1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Searh result redirects

Discussion in 'Virus & Other Malware Removal' started by GWest251, Jan 17, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    As the title indicates, my system is currently plagued by redirects from search results pages. This happens regardless of browser (IE, Chrome) or search engine (google, bing). The most common redirects seem to be to ampnetwork, clicknow, livesearch, and myfind.

    Unfortunely, I have no ark.txt log to post as GMER.exe BSODed my system before completion. I can try to rerun this if necessary, but I've included the hijackthis and dds logs as instructed in the Read This First thread.

    The Good Stuff...
    Hijack This
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:24:13 AM, on 1/17/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\SpeedFan\speedfan.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\Desktop\HijackThis (2).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
    O4 - HKLM\..\Run: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: QuickFlix Companion AutoDetect.lnk = C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\SysWOW64\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

    --
    End of file - 13601 bytes

    DDS
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Greg at 18:42:02 on 2013-01-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.1803 [GMT -5:00]
    .
    AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\lxctcoms.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Greg\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.igoogle.com/
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [msnmsgr] "C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" /background
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    uRun: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
    mRun: [eRecoveryService] <no file>
    StartupFolder: C:\Users\Greg\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKF~1.LNK - C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{0B3F27C9-B9D9-42D6-9893-4D145E057DD2} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{43A86402-F5FB-487B-AB19-A46F94CFC834} : DHCPNameServer = 192.168.2.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://www.google.com
    x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
    x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
    x64-Run: [LXCTCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCTtime.dll,RunDLLEntry
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-6-2 33800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-10-9 53488]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0604000.009\symds64.sys [2012-10-2 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0604000.009\symefa64.sys [2012-10-2 1129120]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130111.001\BHDrvx64.sys [2013-1-15 1384608]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\0604000.009\ccsetx64.sys [2012-10-2 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130116.002\IDSviA64.sys [2013-1-16 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0604000.009\ironx64.sys [2012-10-2 190072]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\0604000.009\symtdiv.sys [2012-10-2 445560]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2010-1-17 20376]
    R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-11-21 24576]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccsvchst.exe [2012-10-2 138272]
    R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
    R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
    R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-10-9 294400]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-20 138912]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-11-17 4751360]
    R3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2008-5-12 62424]
    R3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2008-6-11 51800]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-7-24 392192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-23 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-12 08:30:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-01-12 08:26:16 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
    2013-01-12 08:24:49 174496 ----a-w- C:\Windows\SysWow64\java.exe
    2013-01-10 08:02:29 67599240 ----a-w- C:\Windows\System32\mrt.exe
    2013-01-09 10:56:23 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 10:56:22 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-25 14:14:00 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-11-25 14:14:00 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
    2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 18:42:36.79 ===============

    Attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/21/2008 5:33:12 AM
    System Uptime: 1/17/2013 5:15:41 PM (1 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | U2E1 | 2266/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 79.556 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.21
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Camera Assistant Software for Gateway
    Cisco Network Magic
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CutePDF Writer 3.0
    CyberLink LabelPrint
    CyberLink Power2Go
    Dragon Age: Origins
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.04.804
    Facebook Plug-In
    Fallout 3
    Family Feud
    FaxRedist
    Gateway Games
    Gateway Recovery Management
    GearDrvs
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    Guild Wars
    Guild Wars 2
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iCloud
    Intel® Matrix Storage Manager
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Lexmark 5400 Series
    LG USB Modem driver
    Malwarebytes Anti-Malware version 1.70.0.1100
    Marvell Miniport Driver
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Napster
    Napster Burn Engine
    Network Magic
    Norton 360 Premier Edition
    Norton Security Scan
    NVIDIA Drivers
    NVIDIA PhysX
    O2Micro Flash Memory Card Reader Driver (x64)
    OLYMPUS Master 2
    OpenOffice.org 3.3
    Origin
    Panda ActiveScan 2.0
    Pando Media Booster
    Pure Networks Platform
    QuickFlix Companion
    QuickTime
    RPTools TokenTool
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SmartMusic 2012c
    SpeedFan (remove only)
    SPORE™
    SPORE™ Creepy & Cute Parts Pack
    Synaptics Pointing Device Driver
    System Requirements Lab CYRI
    Temple of Elemental Evil
    The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
    Timez Attack Launcher
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    V CAST Music with Rhapsody
    Ventrilo Client
    VideoExpress1.0
    WD SmartWare
    WebEx Support Manager for Internet Explorer
    Windows Live Messenger
    .
    ==== End Of File ===========================
     
  2. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    bump

    A second attempt at running GMER.exe resulted in another BSOD. This scan does not seem to be in the cards.
     
