}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/10 18:16:51 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa Grueber\Desktop\tdsskiller (1).exe [2012/05/10 18:02:33 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/10 10:35:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe [2012/05/10 01:20:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\Malwarebytes [2012/05/10 01:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/10 01:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/10 01:20:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/10 01:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/10 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\AVG2012 [2012/05/10 00:14:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Local\AVG Secure Search [2012/05/10 00:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/10 00:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/05/10 00:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/05/10 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/05/10 00:11:45 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/05/10 00:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/10 00:11:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012/05/10 00:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/05/10 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/04/29 17:18:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Local\Diagnostics [2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys ========== Files - Modified Within 30 Days ========== [2012/05/10 22:05:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000UA.job [2012/05/10 22:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/10 20:05:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000Core.job [2012/05/10 19:54:42 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini [2012/05/10 18:17:05 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa Grueber\Desktop\tdsskiller (1).exe [2012/05/10 18:16:57 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/10 18:16:57 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/10 18:07:54 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys [2012/05/10 17:48:32 | 097,737,204 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe [2012/05/10 01:32:41 | 000,033,927 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/10 00:55:43 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll [2012/05/09 23:23:17 | 000,427,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/09 17:05:23 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/09 17:05:23 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/27 15:02:28 | 000,624,914 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2012/04/19 11:51:04 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys ========== Files Created - No Company Name ========== [2012/05/10 17:48:32 | 097,737,204 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/10 01:32:41 | 000,033,927 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/10 00:55:43 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll [2012/04/27 15:02:28 | 000,624,914 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2012/04/11 17:39:28 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini [2012/04/05 18:47:45 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini ========== LOP Check ========== [2012/05/10 00:14:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\AVG2012 [2012/03/12 11:26:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\ConverterLite [2012/03/10 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\FileZilla [2011/12/13 02:56:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\iolo [2012/02/10 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\PDF Writer [2009/07/13 23:53:46 | 000,017,704 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/10/2012 10:47:06 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lisa Grueber\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.92% Memory free 5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 37.02 Gb Free Space | 39.78% Space Free | Partition Type: NTFS Computer Name: LISA-LAPTOP | User Name: Lisa Grueber | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03FED37E-7828-4FAD-B786-0BF45397C652}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0B032E56-1747-4346-8051-BFB566F81F86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2208291E-BEB9-4BCC-AA25-FCCF522E4428}" = rport=137 | protocol=17 | dir=out | app=system | "{2C2AC1B2-BB65-4708-BDCC-8E23B051E95D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3956A4B7-13C2-4B97-926C-FBCBBFBE8F75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B4BCC7A-1FC0-4CA2-A775-7E2007E18CF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{40DAA939-02A2-42BE-A887-59838520CEFD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E294797-902C-494F-8C68-3FD671DE97E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4EDCEE28-A6A6-4E8F-B28E-2ABE0C8A3258}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{56C4276D-2CA0-4914-A17E-FFACD5A13A0A}" = rport=10243 | protocol=6 | dir=out | app=system | "{5C16BC46-C138-4BFF-A28F-6AA7ABAF4641}" = lport=445 | protocol=6 | dir=in | app=system | "{63F2AC1B-3825-4D95-A036-268BCFA5CBE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74EBDE58-267F-4AE2-B26A-C0D37CA29E54}" = lport=138 | protocol=17 | dir=in | app=system | "{780C913D-C944-4F9C-8A0C-479B34739495}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8982BFC8-B974-412D-A5BC-003466C92169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{94CC3887-F335-4749-8B30-51A3D3CF1EEC}" = rport=138 | protocol=17 | dir=out | app=system | "{A417056E-F94D-410D-A09E-BF657545A64B}" = lport=10243 | protocol=6 | dir=in | app=system | "{A6EAEE65-81E1-4DF1-97A4-88235EB8E584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C45AAD78-83E7-4156-8981-A122B633D9EC}" = rport=139 | protocol=6 | dir=out | app=system | "{CDE6B28A-CA95-4129-867D-A16670378806}" = lport=137 | protocol=17 | dir=in | app=system | "{D7E6D338-41EA-4897-BD16-A2606F8E98B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{D97D54F7-5807-4E5C-9D82-927D029FF79F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECD83FE3-C879-46E9-8A5E-80BE0A7EBBD0}" = lport=139 | protocol=6 | dir=in | app=system | "{FEDD6E3D-4C7A-4C6E-94E9-A770A69F64A7}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0202D7F5-B6A9-4F00-9061-E18461F2322F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{12042512-816F-46BA-B454-26A36805E0D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{14084BB7-6D5F-4303-AFA1-8A0DB9695BEF}" = protocol=6 | dir=out | app=system | "{17B60DB7-5036-464B-8596-6989B7BF6486}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{1BD9D80D-E11E-4B8C-8AE7-648414517E74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D73880A-111B-4467-9EDE-754CA0CA8E03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{215A953B-E4ED-451C-A60B-20CC000B3F46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{261716FC-138B-4BD1-BE1D-D14BBDB33C79}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | "{3399D8B9-2462-48FE-A365-374010DBBDF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4603D293-5556-486C-9DC9-58433C453822}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{4BA4A7AC-E79D-4CA6-BE0F-C416084FA361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C11EEE3-74C1-48E7-BF92-C9A270F4F37A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4E7A5D04-2CF9-41EB-92EC-DEEEECB0FD48}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{4F553283-AE7D-4CC9-9A08-0C6C31177363}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{556B6D61-14A7-466D-9C9A-603092295700}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{566B70E0-F85D-40A5-8D5D-4D3917AD822A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{56BC4CC3-EFAA-4165-8E32-3A3852FC96B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5CCD5EE4-99BE-4A59-8486-C9DA0741EC78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5E069471-FCF1-4CAB-A427-B5DDC9663C8F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{60E9309E-B532-4B4E-A047-82950EA26E94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{61834769-BD30-4017-9B3B-BA9F5FBB5B9F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6DA4A081-4426-44EC-B0C2-65F4AC857C1E}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | "{7F4B6DFD-AA04-4A60-8567-81EFD5D37319}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{83433965-9C61-4CE3-83F4-24D56F218504}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A0011339-48E3-48B9-827E-9C66F7874AC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AE0E4B13-C155-4A63-B9ED-1DDFB53349A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE8B7036-A837-4034-8865-C02374713CEE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{CC9F742A-780E-46BC-B4E7-4A200D871E79}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{D81A8D97-600F-4267-BB53-8E87660C4863}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{DCFFFDA7-A10D-4988-B22B-34303723ECB0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F3EB0F44-1CA4-4429-8687-BEB370151AAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FDBBABEE-0D20-4B99-AF64-217AA4C13D42}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{1BADB727-2B2F-4916-9A5F-252261E43930}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{D4536189-A7F7-471E-AE34-7539B2B6305D}C:\program files\mediacrawler\mediacrawler.exe" = protocol=6 | dir=in | app=c:\program files\mediacrawler\mediacrawler.exe | "UDP Query User{1C4C64C9-971D-4256-9286-75CA971E02A9}C:\program files\mediacrawler\mediacrawler.exe" = protocol=17 | dir=in | app=c:\program files\mediacrawler\mediacrawler.exe | "UDP Query User{D1FC0356-E48E-42EC-826B-41BB6D77FA4D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011 "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip" = 7-Zip 9.15 beta "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2012 "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338 "ConverterLite" = ConverterLite 1.1.0 "DivX Setup" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.3 "HDMI" = Intel® Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime "Power Management Driver" = ThinkPad Power Management Driver "Samsung ML-1740 Series" = Samsung ML-1740 Series "SynTPDeinstKey" = ThinkPad UltraNav Driver "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VideoLAN VLC media player 0.8.6f ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/10/2012 12:26:22 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:13:05 AM | Computer Name = Lisa-Laptop | Source = Application Error | ID = 1000 Description = Faulting application name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00736573 Faulting process id: 0xb98 Faulting application start time: 0x01cd2e6910d81176 Faulting application path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Faulting module path: unknown Report Id: d21b64c4-9a5e-11e1-8530-0016d32c3e41 Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 2:19:31 AM | Computer Name = Lisa-Laptop | Source = Application Error | ID = 1000 Description = Faulting application name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Faulting module name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x00224ef4 Faulting process id: 0x17d0 Faulting application start time: 0x01cd2e7187e55ca4 Faulting application path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Faulting module path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Report Id: 1a005470-9a68-11e1-b980-0016d32c3e41 Error - 5/10/2012 9:24:26 AM | Computer Name = Lisa-Laptop | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand [ iolo Applications Events ] Error - 3/18/2012 5:40:06 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 20 Description = Error - 3/21/2012 10:19:45 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 20 Description = Error - 4/28/2012 1:02:52 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 4/29/2012 4:05:33 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/2/2012 3:54:42 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/5/2012 2:30:55 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/8/2012 10:55:33 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/8/2012 6:55:39 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/10/2012 12:55:07 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/10/2012 1:55:44 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = [ Media Center Events ] Error - 2/17/2012 4:47:46 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:47:46 PM - Failed to retrieve Directory (Error: Unable to connect to the remote server) Error - 2/17/2012 4:48:29 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:48:29 PM - Failed to retrieve NetTV (Error: Unable to connect to the remote server) Error - 2/17/2012 4:50:46 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:50:43 PM - Failed to retrieve Broadband (Error: Unable to connect to the remote server) [ System Events ] Error - 5/10/2012 1:17:03 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Active Malware Protection Support Driver service failed to start due to the following error: %%2 Error - 5/10/2012 1:17:03 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 5/10/2012 1:17:38 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 5/10/2012 9:24:09 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. Error - 5/10/2012 11:30:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Active Malware Protection Support Driver service failed to start due to the following error: %%2 Error - 5/10/2012 11:30:12 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 5/10/2012 11:30:31 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = DCOM | ID = 10005 Description = Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 < End of report >
  7. 18:19:10.0870 4472 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 18:19:10.0955 4472 TrustedInstaller - ok 18:19:10.0999 4472 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:19:11.0084 4472 tssecsrv - ok 18:19:11.0112 4472 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 18:19:11.0155 4472 TsUsbFlt - ok 18:19:11.0195 4472 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 18:19:11.0260 4472 tunnel - ok 18:19:11.0316 4472 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 18:19:11.0349 4472 uagp35 - ok 18:19:11.0375 4472 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 18:19:11.0488 4472 udfs - ok 18:19:11.0538 4472 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 18:19:11.0597 4472 UI0Detect - ok 18:19:11.0648 4472 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 18:19:11.0682 4472 uliagpkx - ok 18:19:11.0711 4472 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 18:19:11.0760 4472 umbus - ok 18:19:11.0769 4472 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 18:19:11.0840 4472 UmPass - ok 18:19:11.0889 4472 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 18:19:11.0986 4472 upnphost - ok 18:19:12.0013 4472 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 18:19:12.0072 4472 usbaudio - ok 18:19:12.0102 4472 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 18:19:12.0139 4472 usbccgp - ok 18:19:12.0192 4472 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 18:19:12.0262 4472 usbcir - ok 18:19:12.0298 4472 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 18:19:12.0332 4472 usbehci - ok 18:19:12.0376 4472 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 18:19:12.0432 4472 usbhub - ok 18:19:12.0451 4472 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 18:19:12.0490 4472 usbohci - ok 18:19:12.0505 4472 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 18:19:12.0548 4472 usbprint - ok 18:19:12.0572 4472 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:19:12.0615 4472 USBSTOR - ok 18:19:12.0647 4472 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 18:19:12.0679 4472 usbuhci - ok 18:19:12.0711 4472 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 18:19:12.0765 4472 UxSms - ok 18:19:12.0798 4472 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:19:12.0825 4472 VaultSvc - ok 18:19:12.0864 4472 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 18:19:12.0912 4472 VClone - ok 18:19:12.0934 4472 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 18:19:12.0963 4472 vdrvroot - ok 18:19:13.0035 4472 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 18:19:13.0126 4472 vds - ok 18:19:13.0234 4472 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 18:19:13.0372 4472 vga - ok 18:19:13.0403 4472 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 18:19:13.0480 4472 VgaSave - ok 18:19:13.0521 4472 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 18:19:13.0561 4472 vhdmp - ok 18:19:13.0573 4472 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 18:19:13.0608 4472 viaagp - ok 18:19:13.0647 4472 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 18:19:13.0705 4472 ViaC7 - ok 18:19:13.0714 4472 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 18:19:13.0753 4472 viaide - ok 18:19:13.0777 4472 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 18:19:13.0811 4472 volmgr - ok 18:19:13.0849 4472 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 18:19:13.0890 4472 volmgrx - ok 18:19:14.0187 4472 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 18:19:14.0230 4472 volsnap - ok 18:19:14.0347 4472 vseamps (9ba46ed5fc55ce97aa7bbbe273f1b1e3) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe 18:19:14.0375 4472 vseamps - ok 18:19:14.0399 4472 vsedsps (37708f105e90b0ff29dca7cfdc748c70) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe 18:19:14.0435 4472 vsedsps - ok 18:19:14.0455 4472 vseqrts (994a1ab4cbeb530678f0d27cecee50ac) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe 18:19:14.0492 4472 vseqrts - ok 18:19:14.0518 4472 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 18:19:14.0561 4472 vsmraid - ok 18:19:14.0689 4472 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 18:19:14.0795 4472 VSS - ok 18:19:14.0988 4472 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe 18:19:15.0066 4472 vToolbarUpdater11.0.2 - ok 18:19:15.0252 4472 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 18:19:15.0311 4472 vwifibus - ok 18:19:15.0332 4472 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 18:19:15.0392 4472 vwififlt - ok 18:19:15.0484 4472 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 18:19:15.0579 4472 W32Time - ok 18:19:15.0623 4472 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 18:19:15.0693 4472 WacomPen - ok 18:19:15.0730 4472 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:19:15.0799 4472 WANARP - ok 18:19:15.0804 4472 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:19:15.0857 4472 Wanarpv6 - ok 18:19:16.0001 4472 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 18:19:16.0076 4472 WatAdminSvc - ok 18:19:16.0333 4472 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 18:19:16.0443 4472 wbengine - ok 18:19:16.0493 4472 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 18:19:16.0563 4472 WbioSrvc - ok 18:19:16.0644 4472 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 18:19:16.0700 4472 wcncsvc - ok 18:19:16.0722 4472 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 18:19:16.0769 4472 WcsPlugInService - ok 18:19:16.0841 4472 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 18:19:16.0873 4472 Wd - ok 18:19:16.0943 4472 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:19:17.0001 4472 Wdf01000 - ok 18:19:17.0036 4472 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:19:17.0104 4472 WdiServiceHost - ok 18:19:17.0110 4472 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:19:17.0157 4472 WdiSystemHost - ok 18:19:17.0202 4472 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 18:19:17.0273 4472 WebClient - ok 18:19:17.0308 4472 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 18:19:17.0390 4472 Wecsvc - ok 18:19:17.0412 4472 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 18:19:17.0510 4472 wercplsupport - ok 18:19:17.0557 4472 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 18:19:17.0637 4472 WerSvc - ok 18:19:17.0654 4472 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 18:19:17.0726 4472 WfpLwf - ok 18:19:17.0736 4472 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 18:19:17.0778 4472 WIMMount - ok 18:19:17.0955 4472 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 18:19:18.0025 4472 WinDefend - ok 18:19:18.0046 4472 WinHttpAutoProxySvc - ok 18:19:18.0127 4472 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 18:19:18.0198 4472 Winmgmt - ok 18:19:18.0339 4472 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 18:19:18.0447 4472 WinRM - ok 18:19:18.0533 4472 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 18:19:18.0577 4472 WinUsb - ok 18:19:18.0681 4472 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 18:19:18.0759 4472 Wlansvc - ok 18:19:18.0811 4472 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 18:19:18.0854 4472 WmiAcpi - ok 18:19:18.0951 4472 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 18:19:19.0002 4472 wmiApSrv - ok 18:19:19.0319 4472 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 18:19:19.0381 4472 WMPNetworkSvc - ok 18:19:19.0411 4472 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 18:19:19.0461 4472 WPCSvc - ok 18:19:19.0487 4472 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 18:19:19.0530 4472 WPDBusEnum - ok 18:19:19.0580 4472 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 18:19:19.0660 4472 ws2ifsl - ok 18:19:19.0688 4472 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 18:19:19.0735 4472 wscsvc - ok 18:19:19.0747 4472 WSearch - ok 18:19:19.0973 4472 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 18:19:20.0104 4472 wuauserv - ok 18:19:20.0324 4472 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 18:19:20.0426 4472 WudfPf - ok 18:19:20.0459 4472 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:19:20.0551 4472 WUDFRd - ok 18:19:20.0599 4472 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 18:19:20.0668 4472 wudfsvc - ok 18:19:20.0712 4472 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 18:19:20.0762 4472 WwanSvc - ok 18:19:20.0817 4472 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:19:20.0947 4472 \Device\Harddisk0\DR0 - ok 18:19:20.0954 4472 Boot (0x1200) (fc87a77144c2c9bbd193e73e85271ab5) \Device\Harddisk0\DR0\Partition0 18:19:20.0957 4472 \Device\Harddisk0\DR0\Partition0 - ok 18:19:20.0993 4472 Boot (0x1200) (9fd42e7874f4598901b6bc40a91fec92) \Device\Harddisk0\DR0\Partition1 18:19:20.0996 4472 \Device\Harddisk0\DR0\Partition1 - ok 18:19:20.0996 4472 ============================================================ 18:19:20.0996 4472 Scan finished 18:19:20.0996 4472 ============================================================ 18:19:21.0025 0620 Detected object count: 6 18:19:21.0025 0620 Actual detected object count: 6 18:19:37.0521 0620 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0521 0620 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:19:37.0521 0620 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0521 0620 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:19:37.0531 0620 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0531 0620 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:19:37.0541 0620 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0541 0620 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:19:37.0541 0620 QBVSS ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0541 0620 QBVSS ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:19:37.0541 0620 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 18:19:37.0541 0620 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:57:50.0058 4924 ============================================================ 19:57:50.0058 4924 Scan started 19:57:50.0058 4924 Mode: Manual; SigCheck; TDLFS; 19:57:50.0058 4924 ============================================================ 19:57:50.0923 4924 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 19:57:50.0978 4924 1394ohci - ok 19:57:51.0044 4924 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 19:57:51.0086 4924 ACPI - ok 19:57:51.0094 4924 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 19:57:51.0131 4924 AcpiPmi - ok 19:57:51.0190 4924 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys 19:57:51.0227 4924 ADIHdAudAddService - ok 19:57:51.0354 4924 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 19:57:51.0382 4924 AdobeARMservice - ok 19:57:51.0461 4924 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 19:57:51.0506 4924 adp94xx - ok 19:57:51.0544 4924 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 19:57:51.0585 4924 adpahci - ok 19:57:51.0605 4924 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 19:57:51.0641 4924 adpu320 - ok 19:57:51.0674 4924 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE 19:57:51.0694 4924 AEADIFilters - ok 19:57:51.0734 4924 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 19:57:51.0794 4924 AeLookupSvc - ok 19:57:51.0854 4924 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 19:57:51.0894 4924 AFD - ok 19:57:51.0904 4924 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 19:57:51.0944 4924 agp440 - ok 19:57:51.0984 4924 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 19:57:52.0014 4924 aic78xx - ok 19:57:52.0044 4924 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 19:57:52.0074 4924 ALG - ok 19:57:52.0094 4924 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 19:57:52.0124 4924 aliide - ok 19:57:52.0154 4924 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 19:57:52.0184 4924 amdagp - ok 19:57:52.0194 4924 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 19:57:52.0224 4924 amdide - ok 19:57:52.0234 4924 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 19:57:52.0274 4924 AmdK8 - ok 19:57:52.0284 4924 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 19:57:52.0314 4924 AmdPPM - ok 19:57:52.0354 4924 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 19:57:52.0384 4924 amdsata - ok 19:57:52.0434 4924 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 19:57:52.0474 4924 amdsbs - ok 19:57:52.0504 4924 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 19:57:52.0534 4924 amdxata - ok 19:57:52.0624 4924 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\Drivers\amp.sys 19:57:52.0654 4924 AMP - ok 19:57:52.0783 4924 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\Drivers\ampse.sys 19:57:52.0851 4924 AMPSE - ok 19:57:52.0871 4924 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 19:57:52.0938 4924 AppID - ok 19:57:52.0963 4924 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 19:57:53.0028 4924 AppIDSvc - ok 19:57:53.0063 4924 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 19:57:53.0128 4924 Appinfo - ok 19:57:53.0149 4924 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 19:57:53.0181 4924 arc - ok 19:57:53.0193 4924 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 19:57:53.0225 4924 arcsas - ok 19:57:53.0363 4924 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 19:57:53.0389 4924 aspnet_state - ok 19:57:53.0419 4924 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 19:57:53.0488 4924 AsyncMac - ok 19:57:53.0522 4924 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 19:57:53.0557 4924 atapi - ok 19:57:53.0693 4924 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys 19:57:53.0749 4924 athr - ok 19:57:53.0821 4924 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 19:57:53.0895 4924 AudioEndpointBuilder - ok 19:57:53.0908 4924 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 19:57:53.0987 4924 Audiosrv - ok 19:57:54.0210 4924 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys 19:57:54.0231 4924 Avgfwfd - ok 19:57:54.0692 4924 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files\AVG\AVG2012\avgfws.exe 19:57:54.0810 4924 avgfws - ok 19:57:55.0306 4924 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe 19:57:55.0518 4924 AVGIDSAgent - ok 19:57:55.0717 4924 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 19:57:55.0743 4924 AVGIDSDriver - ok 19:57:55.0765 4924 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 19:57:55.0789 4924 AVGIDSFilter - ok 19:57:55.0806 4924 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 19:57:55.0833 4924 AVGIDSHX - ok 19:57:55.0858 4924 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 19:57:55.0880 4924 AVGIDSShim - ok 19:57:55.0925 4924 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 19:57:55.0957 4924 Avgldx86 - ok 19:57:55.0978 4924 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 19:57:56.0004 4924 Avgmfx86 - ok 19:57:56.0057 4924 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 19:57:56.0080 4924 Avgrkx86 - ok 19:57:56.0148 4924 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 19:57:56.0187 4924 Avgtdix - ok 19:57:56.0414 4924 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 19:57:56.0442 4924 avgwd - ok 19:57:56.0492 4924 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 19:57:56.0532 4924 AxInstSV - ok 19:57:56.0612 4924 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 19:57:56.0662 4924 b06bdrv - ok 19:57:56.0711 4924 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 19:57:56.0748 4924 b57nd60x - ok 19:57:56.0781 4924 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 19:57:56.0814 4924 BDESVC - ok 19:57:56.0827 4924 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 19:57:56.0902 4924 Beep - ok 19:57:56.0973 4924 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 19:57:57.0049 4924 BFE - ok 19:57:57.0128 4924 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 19:57:57.0215 4924 BITS - ok 19:57:57.0233 4924 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 19:57:57.0266 4924 blbdrive - ok 19:57:57.0308 4924 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 19:57:57.0360 4924 bowser - ok 19:57:57.0381 4924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:57:57.0421 4924 BrFiltLo - ok 19:57:57.0428 4924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:57:57.0468 4924 BrFiltUp - ok 19:57:57.0509 4924 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 19:57:57.0574 4924 Browser - ok 19:57:57.0632 4924 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 19:57:57.0673 4924 Brserid - ok 19:57:57.0685 4924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 19:57:57.0725 4924 BrSerWdm - ok 19:57:57.0733 4924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:57:57.0773 4924 BrUsbMdm - ok 19:57:57.0781 4924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 19:57:57.0819 4924 BrUsbSer - ok 19:57:57.0829 4924 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 19:57:57.0871 4924 BTHMODEM - ok 19:57:57.0889 4924 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 19:57:57.0961 4924 bthserv - ok 19:57:57.0984 4924 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 19:57:58.0056 4924 cdfs - ok 19:57:58.0096 4924 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 19:57:58.0134 4924 cdrom - ok 19:57:58.0172 4924 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 19:57:58.0237 4924 CertPropSvc - ok 19:57:58.0247 4924 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 19:57:58.0286 4924 circlass - ok 19:57:58.0343 4924 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 19:57:58.0382 4924 CLFS - ok 19:57:58.0460 4924 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:57:58.0490 4924 clr_optimization_v2.0.50727_32 - ok 19:57:58.0590 4924 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:57:58.0620 4924 clr_optimization_v4.0.30319_32 - ok 19:57:58.0640 4924 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 19:57:58.0670 4924 CmBatt - ok 19:57:58.0680 4924 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 19:57:58.0717 4924 cmdide - ok 19:57:58.0766 4924 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 19:57:58.0826 4924 CNG - ok 19:57:58.0859 4924 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 19:57:58.0892 4924 Compbatt - ok 19:57:58.0933 4924 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 19:57:58.0970 4924 CompositeBus - ok 19:57:58.0977 4924 COMSysApp - ok 19:57:59.0015 4924 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 19:57:59.0045 4924 crcdisk - ok 19:57:59.0091 4924 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 19:57:59.0162 4924 CryptSvc - ok 19:57:59.0232 4924 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 19:57:59.0309 4924 DcomLaunch - ok 19:57:59.0346 4924 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 19:57:59.0434 4924 defragsvc - ok 19:57:59.0471 4924 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 19:57:59.0536 4924 DfsC - ok 19:57:59.0567 4924 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys 19:57:59.0578 4924 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 19:57:59.0578 4924 DgiVecp - detected UnsignedFile.Multi.Generic (1) 19:57:59.0616 4924 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 19:57:59.0688 4924 Dhcp - ok 19:57:59.0712 4924 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 19:57:59.0780 4924 discache - ok 19:57:59.0805 4924 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 19:57:59.0837 4924 Disk - ok 19:57:59.0870 4924 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 19:57:59.0934 4924 Dnscache - ok 19:57:59.0983 4924 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 19:58:00.0054 4924 dot3svc - ok 19:58:00.0099 4924 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 19:58:00.0166 4924 DPS - ok 19:58:00.0201 4924 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 19:58:00.0236 4924 drmkaud - ok 19:58:00.0341 4924 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 19:58:00.0404 4924 DXGKrnl - ok 19:58:00.0446 4924 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 19:58:00.0517 4924 EapHost - ok 19:58:00.0823 4924 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 19:58:00.0959 4924 ebdrv - ok 19:58:01.0140 4924 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 19:58:01.0195 4924 EFS - ok 19:58:01.0323 4924 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 19:58:01.0374 4924 ehRecvr - ok 19:58:01.0411 4924 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 19:58:01.0451 4924 ehSched - ok 19:58:01.0495 4924 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 19:58:01.0525 4924 ElbyCDIO - ok 19:58:01.0561 4924 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys 19:58:01.0589 4924 ElRawDisk - ok 19:58:01.0665 4924 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 19:58:01.0721 4924 elxstor - ok 19:58:01.0752 4924 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 19:58:01.0786 4924 ErrDev - ok 19:58:01.0848 4924 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 19:58:01.0925 4924 EventSystem - ok 19:58:01.0959 4924 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 19:58:02.0032 4924 exfat - ok 19:58:02.0074 4924 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 19:58:02.0146 4924 fastfat - ok 19:58:02.0232 4924 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 19:58:02.0303 4924 Fax - ok 19:58:02.0311 4924 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 19:58:02.0348 4924 fdc - ok 19:58:02.0374 4924 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 19:58:02.0438 4924 fdPHost - ok 19:58:02.0458 4924 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 19:58:02.0528 4924 FDResPub - ok 19:58:02.0538 4924 FileDisk - ok 19:58:02.0558 4924 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 19:58:02.0588 4924 FileInfo - ok 19:58:02.0608 4924 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 19:58:02.0678 4924 Filetrace - ok 19:58:02.0688 4924 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 19:58:02.0731 4924 flpydisk - ok 19:58:02.0766 4924 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 19:58:02.0804 4924 FltMgr - ok 19:58:02.0900 4924 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 19:58:02.0981 4924 FontCache - ok 19:58:03.0075 4924 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:58:03.0101 4924 FontCache3.0.0.0 - ok 19:58:03.0135 4924 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 19:58:03.0167 4924 FsDepends - ok 19:58:03.0208 4924 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 19:58:03.0241 4924 Fs_Rec - ok 19:58:03.0287 4924 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 19:58:03.0332 4924 fvevol - ok 19:58:03.0364 4924 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 19:58:03.0396 4924 gagp30kx - ok 19:58:03.0487 4924 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 19:58:03.0566 4924 gpsvc - ok 19:58:03.0575 4924 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 19:58:03.0608 4924 hcw85cir - ok 19:58:03.0666 4924 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 19:58:03.0727 4924 HdAudAddService - ok 19:58:03.0769 4924 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 19:58:03.0808 4924 HDAudBus - ok 19:58:03.0816 4924 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 19:58:03.0853 4924 HidBatt - ok 19:58:03.0866 4924 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 19:58:03.0909 4924 HidBth - ok 19:58:03.0919 4924 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 19:58:03.0959 4924 HidIr - ok 19:58:03.0988 4924 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 19:58:04.0057 4924 hidserv - ok 19:58:04.0092 4924 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 19:58:04.0124 4924 HidUsb - ok 19:58:04.0171 4924 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 19:58:04.0241 4924 hkmsvc - ok 19:58:04.0281 4924 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 19:58:04.0343 4924 HomeGroupListener - ok 19:58:04.0396 4924 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 19:58:04.0430 4924 HomeGroupProvider - ok 19:58:04.0440 4924 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 19:58:04.0480 4924 HpSAMD - ok 19:58:04.0560 4924 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 19:58:04.0650 4924 HTTP - ok 19:58:04.0680 4924 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 19:58:04.0710 4924 hwpolicy - ok 19:58:04.0746 4924 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 19:58:04.0780 4924 i8042prt - ok 19:58:04.0850 4924 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 19:58:04.0895 4924 iaStorV - ok 19:58:04.0945 4924 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 19:58:04.0971 4924 IBMPMDRV - ok 19:58:04.0994 4924 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\Windows\system32\ibmpmsvc.exe 19:58:05.0019 4924 IBMPMSVC - ok 19:58:05.0160 4924 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:58:05.0224 4924 idsvc - ok 19:58:05.0681 4924 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys 19:58:05.0880 4924 igfx - ok 19:58:06.0068 4924 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 19:58:06.0100 4924 iirsp - ok 19:58:06.0195 4924 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 19:58:06.0278 4924 IKEEXT - ok 19:58:06.0325 4924 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 19:58:06.0357 4924 intelide - ok 19:58:06.0375 4924 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 19:58:06.0412 4924 intelppm - ok 19:58:06.0566 4924 ioloSystemService (8c2d445f874cb05773b813ed853607cf) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe 19:58:06.0622 4924 ioloSystemService - ok 19:58:06.0667 4924 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 19:58:06.0738 4924 IPBusEnum - ok 19:58:06.0749 4924 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:58:06.0826 4924 IpFilterDriver - ok 19:58:06.0902 4924 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 19:58:06.0980 4924 iphlpsvc - ok 19:58:06.0992 4924 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 19:58:07.0029 4924 IPMIDRV - ok 19:58:07.0043 4924 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 19:58:07.0113 4924 IPNAT - ok 19:58:07.0128 4924 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 19:58:07.0168 4924 IRENUM - ok 19:58:07.0199 4924 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 19:58:07.0231 4924 isapnp - ok 19:58:07.0267 4924 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 19:58:07.0308 4924 iScsiPrt - ok 19:58:07.0340 4924 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 19:58:07.0371 4924 kbdclass - ok 19:58:07.0391 4924 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 19:58:07.0427 4924 kbdhid - ok 19:58:07.0457 4924 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 19:58:07.0495 4924 KeyIso - ok 19:58:07.0512 4924 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 19:58:07.0547 4924 KSecDD - ok 19:58:07.0571 4924 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 19:58:07.0607 4924 KSecPkg - ok 19:58:07.0679 4924 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 19:58:07.0760 4924 KtmRm - ok 19:58:07.0806 4924 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 19:58:07.0881 4924 LanmanServer - ok 19:58:07.0918 4924 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 19:58:07.0988 4924 LanmanWorkstation - ok 19:58:08.0025 4924 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 19:58:08.0098 4924 lltdio - ok 19:58:08.0146 4924 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 19:58:08.0222 4924 lltdsvc - ok 19:58:08.0251 4924 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 19:58:08.0317 4924 lmhosts - ok 19:58:08.0343 4924 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 19:58:08.0378 4924 LSI_FC - ok 19:58:08.0392 4924 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 19:58:08.0426 4924 LSI_SAS - ok 19:58:08.0456 4924 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:58:08.0496 4924 LSI_SAS2 - ok 19:58:08.0506 4924 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:58:08.0546 4924 LSI_SCSI - ok 19:58:08.0576 4924 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 19:58:08.0646 4924 luafv - ok 19:58:08.0696 4924 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 19:58:08.0730 4924 MBAMProtector - ok 19:58:08.0891 4924 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 19:58:08.0952 4924 MBAMService - ok 19:58:09.0004 4924 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 19:58:09.0040 4924 Mcx2Svc - ok 19:58:09.0134 4924 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 19:58:09.0152 4924 MDM ( UnsignedFile.Multi.Generic ) - warning 19:58:09.0152 4924 MDM - detected UnsignedFile.Multi.Generic (1) 19:58:09.0193 4924 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 19:58:09.0224 4924 megasas - ok 19:58:09.0254 4924 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 19:58:09.0294 4924 MegaSR - ok 19:58:09.0381 4924 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 19:58:09.0408 4924 Microsoft Office Groove Audit Service - ok 19:58:09.0442 4924 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 19:58:09.0516 4924 MMCSS - ok 19:58:09.0547 4924 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 19:58:09.0621 4924 Modem - ok 19:58:09.0672 4924 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 19:58:09.0708 4924 monitor - ok 19:58:09.0746 4924 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 19:58:09.0777 4924 mouclass - ok 19:58:09.0789 4924 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 19:58:09.0824 4924 mouhid - ok 19:58:09.0847 4924 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 19:58:09.0881 4924 mountmgr - ok 19:58:09.0909 4924 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 19:58:09.0947 4924 mpio - ok 19:58:09.0991 4924 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 19:58:10.0055 4924 mpsdrv - ok 19:58:10.0133 4924 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 19:58:10.0213 4924 MpsSvc - ok 19:58:10.0245 4924 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 19:58:10.0304 4924 MRxDAV - ok 19:58:10.0355 4924 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:58:10.0412 4924 mrxsmb - ok 19:58:10.0460 4924 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:58:10.0500 4924 mrxsmb10 - ok 19:58:10.0520 4924 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:58:10.0550 4924 mrxsmb20 - ok 19:58:10.0560 4924 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 19:58:10.0600 4924 msahci - ok 19:58:10.0610 4924 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 19:58:10.0650 4924 msdsm - ok 19:58:10.0700 4924 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 19:58:10.0742 4924 MSDTC - ok 19:58:10.0795 4924 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 19:58:10.0863 4924 Msfs - ok 19:58:10.0885 4924 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 19:58:10.0953 4924 mshidkmdf - ok 19:58:10.0986 4924 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 19:58:11.0017 4924 msisadrv - ok 19:58:11.0062 4924 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 19:58:11.0133 4924 MSiSCSI - ok 19:58:11.0140 4924 msiserver - ok 19:58:11.0164 4924 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 19:58:11.0235 4924 MSKSSRV - ok 19:58:11.0242 4924 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 19:58:11.0312 4924 MSPCLOCK - ok 19:58:11.0320 4924 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 19:58:11.0392 4924 MSPQM - ok 19:58:11.0434 4924 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 19:58:11.0472 4924 MsRPC - ok 19:58:11.0493 4924 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 19:58:11.0525 4924 mssmbios - ok 19:58:11.0532 4924 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 19:58:11.0606 4924 MSTEE - ok 19:58:11.0616 4924 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 19:58:11.0653 4924 MTConfig - ok 19:58:11.0673 4924 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 19:58:11.0706 4924 Mup - ok 19:58:11.0763 4924 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 19:58:11.0837 4924 napagent - ok 19:58:11.0875 4924 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 19:58:11.0922 4924 NativeWifiP - ok 19:58:12.0024 4924 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 19:58:12.0086 4924 NDIS - ok 19:58:12.0095 4924 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 19:58:12.0165 4924 NdisCap - ok 19:58:12.0181 4924 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 19:58:12.0247 4924 NdisTapi - ok 19:58:12.0280 4924 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 19:58:12.0344 4924 Ndisuio - ok 19:58:12.0366 4924 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 19:58:12.0432 4924 NdisWan - ok 19:58:12.0462 4924 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 19:58:12.0532 4924 NDProxy - ok 19:58:12.0572 4924 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 19:58:12.0642 4924 NetBIOS - ok 19:58:12.0682 4924 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 19:58:12.0752 4924 NetBT - ok 19:58:12.0778 4924 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 19:58:12.0810 4924 Netlogon - ok 19:58:12.0862 4924 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 19:58:12.0949 4924 Netman - ok 19:58:13.0081 4924 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:58:13.0108 4924 NetMsmqActivator - ok 19:58:13.0116 4924 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:58:13.0148 4924 NetPipeActivator - ok 19:58:13.0207 4924 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 19:58:13.0289 4924 netprofm - ok 19:58:13.0297 4924 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:58:13.0331 4924 NetTcpActivator - ok 19:58:13.0339 4924 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:58:13.0374 4924 NetTcpPortSharing - ok 19:58:13.0415 4924 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 19:58:13.0447 4924 nfrd960 - ok 19:58:13.0504 4924 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 19:58:13.0574 4924 NlaSvc - ok 19:58:13.0590 4924 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 19:58:13.0664 4924 Npfs - ok 19:58:13.0698 4924 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 19:58:13.0767 4924 nsi - ok 19:58:13.0798 4924 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 19:58:13.0864 4924 nsiproxy - ok 19:58:14.0009 4924 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 19:58:14.0110 4924 Ntfs - ok 19:58:14.0125 4924 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 19:58:14.0195 4924 Null - ok 19:58:14.0245 4924 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 19:58:14.0280 4924 nvraid - ok 19:58:14.0297 4924 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 19:58:14.0334 4924 nvstor - ok 19:58:14.0395 4924 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 19:58:14.0441 4924 nv_agp - ok 19:58:14.0596 4924 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:58:14.0636 4924 odserv - ok 19:58:14.0666 4924 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 19:58:14.0706 4924 ohci1394 - ok 19:58:14.0755 4924 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:58:14.0786 4924 ose - ok 19:58:14.0843 4924 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 19:58:14.0907 4924 p2pimsvc - ok 19:58:14.0958 4924 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 19:58:14.0998 4924 p2psvc - ok 19:58:15.0037 4924 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 19:58:15.0071 4924 Parport - ok 19:58:15.0099 4924 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 19:58:15.0132 4924 partmgr - ok 19:58:15.0157 4924 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 19:58:15.0191 4924 Parvdm - ok 19:58:15.0230 4924 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 19:58:15.0275 4924 PcaSvc - ok 19:58:15.0307 4924 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 19:58:15.0343 4924 pci - ok 19:58:15.0351 4924 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 19:58:15.0384 4924 pciide - ok 19:58:15.0417 4924 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 19:58:15.0457 4924 pcmcia - ok 19:58:15.0476 4924 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 19:58:15.0510 4924 pcw - ok 19:58:15.0585 4924 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 19:58:15.0673 4924 PEAUTH - ok 19:58:15.0998 4924 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 19:58:16.0170 4924 pla - ok 19:58:16.0365 4924 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 19:58:16.0431 4924 PlugPlay - ok 19:58:16.0466 4924 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 19:58:16.0506 4924 PNRPAutoReg - ok 19:58:16.0546 4924 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 19:58:16.0586 4924 PNRPsvc - ok 19:58:16.0646 4924 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 19:58:16.0716 4924 PolicyAgent - ok 19:58:16.0777 4924 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 19:58:16.0848 4924 Power - ok 19:58:16.0899 4924 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 19:58:16.0971 4924 PptpMiniport - ok 19:58:17.0009 4924 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 19:58:17.0042 4924 Processor - ok 19:58:17.0098 4924 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 19:58:17.0167 4924 ProfSvc - ok 19:58:17.0191 4924 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 19:58:17.0222 4924 ProtectedStorage - ok 19:58:17.0247 4924 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 19:58:17.0316 4924 Psched - ok 19:58:17.0453 4924 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 19:58:17.0548 4924 ql2300 - ok 19:58:17.0729 4924 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 19:58:17.0769 4924 ql40xx - ok 19:58:17.0819 4924 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 19:58:17.0869 4924 QWAVE - ok 19:58:17.0889 4924 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 19:58:17.0929 4924 QWAVEdrv - ok 19:58:17.0939 4924 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 19:58:18.0009 4924 RasAcd - ok 19:58:18.0059 4924 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:58:18.0119 4924 RasAgileVpn - ok 19:58:18.0149 4924 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 19:58:18.0219 4924 RasAuto - ok 19:58:18.0259 4924 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:58:18.0329 4924 Rasl2tp - ok 19:58:18.0379 4924 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 19:58:18.0459 4924 RasMan - ok 19:58:18.0479 4924 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 19:58:18.0549 4924 RasPppoe - ok 19:58:18.0579 4924 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 19:58:18.0639 4924 RasSstp - ok 19:58:18.0699 4924 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 19:58:18.0770 4924 rdbss - ok 19:58:18.0779 4924 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 19:58:18.0821 4924 rdpbus - ok 19:58:18.0857 4924 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:58:18.0921 4924 RDPCDD - ok 19:58:18.0936 4924 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 19:58:19.0004 4924 RDPENCDD - ok 19:58:19.0020 4924 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 19:58:19.0086 4924 RDPREFMP - ok 19:58:19.0140 4924 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 19:58:19.0190 4924 RDPWD - ok 19:58:19.0242 4924 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 19:58:19.0281 4924 rdyboost - ok 19:58:19.0314 4924 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 19:58:19.0382 4924 RemoteAccess - ok 19:58:19.0419 4924 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 19:58:19.0496 4924 RemoteRegistry - ok 19:58:19.0524 4924 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 19:58:19.0597 4924 RpcEptMapper - ok 19:58:19.0614 4924 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 19:58:19.0654 4924 RpcLocator - ok 19:58:19.0712 4924 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 19:58:19.0785 4924 RpcSs - ok 19:58:19.0825 4924 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 19:58:19.0905 4924 rspndr - ok 19:58:19.0925 4924 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 19:58:19.0965 4924 SamSs - ok 19:58:20.0015 4924 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 19:58:20.0055 4924 sbp2port - ok 19:58:20.0065 4924 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 19:58:20.0145 4924 SCardSvr - ok 19:58:20.0185 4924 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 19:58:20.0255 4924 scfilter - ok 19:58:20.0335 4924 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 19:58:20.0425 4924 Schedule - ok 19:58:20.0465 4924 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 19:58:20.0535 4924 SCPolicySvc - ok 19:58:20.0585 4924 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 19:58:20.0635 4924 SDRSVC - ok 19:58:20.0665 4924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:58:20.0742 4924 secdrv - ok 19:58:20.0774 4924 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 19:58:20.0846 4924 seclogon - ok 19:58:20.0868 4924 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 19:58:20.0940 4924 SENS - ok 19:58:20.0978 4924 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 19:58:21.0057 4924 SensrSvc - ok 19:58:21.0066 4924 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 19:58:21.0099 4924 Serenum - ok 19:58:21.0138 4924 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 19:58:21.0176 4924 Serial - ok 19:58:21.0185 4924 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 19:58:21.0224 4924 sermouse - ok 19:58:21.0272 4924 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 19:58:21.0342 4924 SessionEnv - ok 19:58:21.0379 4924 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 19:58:21.0419 4924 sffdisk - ok 19:58:21.0428 4924 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 19:58:21.0469 4924 sffp_mmc - ok 19:58:21.0504 4924 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 19:58:21.0552 4924 sffp_sd - ok 19:58:21.0560 4924 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 19:58:21.0596 4924 sfloppy - ok 19:58:21.0655 4924 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 19:58:21.0728 4924 SharedAccess - ok 19:58:21.0788 4924 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 19:58:21.0868 4924 ShellHWDetection - ok 19:58:21.0918 4924 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 19:58:21.0948 4924 sisagp - ok 19:58:21.0968 4924 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:58:21.0998 4924 SiSRaid2 - ok 19:58:22.0018 4924 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 19:58:22.0058 4924 SiSRaid4 - ok 19:58:22.0088 4924 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 19:58:22.0158 4924 Smb - ok 19:58:22.0208 4924 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 19:58:22.0248 4924 SNMPTRAP - ok 19:58:22.0268 4924 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 19:58:22.0308 4924 spldr - ok 19:58:22.0368 4924 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 19:58:22.0443 4924 Spooler - ok 19:58:22.0766 4924 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 19:58:23.0000 4924 sppsvc - ok 19:58:23.0237 4924 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 19:58:23.0308 4924 sppuinotify - ok 19:58:23.0383 4924 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 19:58:23.0448 4924 srv - ok 19:58:23.0493 4924 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 19:58:23.0533 4924 srv2 - ok 19:58:23.0575 4924 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 19:58:23.0609 4924 srvnet - ok 19:58:23.0649 4924 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 19:58:23.0725 4924 SSDPSRV - ok 19:58:23.0754 4924 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 19:58:23.0764 4924 SSPORT ( UnsignedFile.Multi.Generic ) - warning 19:58:23.0764 4924 SSPORT - detected UnsignedFile.Multi.Generic (1) 19:58:23.0794 4924 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 19:58:23.0864 4924 SstpSvc - ok 19:58:23.0924 4924 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 19:58:23.0954 4924 stexstor - ok 19:58:24.0044 4924 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 19:58:24.0104 4924 StiSvc - ok 19:58:24.0134 4924 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 19:58:24.0164 4924 swenum - ok 19:58:24.0224 4924 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 19:58:24.0314 4924 swprv - ok 19:58:24.0374 4924 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys 19:58:24.0399 4924 SynTP - ok 19:58:24.0545 4924 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 19:58:24.0621 4924 SysMain - ok 19:58:24.0648 4924 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 19:58:24.0695 4924 TabletInputService - ok 19:58:24.0738 4924 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 19:58:24.0814 4924 TapiSrv - ok 19:58:24.0864 4924 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 19:58:24.0937 4924 TBS - ok 19:58:25.0107 4924 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 19:58:25.0219 4924 Tcpip - ok 19:58:25.0247 4924 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 19:58:25.0325 4924 TCPIP6 - ok 19:58:25.0380 4924 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 19:58:25.0444 4924 tcpipreg - ok 19:58:25.0487 4924 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 19:58:25.0519 4924 TDPIPE - ok 19:58:25.0555 4924 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 19:58:25.0587 4924 TDTCP - ok 19:58:25.0636 4924 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 19:58:25.0702 4924 tdx - ok 19:58:25.0735 4924 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 19:58:25.0765 4924 TermDD - ok 19:58:25.0825 4924 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 19:58:25.0915 4924 TermService - ok 19:58:25.0955 4924 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 19:58:25.0995 4924 Themes - ok 19:58:26.0035 4924 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 19:58:26.0105 4924 THREADORDER - ok 19:58:26.0145 4924 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys 19:58:26.0185 4924 TPM - ok 19:58:26.0215 4924 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 19:58:26.0285 4924 TrkWks - ok 19:58:26.0355 4924 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 19:58:26.0425 4924 TrustedInstaller - ok 19:58:26.0445 4924 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:58:26.0515 4924 tssecsrv - ok 19:58:26.0535 4924 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 19:58:26.0595 4924 TsUsbFlt - ok 19:58:26.0645 4924 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 19:58:26.0715 4924 tunnel - ok 19:58:26.0759 4924 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 19:58:26.0792 4924 uagp35 - ok 19:58:26.0816 4924 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 19:58:26.0890 4924 udfs - ok 19:58:26.0937 4924 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 19:58:26.0975 4924 UI0Detect - ok 19:58:27.0025 4924 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 19:58:27.0058 4924 uliagpkx - ok 19:58:27.0088 4924 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 19:58:27.0122 4924 umbus - ok 19:58:27.0130 4924 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 19:58:27.0165 4924 UmPass - ok 19:58:27.0219 4924 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 19:58:27.0299 4924 upnphost - ok 19:58:27.0320 4924 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 19:58:27.0363 4924 usbaudio - ok 19:58:27.0386 4924 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 19:58:27.0446 4924 usbccgp - ok 19:58:27.0503 4924 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 19:58:27.0542 4924 usbcir - ok 19:58:27.0595 4924 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 19:58:27.0627 4924 usbehci - ok 19:58:27.0664 4924 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 19:58:27.0703 4924 usbhub - ok 19:58:27.0718 4924 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 19:58:27.0751 4924 usbohci - ok 19:58:27.0761 4924 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 19:58:27.0801 4924 usbprint - ok 19:58:27.0821 4924 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:58:27.0881 4924 USBSTOR - ok 19:58:27.0931 4924 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 19:58:27.0961 4924 usbuhci - ok 19:58:27.0981 4924 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 19:58:28.0051 4924 UxSms - ok 19:58:28.0081 4924 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 19:58:28.0121 4924 VaultSvc - ok 19:58:28.0151 4924 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys 19:58:28.0201 4924 VClone - ok 19:58:28.0231 4924 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 19:58:28.0271 4924 vdrvroot - ok 19:58:28.0341 4924 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 19:58:28.0451 4924 vds - ok 19:58:28.0481 4924 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 19:58:28.0521 4924 vga - ok 19:58:28.0541 4924 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 19:58:28.0621 4924 VgaSave - ok 19:58:28.0661 4924 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 19:58:28.0711 4924 vhdmp - ok 19:58:28.0741 4924 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 19:58:28.0771 4924 viaagp - ok 19:58:28.0791 4924 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 19:58:28.0831 4924 ViaC7 - ok 19:58:28.0841 4924 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 19:58:28.0871 4924 viaide - ok 19:58:28.0911 4924 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 19:58:28.0941 4924 volmgr - ok 19:58:28.0981 4924 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 19:58:29.0031 4924 volmgrx - ok 19:58:29.0061 4924 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 19:58:29.0101 4924 volsnap - ok 19:58:29.0231 4924 vseamps (9ba46ed5fc55ce97aa7bbbe273f1b1e3) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe 19:58:29.0261 4924 vseamps - ok 19:58:29.0291 4924 vsedsps (37708f105e90b0ff29dca7cfdc748c70) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe 19:58:29.0321 4924 vsedsps - ok 19:58:29.0351 4924 vseqrts (994a1ab4cbeb530678f0d27cecee50ac) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe 19:58:29.0391 4924 vseqrts - ok 19:58:29.0431 4924 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 19:58:29.0471 4924 vsmraid - ok 19:58:29.0611 4924 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 19:58:29.0711 4924 VSS - ok 19:58:29.0871 4924 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe 19:58:29.0951 4924 vToolbarUpdater11.0.2 - ok 19:58:30.0141 4924 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 19:58:30.0181 4924 vwifibus - ok 19:58:30.0191 4924 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 19:58:30.0241 4924 vwififlt - ok 19:58:30.0281 4924 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 19:58:30.0411 4924 W32Time - ok 19:58:30.0461 4924 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 19:58:30.0501 4924 WacomPen - ok 19:58:30.0551 4924 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 19:58:30.0631 4924 WANARP - ok 19:58:30.0641 4924 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 19:58:30.0711 4924 Wanarpv6 - ok 19:58:30.0961 4924 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 19:58:31.0051 4924 WatAdminSvc - ok 19:58:31.0251 4924 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 19:58:31.0361 4924 wbengine - ok 19:58:31.0431 4924 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 19:58:31.0481 4924 WbioSrvc - ok 19:58:31.0541 4924 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 19:58:31.0591 4924 wcncsvc - ok 19:58:31.0621 4924 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 19:58:31.0671 4924 WcsPlugInService - ok 19:58:31.0781 4924 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 19:58:31.0821 4924 Wd - ok 19:58:32.0201 4924 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 19:58:32.0261 4924 Wdf01000 - ok 19:58:32.0301 4924 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 19:58:32.0351 4924 WdiServiceHost - ok 19:58:32.0361 4924 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 19:58:32.0391 4924 WdiSystemHost - ok 19:58:32.0461 4924 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 19:58:32.0511 4924 WebClient - ok 19:58:32.0531 4924 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 19:58:32.0601 4924 Wecsvc - ok 19:58:32.0621 4924 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 19:58:32.0661 4924 wercplsupport - ok 19:58:32.0691 4924 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 19:58:32.0751 4924 WerSvc - ok 19:58:32.0771 4924 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 19:58:32.0821 4924 WfpLwf - ok 19:58:32.0831 4924 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 19:58:32.0851 4924 WIMMount - ok 19:58:33.0031 4924 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 19:58:33.0071 4924 WinDefend - ok 19:58:33.0081 4924 WinHttpAutoProxySvc - ok 19:58:33.0171 4924 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 19:58:33.0241 4924 Winmgmt - ok 19:58:33.0381 4924 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 19:58:33.0519 4924 WinRM - ok 19:58:33.0600 4924 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 19:58:33.0663 4924 WinUsb - ok 19:58:33.0775 4924 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 19:58:33.0841 4924 Wlansvc - ok 19:58:33.0890 4924 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 19:58:33.0924 4924 WmiAcpi - ok 19:58:34.0018 4924 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 19:58:34.0053 4924 wmiApSrv - ok 19:58:34.0284 4924 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 19:58:34.0347 4924 WMPNetworkSvc - ok 19:58:34.0379 4924 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 19:58:34.0420 4924 WPCSvc - ok 19:58:34.0455 4924 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 19:58:34.0495 4924 WPDBusEnum - ok 19:58:34.0545 4924 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 19:58:34.0615 4924 ws2ifsl - ok 19:58:34.0645 4924 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 19:58:34.0695 4924 wscsvc - ok 19:58:34.0705 4924 WSearch - ok 19:58:35.0095 4924 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 19:58:35.0225 4924 wuauserv - ok 19:58:35.0385 4924 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 19:58:35.0455 4924 WudfPf - ok 19:58:35.0495 4924 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:58:35.0571 4924 WUDFRd - ok 19:58:35.0611 4924 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 19:58:35.0707 4924 wudfsvc - ok 19:58:35.0775 4924 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 19:58:35.0846 4924 WwanSvc - ok 19:58:35.0940 4924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 19:58:36.0070 4924 \Device\Harddisk0\DR0 - ok 19:58:36.0076 4924 Boot (0x1200) (fc87a77144c2c9bbd193e73e85271ab5) \Device\Harddisk0\DR0\Partition0 19:58:36.0078 4924 \Device\Harddisk0\DR0\Partition0 - ok 19:58:36.0105 4924 Boot (0x1200) (9fd42e7874f4598901b6bc40a91fec92) \Device\Harddisk0\DR0\Partition1 19:58:36.0107 4924 \Device\Harddisk0\DR0\Partition1 - ok 19:58:36.0108 4924 ============================================================ 19:58:36.0108 4924 Scan finished 19:58:36.0108 4924 ============================================================ 19:58:36.0128 5168 Detected object count: 3 19:58:36.0129 5168 Actual detected object count: 3 19:58:48.0923 5168 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user 19:58:48.0924 5168 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:58:48.0927 5168 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 19:58:48.0928 5168 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:58:48.0936 5168 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user 19:58:48.0936 5168 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.11.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Lisa Grueber :: LISA-LAPTOP [administrator] Protection: Enabled 5/10/2012 8:04:54 PM mbam-log-2012-05-10 (20-04-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184826 Time elapsed: 5 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully. C:\ProgramData\boost_interprocess\BE8BF077A42DCD01 folder moved successfully. C:\ProgramData\boost_interprocess folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\mlab folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\azutp folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\azemp folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\logs\save folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\cache folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\Lisa Grueber\AppData\Roaming\Azureus folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lisa Grueber ->Temp folder emptied: 73056905 bytes ->Temporary Internet Files folder emptied: 53063395 bytes ->Java cache emptied: 1393854 bytes ->Google Chrome cache emptied: 24415664 bytes ->Flash cache emptied: 63584 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 21818680 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17859317 bytes RecycleBin emptied: 295160 bytes Total Files Cleaned = 183.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.42.3 log created on 05102012_180233 Files\Folders moved on Reboot... File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\V2UXY054\age=2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330537229074327092_cat-nl_fam-nl_ch-nl_tile-2_pos-dt_hdn;tile=2;sz=1x1;ord=1330537229074327092[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\QMTLNXY2\2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330305151038129320_cat-nl_fam-nl_ch-nl_tile-1_pos-dt_300;tile=1;sz=300x250;ord=1330305151038129320[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\QMTLNXY2\2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330537229074327092_cat-nl_fam-nl_ch-nl_tile-1_pos-dt_300;tile=1;sz=300x250;ord=1330537229074327092[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\QMTLNXY2\age=2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330536625550159919_cat-nl_fam-nl_ch-nl_tile-2_pos-dt_hdn;tile=2;sz=1x1;ord=1330536625550159919[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\P8IWTS0C\2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330536625550159919_cat-nl_fam-nl_ch-nl_tile-1_pos-dt_300;tile=1;sz=300x250;ord=1330536625550159919[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\P8IWTS0C\554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330305151038129320_cat-nl_fam-nl_ch-nl_tile-3_pos-dt_cfr;tile=3;sz=1002x793;ord=1330305151038129320[1] not found! File\Folder C:\Users\Lisa Grueber\AppData\Local\Temp\Temporary Internet Files\Content.IE5\ONHROL36\age=2554;age=18u;age=25u;age=genx;gender=m;asi=nl;u=dma-602_st-il_cid-37_ord-1330305151038129320_cat-nl_fam-nl_ch-nl_tile-2_pos-dt_hdn;tile=2;sz=1x1;ord=1330305151038129320[1] not found! C:\Windows\temp\fb_2464.lck moved successfully. Registry entries deleted on Reboot... 18:17:43.0282 2588 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 18:17:45.0288 2588 ============================================================ 18:17:45.0288 2588 Current date / time: 2012/05/10 18:17:45.0288 18:17:45.0288 2588 SystemInfo: 18:17:45.0288 2588 18:17:45.0288 2588 OS Version: 6.1.7601 ServicePack: 1.0 18:17:45.0288 2588 Product type: Workstation 18:17:45.0289 2588 ComputerName: LISA-LAPTOP 18:17:45.0289 2588 UserName: Lisa Grueber 18:17:45.0289 2588 Windows directory: C:\Windows 18:17:45.0289 2588 System windows directory: C:\Windows 18:17:45.0289 2588 Processor architecture: Intel x86 18:17:45.0289 2588 Number of processors: 2 18:17:45.0289 2588 Page size: 0x1000 18:17:45.0289 2588 Boot type: Normal boot 18:17:45.0289 2588 ============================================================ 18:17:50.0404 2588 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 18:17:50.0404 2588 ============================================================ 18:17:50.0404 2588 \Device\Harddisk0\DR0: 18:17:50.0404 2588 MBR partitions: 18:17:50.0404 2588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:17:50.0404 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBA1F000 18:17:50.0404 2588 ============================================================ 18:17:50.0424 2588 C: <-> \Device\Harddisk0\DR0\Partition1 18:17:50.0424 2588 ============================================================ 18:17:50.0424 2588 Initialize success 18:17:50.0424 2588 ============================================================ 18:18:27.0930 4472 ============================================================ 18:18:27.0930 4472 Scan started 18:18:27.0930 4472 Mode: Manual; SigCheck; TDLFS; 18:18:27.0930 4472 ============================================================ 18:18:29.0893 4472 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 18:18:30.0096 4472 1394ohci - ok 18:18:30.0138 4472 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 18:18:30.0179 4472 ACPI - ok 18:18:30.0194 4472 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 18:18:30.0249 4472 AcpiPmi - ok 18:18:30.0302 4472 ADIHdAudAddService (6c61bceb60c2c187e6f96001fd69493e) C:\Windows\system32\drivers\ADIHdAud.sys 18:18:30.0360 4472 ADIHdAudAddService - ok 18:18:30.0479 4472 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:18:30.0507 4472 AdobeARMservice - ok 18:18:30.0597 4472 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 18:18:30.0649 4472 adp94xx - ok 18:18:30.0681 4472 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 18:18:30.0739 4472 adpahci - ok 18:18:30.0757 4472 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 18:18:30.0794 4472 adpu320 - ok 18:18:30.0848 4472 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE 18:18:30.0877 4472 AEADIFilters - ok 18:18:31.0016 4472 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 18:18:31.0098 4472 AeLookupSvc - ok 18:18:31.0164 4472 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 18:18:31.0226 4472 AFD - ok 18:18:31.0254 4472 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 18:18:31.0290 4472 agp440 - ok 18:18:31.0331 4472 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 18:18:31.0393 4472 aic78xx - ok 18:18:31.0427 4472 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 18:18:31.0480 4472 ALG - ok 18:18:31.0489 4472 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 18:18:31.0525 4472 aliide - ok 18:18:31.0561 4472 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 18:18:31.0601 4472 amdagp - ok 18:18:31.0609 4472 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 18:18:31.0642 4472 amdide - ok 18:18:31.0671 4472 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 18:18:31.0725 4472 AmdK8 - ok 18:18:31.0736 4472 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 18:18:31.0779 4472 AmdPPM - ok 18:18:31.0804 4472 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 18:18:31.0840 4472 amdsata - ok 18:18:31.0877 4472 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 18:18:31.0928 4472 amdsbs - ok 18:18:31.0955 4472 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 18:18:31.0988 4472 amdxata - ok 18:18:32.0027 4472 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\Drivers\amp.sys 18:18:32.0103 4472 AMP - ok 18:18:32.0218 4472 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\Drivers\ampse.sys 18:18:32.0297 4472 AMPSE - ok 18:18:32.0318 4472 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 18:18:32.0395 4472 AppID - ok 18:18:32.0420 4472 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 18:18:32.0505 4472 AppIDSvc - ok 18:18:32.0539 4472 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 18:18:32.0619 4472 Appinfo - ok 18:18:32.0636 4472 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 18:18:32.0672 4472 arc - ok 18:18:32.0686 4472 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 18:18:32.0737 4472 arcsas - ok 18:18:33.0105 4472 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 18:18:33.0138 4472 aspnet_state - ok 18:18:33.0175 4472 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 18:18:33.0262 4472 AsyncMac - ok 18:18:33.0289 4472 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 18:18:33.0322 4472 atapi - ok 18:18:33.0449 4472 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys 18:18:33.0532 4472 athr - ok 18:18:33.0604 4472 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:18:33.0679 4472 AudioEndpointBuilder - ok 18:18:33.0692 4472 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:18:33.0771 4472 Audiosrv - ok 18:18:33.0915 4472 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys 18:18:33.0939 4472 Avgfwfd - ok 18:18:34.0467 4472 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files\AVG\AVG2012\avgfws.exe 18:18:34.0593 4472 avgfws - ok 18:18:35.0186 4472 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe 18:18:35.0409 4472 AVGIDSAgent - ok 18:18:35.0617 4472 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys 18:18:35.0644 4472 AVGIDSDriver - ok 18:18:35.0687 4472 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys 18:18:35.0710 4472 AVGIDSFilter - ok 18:18:35.0726 4472 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys 18:18:35.0759 4472 AVGIDSHX - ok 18:18:35.0790 4472 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys 18:18:35.0812 4472 AVGIDSShim - ok 18:18:35.0870 4472 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys 18:18:35.0904 4472 Avgldx86 - ok 18:18:35.0924 4472 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys 18:18:35.0947 4472 Avgmfx86 - ok 18:18:35.0986 4472 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys 18:18:36.0016 4472 Avgrkx86 - ok 18:18:36.0080 4472 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys 18:18:36.0119 4472 Avgtdix - ok 18:18:36.0334 4472 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 18:18:36.0377 4472 avgwd - ok 18:18:36.0420 4472 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 18:18:36.0469 4472 AxInstSV - ok 18:18:36.0533 4472 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 18:18:36.0596 4472 b06bdrv - ok 18:18:36.0633 4472 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 18:18:36.0672 4472 b57nd60x - ok 18:18:36.0714 4472 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 18:18:36.0796 4472 BDESVC - ok 18:18:36.0815 4472 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 18:18:36.0903 4472 Beep - ok 18:18:36.0984 4472 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 18:18:37.0083 4472 BFE - ok 18:18:37.0182 4472 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 18:18:37.0266 4472 BITS - ok 18:18:37.0289 4472 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 18:18:37.0335 4472 blbdrive - ok 18:18:37.0360 4472 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 18:18:37.0390 4472 bowser - ok 18:18:37.0446 4472 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:18:37.0507 4472 BrFiltLo - ok 18:18:37.0553 4472 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:18:37.0656 4472 BrFiltUp - ok 18:18:37.0685 4472 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 18:18:37.0785 4472 Browser - ok 18:18:37.0895 4472 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 18:18:37.0944 4472 Brserid - ok 18:18:37.0969 4472 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 18:18:38.0040 4472 BrSerWdm - ok 18:18:38.0055 4472 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:18:38.0104 4472 BrUsbMdm - ok 18:18:38.0155 4472 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 18:18:38.0203 4472 BrUsbSer - ok 18:18:38.0304 4472 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 18:18:38.0412 4472 BTHMODEM - ok 18:18:38.0446 4472 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 18:18:38.0536 4472 bthserv - ok 18:18:38.0592 4472 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 18:18:38.0687 4472 cdfs - ok 18:18:38.0725 4472 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 18:18:38.0769 4472 cdrom - ok 18:18:38.0801 4472 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:18:38.0866 4472 CertPropSvc - ok 18:18:38.0884 4472 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 18:18:38.0925 4472 circlass - ok 18:18:38.0961 4472 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 18:18:38.0999 4472 CLFS - ok 18:18:39.0081 4472 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:18:39.0121 4472 clr_optimization_v2.0.50727_32 - ok 18:18:39.0236 4472 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:18:39.0273 4472 clr_optimization_v4.0.30319_32 - ok 18:18:39.0306 4472 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 18:18:39.0338 4472 CmBatt - ok 18:18:39.0366 4472 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 18:18:39.0394 4472 cmdide - ok 18:18:39.0459 4472 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 18:18:39.0523 4472 CNG - ok 18:18:39.0543 4472 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 18:18:39.0568 4472 Compbatt - ok 18:18:39.0606 4472 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 18:18:39.0651 4472 CompositeBus - ok 18:18:39.0657 4472 COMSysApp - ok 18:18:39.0670 4472 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 18:18:39.0699 4472 crcdisk - ok 18:18:39.0742 4472 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 18:18:39.0793 4472 CryptSvc - ok 18:18:39.0855 4472 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:18:39.0940 4472 DcomLaunch - ok 18:18:39.0996 4472 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 18:18:40.0075 4472 defragsvc - ok 18:18:40.0111 4472 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 18:18:40.0196 4472 DfsC - ok 18:18:40.0229 4472 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys 18:18:40.0313 4472 DgiVecp ( UnsignedFile.Multi.Generic ) - warning 18:18:40.0313 4472 DgiVecp - detected UnsignedFile.Multi.Generic (1) 18:18:40.0411 4472 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 18:18:40.0497 4472 Dhcp - ok 18:18:40.0518 4472 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 18:18:40.0589 4472 discache - ok 18:18:40.0633 4472 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 18:18:40.0667 4472 Disk - ok 18:18:40.0710 4472 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 18:18:40.0764 4472 Dnscache - ok 18:18:40.0810 4472 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 18:18:40.0907 4472 dot3svc - ok 18:18:40.0950 4472 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 18:18:41.0032 4472 DPS - ok 18:18:41.0073 4472 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 18:18:41.0128 4472 drmkaud - ok 18:18:41.0224 4472 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 18:18:41.0290 4472 DXGKrnl - ok 18:18:41.0329 4472 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 18:18:41.0416 4472 EapHost - ok 18:18:41.0731 4472 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 18:18:41.0902 4472 ebdrv - ok 18:18:42.0068 4472 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 18:18:42.0102 4472 EFS - ok 18:18:42.0206 4472 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 18:18:42.0258 4472 ehRecvr - ok 18:18:42.0295 4472 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 18:18:42.0350 4472 ehSched - ok 18:18:42.0401 4472 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 18:18:42.0430 4472 ElbyCDIO - ok 18:18:42.0489 4472 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys 18:18:42.0517 4472 ElRawDisk - ok 18:18:42.0602 4472 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 18:18:42.0655 4472 elxstor - ok 18:18:42.0680 4472 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 18:18:42.0724 4472 ErrDev - ok 18:18:42.0798 4472 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 18:18:42.0904 4472 EventSystem - ok 18:18:42.0953 4472 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 18:18:43.0026 4472 exfat - ok 18:18:43.0068 4472 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 18:18:43.0154 4472 fastfat - ok 18:18:43.0237 4472 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 18:18:43.0294 4472 Fax - ok 18:18:43.0310 4472 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 18:18:43.0358 4472 fdc - ok 18:18:43.0379 4472 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 18:18:43.0469 4472 fdPHost - ok 18:18:43.0567 4472 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 18:18:43.0729 4472 FDResPub - ok 18:18:43.0737 4472 FileDisk - ok 18:18:43.0886 4472 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 18:18:43.0988 4472 FileInfo - ok 18:18:44.0015 4472 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 18:18:44.0094 4472 Filetrace - ok 18:18:44.0122 4472 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 18:18:44.0171 4472 flpydisk - ok 18:18:44.0203 4472 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 18:18:44.0240 4472 FltMgr - ok 18:18:44.0345 4472 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 18:18:44.0443 4472 FontCache - ok 18:18:44.0534 4472 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:18:44.0562 4472 FontCache3.0.0.0 - ok 18:18:44.0594 4472 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 18:18:44.0629 4472 FsDepends - ok 18:18:44.0712 4472 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 18:18:44.0747 4472 Fs_Rec - ok 18:18:44.0791 4472 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 18:18:44.0836 4472 fvevol - ok 18:18:44.0866 4472 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:18:44.0902 4472 gagp30kx - ok 18:18:44.0991 4472 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 18:18:45.0084 4472 gpsvc - ok 18:18:45.0094 4472 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 18:18:45.0139 4472 hcw85cir - ok 18:18:45.0203 4472 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 18:18:45.0273 4472 HdAudAddService - ok 18:18:45.0306 4472 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 18:18:45.0364 4472 HDAudBus - ok 18:18:45.0372 4472 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 18:18:45.0418 4472 HidBatt - ok 18:18:45.0433 4472 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 18:18:45.0481 4472 HidBth - ok 18:18:45.0500 4472 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 18:18:45.0547 4472 HidIr - ok 18:18:45.0569 4472 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 18:18:45.0645 4472 hidserv - ok 18:18:45.0672 4472 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 18:18:45.0724 4472 HidUsb - ok 18:18:45.0762 4472 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 18:18:45.0828 4472 hkmsvc - ok 18:18:45.0874 4472 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 18:18:45.0899 4472 HomeGroupListener - ok 18:18:45.0955 4472 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 18:18:46.0003 4472 HomeGroupProvider - ok 18:18:46.0016 4472 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 18:18:46.0054 4472 HpSAMD - ok 18:18:46.0132 4472 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 18:18:46.0211 4472 HTTP - ok 18:18:46.0239 4472 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 18:18:46.0271 4472 hwpolicy - ok 18:18:46.0304 4472 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 18:18:46.0342 4472 i8042prt - ok 18:18:46.0414 4472 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 18:18:46.0466 4472 iaStorV - ok 18:18:46.0514 4472 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 18:18:46.0541 4472 IBMPMDRV - ok 18:18:46.0563 4472 IBMPMSVC (a75ce11915e4ecc5e1597d6e0f7bb2db) C:\Windows\system32\ibmpmsvc.exe 18:18:46.0588 4472 IBMPMSVC - ok 18:18:46.0730 4472 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:18:46.0800 4472 idsvc - ok 18:18:47.0272 4472 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys 18:18:47.0467 4472 igfx - ok 18:18:47.0660 4472 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 18:18:47.0692 4472 iirsp - ok 18:18:47.0799 4472 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 18:18:47.0900 4472 IKEEXT - ok 18:18:47.0974 4472 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 18:18:48.0013 4472 intelide - ok 18:18:48.0066 4472 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 18:18:48.0116 4472 intelppm - ok 18:18:48.0285 4472 ioloSystemService (8c2d445f874cb05773b813ed853607cf) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe 18:18:48.0336 4472 ioloSystemService - ok 18:18:48.0380 4472 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 18:18:48.0452 4472 IPBusEnum - ok 18:18:48.0481 4472 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:18:48.0575 4472 IpFilterDriver - ok 18:18:48.0649 4472 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 18:18:48.0749 4472 iphlpsvc - ok 18:18:48.0782 4472 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 18:18:48.0819 4472 IPMIDRV - ok 18:18:48.0851 4472 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 18:18:48.0938 4472 IPNAT - ok 18:18:48.0963 4472 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 18:18:49.0017 4472 IRENUM - ok 18:18:49.0113 4472 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 18:18:49.0164 4472 isapnp - ok 18:18:49.0258 4472 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 18:18:49.0299 4472 iScsiPrt - ok 18:18:49.0330 4472 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 18:18:49.0362 4472 kbdclass - ok 18:18:49.0381 4472 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 18:18:49.0425 4472 kbdhid - ok 18:18:49.0447 4472 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:18:49.0482 4472 KeyIso - ok 18:18:49.0513 4472 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 18:18:49.0548 4472 KSecDD - ok 18:18:49.0572 4472 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 18:18:49.0608 4472 KSecPkg - ok 18:18:49.0692 4472 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 18:18:49.0783 4472 KtmRm - ok 18:18:49.0832 4472 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 18:18:49.0931 4472 LanmanServer - ok 18:18:49.0964 4472 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 18:18:50.0041 4472 LanmanWorkstation - ok 18:18:50.0082 4472 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 18:18:50.0170 4472 lltdio - ok 18:18:50.0224 4472 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 18:18:50.0331 4472 lltdsvc - ok 18:18:50.0351 4472 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 18:18:50.0433 4472 lmhosts - ok 18:18:50.0481 4472 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:18:50.0525 4472 LSI_FC - ok 18:18:50.0547 4472 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:18:50.0584 4472 LSI_SAS - ok 18:18:50.0594 4472 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:18:50.0634 4472 LSI_SAS2 - ok 18:18:50.0648 4472 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:18:50.0684 4472 LSI_SCSI - ok 18:18:50.0716 4472 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 18:18:50.0804 4472 luafv - ok 18:18:50.0870 4472 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 18:18:50.0898 4472 MBAMProtector - ok 18:18:51.0061 4472 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:18:51.0111 4472 MBAMService - ok 18:18:51.0160 4472 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 18:18:51.0198 4472 Mcx2Svc - ok 18:18:51.0295 4472 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 18:18:51.0318 4472 MDM ( UnsignedFile.Multi.Generic ) - warning 18:18:51.0318 4472 MDM - detected UnsignedFile.Multi.Generic (1) 18:18:51.0360 4472 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 18:18:51.0396 4472 megasas - ok 18:18:51.0424 4472 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 18:18:51.0472 4472 MegaSR - ok 18:18:51.0548 4472 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 18:18:51.0576 4472 Microsoft Office Groove Audit Service - ok 18:18:51.0609 4472 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:18:51.0695 4472 MMCSS - ok 18:18:51.0736 4472 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 18:18:51.0830 4472 Modem - ok 18:18:51.0872 4472 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 18:18:51.0925 4472 monitor - ok 18:18:51.0957 4472 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 18:18:51.0992 4472 mouclass - ok 18:18:52.0002 4472 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 18:18:52.0047 4472 mouhid - ok 18:18:52.0069 4472 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 18:18:52.0104 4472 mountmgr - ok 18:18:52.0137 4472 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 18:18:52.0176 4472 mpio - ok 18:18:52.0202 4472 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 18:18:52.0265 4472 mpsdrv - ok 18:18:52.0350 4472 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 18:18:52.0444 4472 MpsSvc - ok 18:18:52.0478 4472 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 18:18:52.0568 4472 MRxDAV - ok 18:18:52.0611 4472 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:18:52.0661 4472 mrxsmb - ok 18:18:52.0708 4472 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:18:52.0746 4472 mrxsmb10 - ok 18:18:52.0769 4472 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:18:52.0811 4472 mrxsmb20 - ok 18:18:52.0834 4472 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 18:18:52.0864 4472 msahci - ok 18:18:52.0887 4472 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 18:18:52.0924 4472 msdsm - ok 18:18:52.0980 4472 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 18:18:53.0054 4472 MSDTC - ok 18:18:53.0105 4472 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 18:18:53.0179 4472 Msfs - ok 18:18:53.0196 4472 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 18:18:53.0275 4472 mshidkmdf - ok 18:18:53.0308 4472 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 18:18:53.0339 4472 msisadrv - ok 18:18:53.0380 4472 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 18:18:53.0480 4472 MSiSCSI - ok 18:18:53.0488 4472 msiserver - ok 18:18:53.0530 4472 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 18:18:53.0633 4472 MSKSSRV - ok 18:18:53.0641 4472 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 18:18:53.0722 4472 MSPCLOCK - ok 18:18:53.0730 4472 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 18:18:53.0822 4472 MSPQM - ok 18:18:53.0866 4472 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 18:18:53.0905 4472 MsRPC - ok 18:18:53.0935 4472 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 18:18:53.0965 4472 mssmbios - ok 18:18:53.0973 4472 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 18:18:54.0073 4472 MSTEE - ok 18:18:54.0092 4472 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 18:18:54.0140 4472 MTConfig - ok 18:18:54.0161 4472 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 18:18:54.0187 4472 Mup - ok 18:18:54.0323 4472 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 18:18:54.0417 4472 napagent - ok 18:18:54.0472 4472 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 18:18:54.0517 4472 NativeWifiP - ok 18:18:54.0612 4472 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 18:18:54.0670 4472 NDIS - ok 18:18:54.0706 4472 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 18:18:54.0807 4472 NdisCap - ok 18:18:54.0835 4472 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 18:18:54.0900 4472 NdisTapi - ok 18:18:54.0978 4472 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 18:18:55.0058 4472 Ndisuio - ok 18:18:55.0108 4472 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 18:18:55.0188 4472 NdisWan - ok 18:18:55.0218 4472 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 18:18:55.0288 4472 NDProxy - ok 18:18:55.0298 4472 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 18:18:55.0398 4472 NetBIOS - ok 18:18:55.0428 4472 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 18:18:55.0518 4472 NetBT - ok 18:18:55.0548 4472 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:18:55.0588 4472 Netlogon - ok 18:18:55.0628 4472 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 18:18:55.0708 4472 Netman - ok 18:18:55.0868 4472 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:18:55.0888 4472 NetMsmqActivator - ok 18:18:55.0898 4472 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:18:55.0938 4472 NetPipeActivator - ok 18:18:55.0998 4472 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 18:18:56.0088 4472 netprofm - ok 18:18:56.0098 4472 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:18:56.0138 4472 NetTcpActivator - ok 18:18:56.0148 4472 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:18:56.0179 4472 NetTcpPortSharing - ok 18:18:56.0226 4472 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 18:18:56.0262 4472 nfrd960 - ok 18:18:56.0332 4472 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 18:18:56.0412 4472 NlaSvc - ok 18:18:56.0442 4472 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 18:18:56.0512 4472 Npfs - ok 18:18:56.0532 4472 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 18:18:56.0625 4472 nsi - ok 18:18:56.0641 4472 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 18:18:56.0717 4472 nsiproxy - ok 18:18:56.0863 4472 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 18:18:56.0966 4472 Ntfs - ok 18:18:56.0990 4472 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 18:18:57.0074 4472 Null - ok 18:18:57.0121 4472 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 18:18:57.0157 4472 nvraid - ok 18:18:57.0179 4472 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 18:18:57.0220 4472 nvstor - ok 18:18:57.0281 4472 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 18:18:57.0317 4472 nv_agp - ok 18:18:57.0478 4472 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 18:18:57.0529 4472 odserv - ok 18:18:57.0572 4472 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 18:18:57.0615 4472 ohci1394 - ok 18:18:57.0652 4472 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:18:57.0685 4472 ose - ok 18:18:57.0740 4472 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:18:57.0805 4472 p2pimsvc - ok 18:18:57.0867 4472 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 18:18:57.0916 4472 p2psvc - ok 18:18:57.0957 4472 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 18:18:57.0991 4472 Parport - ok 18:18:58.0029 4472 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 18:18:58.0065 4472 partmgr - ok 18:18:58.0099 4472 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 18:18:58.0135 4472 Parvdm - ok 18:18:58.0175 4472 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 18:18:58.0225 4472 PcaSvc - ok 18:18:58.0255 4472 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 18:18:58.0285 4472 pci - ok 18:18:58.0300 4472 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 18:18:58.0342 4472 pciide - ok 18:18:58.0382 4472 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 18:18:58.0412 4472 pcmcia - ok 18:18:58.0432 4472 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 18:18:58.0472 4472 pcw - ok 18:18:58.0532 4472 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 18:18:58.0642 4472 PEAUTH - ok 18:18:58.0834 4472 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 18:18:58.0979 4472 pla - ok 18:18:59.0164 4472 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 18:18:59.0213 4472 PlugPlay - ok 18:18:59.0248 4472 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 18:18:59.0296 4472 PNRPAutoReg - ok 18:18:59.0549 4472 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:18:59.0589 4472 PNRPsvc - ok 18:18:59.0657 4472 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 18:18:59.0766 4472 PolicyAgent - ok 18:18:59.0819 4472 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 18:18:59.0903 4472 Power - ok 18:18:59.0964 4472 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 18:19:00.0050 4472 PptpMiniport - ok 18:19:00.0083 4472 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 18:19:00.0143 4472 Processor - ok 18:19:00.0193 4472 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 18:19:00.0263 4472 ProfSvc - ok 18:19:00.0293 4472 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:19:00.0323 4472 ProtectedStorage - ok 18:19:00.0353 4472 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 18:19:00.0443 4472 Psched - ok 18:19:00.0623 4472 QBCFMonitorService (56a6210aca051227eafeefa628bb5a9b) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 18:19:00.0633 4472 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning 18:19:00.0633 4472 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1) 18:19:00.0683 4472 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe 18:19:00.0713 4472 QBFCService ( UnsignedFile.Multi.Generic ) - warning 18:19:00.0713 4472 QBFCService - detected UnsignedFile.Multi.Generic (1) 18:19:00.0914 4472 QBVSS (d4ff4102640685c69bdc63f1674ce724) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 18:19:00.0967 4472 QBVSS ( UnsignedFile.Multi.Generic ) - warning 18:19:00.0967 4472 QBVSS - detected UnsignedFile.Multi.Generic (1) 18:19:01.0265 4472 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 18:19:01.0364 4472 ql2300 - ok 18:19:01.0428 4472 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 18:19:01.0466 4472 ql40xx - ok 18:19:01.0520 4472 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 18:19:01.0582 4472 QWAVE - ok 18:19:01.0610 4472 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 18:19:01.0655 4472 QWAVEdrv - ok 18:19:01.0662 4472 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 18:19:01.0752 4472 RasAcd - ok 18:19:01.0787 4472 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:19:01.0860 4472 RasAgileVpn - ok 18:19:01.0891 4472 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 18:19:01.0978 4472 RasAuto - ok 18:19:02.0007 4472 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:19:02.0087 4472 Rasl2tp - ok 18:19:02.0139 4472 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 18:19:02.0226 4472 RasMan - ok 18:19:02.0256 4472 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 18:19:02.0326 4472 RasPppoe - ok 18:19:02.0356 4472 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 18:19:02.0456 4472 RasSstp - ok 18:19:02.0496 4472 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 18:19:02.0586 4472 rdbss - ok 18:19:02.0626 4472 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 18:19:02.0666 4472 rdpbus - ok 18:19:02.0716 4472 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:19:02.0796 4472 RDPCDD - ok 18:19:02.0826 4472 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 18:19:02.0916 4472 RDPENCDD - ok 18:19:02.0946 4472 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 18:19:03.0026 4472 RDPREFMP - ok 18:19:03.0088 4472 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 18:19:03.0149 4472 RDPWD - ok 18:19:03.0203 4472 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 18:19:03.0241 4472 rdyboost - ok 18:19:03.0274 4472 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 18:19:03.0362 4472 RemoteAccess - ok 18:19:03.0401 4472 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 18:19:03.0482 4472 RemoteRegistry - ok 18:19:03.0506 4472 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 18:19:03.0595 4472 RpcEptMapper - ok 18:19:03.0618 4472 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 18:19:03.0666 4472 RpcLocator - ok 18:19:03.0722 4472 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:19:03.0801 4472 RpcSs - ok 18:19:03.0837 4472 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 18:19:03.0927 4472 rspndr - ok 18:19:03.0960 4472 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:19:03.0999 4472 SamSs - ok 18:19:04.0042 4472 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 18:19:04.0078 4472 sbp2port - ok 18:19:04.0101 4472 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 18:19:04.0197 4472 SCardSvr - ok 18:19:04.0237 4472 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 18:19:04.0317 4472 scfilter - ok 18:19:04.0407 4472 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 18:19:04.0497 4472 Schedule - ok 18:19:04.0677 4472 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:19:04.0747 4472 SCPolicySvc - ok 18:19:04.0787 4472 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 18:19:04.0837 4472 SDRSVC - ok 18:19:04.0867 4472 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:19:04.0957 4472 secdrv - ok 18:19:04.0987 4472 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 18:19:05.0067 4472 seclogon - ok 18:19:05.0097 4472 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 18:19:05.0173 4472 SENS - ok 18:19:05.0236 4472 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 18:19:05.0278 4472 SensrSvc - ok 18:19:05.0312 4472 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 18:19:05.0363 4472 Serenum - ok 18:19:05.0382 4472 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 18:19:05.0434 4472 Serial - ok 18:19:05.0461 4472 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 18:19:05.0494 4472 sermouse - ok 18:19:05.0542 4472 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 18:19:05.0618 4472 SessionEnv - ok 18:19:05.0648 4472 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 18:19:05.0695 4472 sffdisk - ok 18:19:05.0704 4472 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 18:19:05.0745 4472 sffp_mmc - ok 18:19:05.0754 4472 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 18:19:05.0807 4472 sffp_sd - ok 18:19:05.0817 4472 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 18:19:05.0885 4472 sfloppy - ok 18:19:05.0967 4472 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 18:19:06.0067 4472 SharedAccess - ok 18:19:06.0130 4472 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 18:19:06.0218 4472 ShellHWDetection - ok 18:19:06.0228 4472 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 18:19:06.0268 4472 sisagp - ok 18:19:06.0298 4472 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:19:06.0338 4472 SiSRaid2 - ok 18:19:06.0358 4472 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 18:19:06.0398 4472 SiSRaid4 - ok 18:19:06.0418 4472 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 18:19:06.0488 4472 Smb - ok 18:19:06.0538 4472 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 18:19:06.0568 4472 SNMPTRAP - ok 18:19:06.0598 4472 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 18:19:06.0628 4472 spldr - ok 18:19:06.0678 4472 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 18:19:06.0758 4472 Spooler - ok 18:19:07.0088 4472 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 18:19:07.0245 4472 sppsvc - ok 18:19:07.0445 4472 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 18:19:07.0525 4472 sppuinotify - ok 18:19:07.0605 4472 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 18:19:07.0655 4472 srv - ok 18:19:07.0705 4472 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 18:19:07.0745 4472 srv2 - ok 18:19:07.0785 4472 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 18:19:07.0815 4472 srvnet - ok 18:19:07.0855 4472 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 18:19:07.0935 4472 SSDPSRV - ok 18:19:07.0965 4472 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys 18:19:07.0975 4472 SSPORT ( UnsignedFile.Multi.Generic ) - warning 18:19:07.0975 4472 SSPORT - detected UnsignedFile.Multi.Generic (1) 18:19:08.0005 4472 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 18:19:08.0085 4472 SstpSvc - ok 18:19:08.0140 4472 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 18:19:08.0171 4472 stexstor - ok 18:19:08.0269 4472 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 18:19:08.0343 4472 StiSvc - ok 18:19:08.0383 4472 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 18:19:08.0414 4472 swenum - ok 18:19:08.0457 4472 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 18:19:08.0557 4472 swprv - ok 18:19:08.0611 4472 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys 18:19:08.0646 4472 SynTP - ok 18:19:08.0783 4472 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 18:19:08.0859 4472 SysMain - ok 18:19:08.0959 4472 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 18:19:09.0029 4472 TabletInputService - ok 18:19:09.0074 4472 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 18:19:09.0146 4472 TapiSrv - ok 18:19:09.0189 4472 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 18:19:09.0280 4472 TBS - ok 18:19:09.0443 4472 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 18:19:09.0572 4472 Tcpip - ok 18:19:09.0603 4472 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 18:19:09.0689 4472 TCPIP6 - ok 18:19:09.0816 4472 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 18:19:09.0897 4472 tcpipreg - ok 18:19:09.0933 4472 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 18:19:09.0969 4472 TDPIPE - ok 18:19:10.0002 4472 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 18:19:10.0035 4472 TDTCP - ok 18:19:10.0073 4472 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 18:19:10.0158 4472 tdx - ok 18:19:10.0202 4472 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 18:19:10.0232 4472 TermDD - ok 18:19:10.0301 4472 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 18:19:10.0386 4472 TermService - ok 18:19:10.0420 4472 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 18:19:10.0476 4472 Themes - ok 18:19:10.0515 4472 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:19:10.0585 4472 THREADORDER - ok 18:19:10.0620 4472 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys 18:19:10.0670 4472 TPM - ok 18:19:10.0716 4472 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 18:19:10.0800 4472 TrkWks - ok
  9. Hi Maniac. I ran OTL. Below is OTL.txt and Extras.txt. Thanks OTL logfile created on: 5/10/2012 10:47:06 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lisa Grueber\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.92% Memory free 5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 37.02 Gb Free Space | 39.78% Space Free | Partition Type: NTFS Computer Name: LISA-LAPTOP | User Name: Lisa Grueber | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe PRC - [2012/05/10 00:13:33 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe PRC - [2012/05/10 00:13:32 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe PRC - [2011/09/28 12:59:12 | 000,142,144 | ---- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2011/09/28 12:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2011/09/28 12:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011/06/08 10:45:44 | 000,822,456 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 05:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/09/30 17:51:04 | 001,178,400 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE PRC - [2010/09/30 11:52:42 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe PRC - [2010/04/23 01:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE ========== Modules (No Company Name) ========== MOD - [2012/05/10 00:13:34 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll MOD - [2012/05/10 00:13:32 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010/09/30 17:51:32 | 000,124,704 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll MOD - [2010/09/30 17:51:30 | 000,020,256 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL MOD - [2010/09/30 17:51:22 | 000,041,248 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll MOD - [2010/09/30 17:51:12 | 000,175,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll MOD - [2010/09/30 17:51:10 | 000,337,184 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll MOD - [2010/09/30 17:51:10 | 000,268,064 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/10 00:13:33 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/01/06 12:26:06 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011/12/19 04:01:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011/09/28 12:59:12 | 000,142,144 | ---- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2011/09/28 12:59:10 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2011/09/28 12:59:00 | 000,097,088 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/09/30 11:52:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2010/09/17 17:04:30 | 001,251,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS) SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/07/15 18:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- -- (FileDisk) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/09/28 13:12:32 | 000,138,048 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\amp.sys -- (AMP) DRV - [2011/09/28 13:12:28 | 001,189,184 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ampse.sys -- (AMPSE) DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/10/09 03:37:44 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/03/02 15:12:10 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2009/03/02 15:12:10 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008/12/09 11:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 3E 06 E6 4C 1E CD 01 [binary data] IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C48CB541-59B4-48D4-A688-9CD953DDC072}&mid=0a3cd4bf8c6547d0a68ad15f95c8d7b2-d9403418a31d243e153ab121023e35b3be56a910〈=en&ds=AVG&pr=pr&d=2012-05-10 00:13:37&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/19 00:36:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/10 00:13:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 00:11:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/10 00:13:53 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={C48CB541-59B4-48D4-A688-9CD953DDC072}&mid=0a3cd4bf8c6547d0a68ad15f95c8d7b2-d9403418a31d243e153ab121023e35b3be56a910〈=en&ds=AVG&pr=pr&d=2012-05-10 00:13:37&v=11.0.0.9&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\Lisa Grueber\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\ CHR - Extension: AVG Do Not Track = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Lisa Grueber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.) O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-2218718152-808858329-1551952991-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\iavlsp.dll (iolo technologies, LLC) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151B6E5A-0129-45E3-9ADA-CD9E0138C759}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/10 10:35:35 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe [2012/05/10 01:20:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\Malwarebytes [2012/05/10 01:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/10 01:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/10 01:20:34 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/10 01:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/10 00:14:25 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Roaming\AVG2012 [2012/05/10 00:14:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Local\AVG Secure Search [2012/05/10 00:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/10 00:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/05/10 00:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/05/10 00:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/05/10 00:11:45 | 000,000,000 | -H-D | C] -- C:\$AVG [2012/05/10 00:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012/05/10 00:11:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012/05/10 00:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/05/10 00:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/05/09 00:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/04/29 17:18:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa Grueber\AppData\Local\Diagnostics [2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys ========== Files - Modified Within 30 Days ========== [2012/05/10 10:38:52 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/10 10:38:52 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/10 10:35:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa Grueber\Desktop\OTL.exe [2012/05/10 10:34:29 | 097,725,211 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/10 10:30:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/10 10:30:04 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys [2012/05/10 10:26:39 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000UA.job [2012/05/10 01:32:41 | 000,033,927 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/10 00:55:43 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll [2012/05/09 23:23:17 | 000,427,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/09 23:18:20 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2218718152-808858329-1551952991-1000Core.job [2012/05/09 17:05:23 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/09 17:05:23 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/27 15:02:28 | 000,624,914 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2012/04/19 11:51:04 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys ========== Files Created - No Company Name ========== [2012/05/10 10:34:29 | 097,725,211 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/10 01:32:41 | 000,033,927 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/10 00:55:43 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll [2012/04/27 15:02:28 | 000,624,914 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [2012/04/11 17:39:28 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini [2012/04/05 18:47:45 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini ========== LOP Check ========== [2012/05/10 00:14:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\AVG2012 [2012/05/04 23:58:56 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\Azureus [2012/03/12 11:26:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\ConverterLite [2012/03/10 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\FileZilla [2011/12/13 02:56:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\iolo [2012/02/10 15:41:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa Grueber\AppData\Roaming\PDF Writer [2009/07/13 23:53:46 | 000,017,454 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/10/2012 10:47:06 AM - Run 1 OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Lisa Grueber\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.92% Memory free 5.98 Gb Paging File | 4.82 Gb Available in Paging File | 80.61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 93.06 Gb Total Space | 37.02 Gb Free Space | 39.78% Space Free | Partition Type: NTFS Computer Name: LISA-LAPTOP | User Name: Lisa Grueber | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03FED37E-7828-4FAD-B786-0BF45397C652}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0B032E56-1747-4346-8051-BFB566F81F86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2208291E-BEB9-4BCC-AA25-FCCF522E4428}" = rport=137 | protocol=17 | dir=out | app=system | "{2C2AC1B2-BB65-4708-BDCC-8E23B051E95D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3956A4B7-13C2-4B97-926C-FBCBBFBE8F75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3B4BCC7A-1FC0-4CA2-A775-7E2007E18CF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{40DAA939-02A2-42BE-A887-59838520CEFD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E294797-902C-494F-8C68-3FD671DE97E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4EDCEE28-A6A6-4E8F-B28E-2ABE0C8A3258}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{56C4276D-2CA0-4914-A17E-FFACD5A13A0A}" = rport=10243 | protocol=6 | dir=out | app=system | "{5C16BC46-C138-4BFF-A28F-6AA7ABAF4641}" = lport=445 | protocol=6 | dir=in | app=system | "{63F2AC1B-3825-4D95-A036-268BCFA5CBE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{74EBDE58-267F-4AE2-B26A-C0D37CA29E54}" = lport=138 | protocol=17 | dir=in | app=system | "{780C913D-C944-4F9C-8A0C-479B34739495}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8982BFC8-B974-412D-A5BC-003466C92169}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{94CC3887-F335-4749-8B30-51A3D3CF1EEC}" = rport=138 | protocol=17 | dir=out | app=system | "{A417056E-F94D-410D-A09E-BF657545A64B}" = lport=10243 | protocol=6 | dir=in | app=system | "{A6EAEE65-81E1-4DF1-97A4-88235EB8E584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C45AAD78-83E7-4156-8981-A122B633D9EC}" = rport=139 | protocol=6 | dir=out | app=system | "{CDE6B28A-CA95-4129-867D-A16670378806}" = lport=137 | protocol=17 | dir=in | app=system | "{D7E6D338-41EA-4897-BD16-A2606F8E98B6}" = lport=2869 | protocol=6 | dir=in | app=system | "{D97D54F7-5807-4E5C-9D82-927D029FF79F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ECD83FE3-C879-46E9-8A5E-80BE0A7EBBD0}" = lport=139 | protocol=6 | dir=in | app=system | "{FEDD6E3D-4C7A-4C6E-94E9-A770A69F64A7}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0202D7F5-B6A9-4F00-9061-E18461F2322F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{12042512-816F-46BA-B454-26A36805E0D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{14084BB7-6D5F-4303-AFA1-8A0DB9695BEF}" = protocol=6 | dir=out | app=system | "{17B60DB7-5036-464B-8596-6989B7BF6486}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{1BD9D80D-E11E-4B8C-8AE7-648414517E74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1D73880A-111B-4467-9EDE-754CA0CA8E03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{215A953B-E4ED-451C-A60B-20CC000B3F46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{261716FC-138B-4BD1-BE1D-D14BBDB33C79}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | "{3399D8B9-2462-48FE-A365-374010DBBDF3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4603D293-5556-486C-9DC9-58433C453822}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{4BA4A7AC-E79D-4CA6-BE0F-C416084FA361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4C11EEE3-74C1-48E7-BF92-C9A270F4F37A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4E7A5D04-2CF9-41EB-92EC-DEEEECB0FD48}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{4F553283-AE7D-4CC9-9A08-0C6C31177363}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{556B6D61-14A7-466D-9C9A-603092295700}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{566B70E0-F85D-40A5-8D5D-4D3917AD822A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{56BC4CC3-EFAA-4165-8E32-3A3852FC96B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{5CCD5EE4-99BE-4A59-8486-C9DA0741EC78}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5E069471-FCF1-4CAB-A427-B5DDC9663C8F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{60E9309E-B532-4B4E-A047-82950EA26E94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{61834769-BD30-4017-9B3B-BA9F5FBB5B9F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6DA4A081-4426-44EC-B0C2-65F4AC857C1E}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe | "{7F4B6DFD-AA04-4A60-8567-81EFD5D37319}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{83433965-9C61-4CE3-83F4-24D56F218504}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A0011339-48E3-48B9-827E-9C66F7874AC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AE0E4B13-C155-4A63-B9ED-1DDFB53349A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE8B7036-A837-4034-8865-C02374713CEE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{CC9F742A-780E-46BC-B4E7-4A200D871E79}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{D81A8D97-600F-4267-BB53-8E87660C4863}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{DCFFFDA7-A10D-4988-B22B-34303723ECB0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{F3EB0F44-1CA4-4429-8687-BEB370151AAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FDBBABEE-0D20-4B99-AF64-217AA4C13D42}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "TCP Query User{1BADB727-2B2F-4916-9A5F-252261E43930}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{D4536189-A7F7-471E-AE34-7539B2B6305D}C:\program files\mediacrawler\mediacrawler.exe" = protocol=6 | dir=in | app=c:\program files\mediacrawler\mediacrawler.exe | "UDP Query User{1C4C64C9-971D-4256-9286-75CA971E02A9}C:\program files\mediacrawler\mediacrawler.exe" = protocol=17 | dir=in | app=c:\program files\mediacrawler\mediacrawler.exe | "UDP Query User{D1FC0356-E48E-42EC-826B-41BB6D77FA4D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011 "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{411949AB-6EE8-4C62-9C72-EBC93B6A7935}" = AVG 2012 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip" = 7-Zip 9.15 beta "8461-7759-5462-8226" = Vuze "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2012 "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338 "ConverterLite" = ConverterLite 1.1.0 "DivX Setup" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.5.3 "HDMI" = Intel® Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime "Power Management Driver" = ThinkPad Power Management Driver "Samsung ML-1740 Series" = Samsung ML-1740 Series "SynTPDeinstKey" = ThinkPad UltraNav Driver "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VideoLAN VLC media player 0.8.6f ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2218718152-808858329-1551952991-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/10/2012 12:26:22 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:13:05 AM | Computer Name = Lisa-Laptop | Source = Application Error | ID = 1000 Description = Faulting application name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00736573 Faulting process id: 0xb98 Faulting application start time: 0x01cd2e6910d81176 Faulting application path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Faulting module path: unknown Report Id: d21b64c4-9a5e-11e1-8530-0016d32c3e41 Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 1:20:07 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 2:19:31 AM | Computer Name = Lisa-Laptop | Source = Application Error | ID = 1000 Description = Faulting application name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Faulting module name: SysMech.exe, version: 10.7.7.2, time stamp: 0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x00224ef4 Faulting process id: 0x17d0 Faulting application start time: 0x01cd2e7187e55ca4 Faulting application path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Faulting module path: C:\Program Files\iolo\System Mechanic Professional\SysMech.exe Report Id: 1a005470-9a68-11e1-b980-0016d32c3e41 Error - 5/10/2012 9:24:26 AM | Computer Name = Lisa-Laptop | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand Error - 5/10/2012 11:33:08 AM | Computer Name = Lisa-Laptop | Source = QuickBooks | ID = 4 Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Hand [ iolo Applications Events ] Error - 3/18/2012 5:40:06 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 20 Description = Error - 3/21/2012 10:19:45 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 20 Description = Error - 4/28/2012 1:02:52 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 4/29/2012 4:05:33 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/2/2012 3:54:42 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/5/2012 2:30:55 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/8/2012 10:55:33 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/8/2012 6:55:39 PM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/10/2012 12:55:07 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = Error - 5/10/2012 1:55:44 AM | Computer Name = Lisa-Laptop | Source = System Shield | ID = 12 Description = [ Media Center Events ] Error - 2/17/2012 4:47:46 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:47:46 PM - Failed to retrieve Directory (Error: Unable to connect to the remote server) Error - 2/17/2012 4:48:29 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:48:29 PM - Failed to retrieve NetTV (Error: Unable to connect to the remote server) Error - 2/17/2012 4:50:46 PM | Computer Name = Lisa-Laptop | Source = MCUpdate | ID = 0 Description = 2:50:43 PM - Failed to retrieve Broadband (Error: Unable to connect to the remote server) [ System Events ] Error - 5/10/2012 1:17:03 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Active Malware Protection Support Driver service failed to start due to the following error: %%2 Error - 5/10/2012 1:17:03 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 5/10/2012 1:17:38 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 5/10/2012 9:24:09 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. Error - 5/10/2012 11:30:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Active Malware Protection Support Driver service failed to start due to the following error: %%2 Error - 5/10/2012 11:30:12 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 5/10/2012 11:30:31 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: FileDisk Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = DCOM | ID = 10005 Description = Error - 5/10/2012 11:32:11 AM | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 < End of report >
  10. Hello.... Downloaded ilivid and i noticed that my google chrome browser home page has been taken over by searchnu.com/406. I have System Mechanic Professional which is no longer opening on startup. Please help me remove this virus. thanks- Mia