  3. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello GWest251, and Welcome to the forum!

    My name is wannabeageek and I'll be helping you with any malware problems.
    I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
    Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

    Before we begin, please read and follow these important guidelines, so things will proceed smoothly.

    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so!
    4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

      Absence of symptoms does not mean that everything is clear.


    I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

    Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

    Please read all instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

    Because of this, I advise you to backup any personal files and folders before you start

    I am in training at Malware Removal University - You too could train to help others
     
  4. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Greetings GWest251,


    Not to worry as we can use another program in its place.

    Please download and run the following:


    Step 1
    OTL
    Please download OTL ... by Old Timer . Save it to your Desktop.

    1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




    Step 2.
    TDSSKiller
    Please download TDSSKiller.exe and save it to your Desktop.

    • Right click on TDSSKiller.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Click on Start Scan, the scan will run.
    • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
    • To find the log go to Start > Computer > C:
    • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
    • Post the contents of that log in your next reply please.
    • DO NOT TRY TO FIX ANYTHING AT THIS POINT




    Please include in your next reply:

    1. Contents of OTL.txt
    2. Contents of Extras.txt
    3. Contents of TDSSKiller report
    4. Any problem executing the instructions?

    Thanks,
    wbg
     
  5. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    I had no issues downloading and running any of the scans. TDSSKiller found nothing it wanted me to delelte. Logs below...

    OTL.txt:
    OTL logfile created on: 1/19/2013 11:59:17 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 40.02% Memory free
    8.17 Gb Paging File | 5.43 Gb Available in Paging File | 66.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.09 Gb Total Space | 81.17 Gb Free Space | 28.17% Space Free | Partition Type: NTFS

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/19 23:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Downloads\OTL.exe
    PRC - [2012/09/16 18:38:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/09/12 02:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccsvchst.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/04/07 16:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
    PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/03/09 07:43:30 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    PRC - [2007/01/19 14:54:56 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
    PRC - [2006/11/22 10:11:24 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    PRC - [2006/11/22 10:11:22 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/18 19:25:19 | 000,192,512 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfamcc00001.dll
    MOD - [2013/01/18 19:25:19 | 000,158,720 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfareca00001.dll
    MOD - [2013/01/07 19:06:22 | 000,460,392 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/07 19:06:21 | 012,459,624 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/07 19:06:19 | 004,012,648 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    MOD - [2013/01/07 19:05:29 | 000,598,120 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
    MOD - [2013/01/07 19:05:28 | 000,124,520 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll
    MOD - [2013/01/07 19:05:25 | 001,553,000 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
    MOD - [2012/03/18 11:49:35 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/03/09 07:43:30 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    MOD - [2006/11/22 10:11:22 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
    MOD - [2006/06/09 02:39:54 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
    MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
    SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/10/18 17:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2006/11/22 10:11:54 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxctcoms.exe -- (lxct_device)
    SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
    SRV - [2013/01/09 05:56:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
    SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
    SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2006/11/22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxctcoms.exe -- (lxct_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SRTSPX64.SYS -- (SRTSPX)
    DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604000.009\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccSetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/05/31 05:49:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMEFA64.SYS -- (SymEFA)
    DRV:64bit: - [2012/03/29 01:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604000.009\SYMTDIV.SYS -- (SYMTDIv)
    DRV:64bit: - [2012/03/29 01:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMDS64.SYS -- (SymDS)
    DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Ironx64.SYS -- (SymIRON)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/06/30 08:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2009/04/07 15:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2009/04/07 15:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
    DRV:64bit: - [2008/07/24 12:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/07/13 22:04:00 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2008/06/11 20:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2008/06/02 02:50:04 | 000,264,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/05/12 23:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2008/04/15 19:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/03/25 18:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/03/25 18:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2008/03/25 18:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2008/01/17 22:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007/10/18 17:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2013/01/19 09:48:57 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130119.024\ex64.sys -- (NAVEX15)
    DRV - [2013/01/19 09:48:57 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130119.024\eng64.sys -- (NAVENG)
    DRV - [2012/12/20 18:09:24 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/08 22:06:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DzztByEzy0DyEtDtD0BtDtN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=760592165
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DzztByEzy0DyEtDtD0BtDtN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=760592165
    IE - HKLM\..\SearchScopes\{7B415504-D892-B7B3-D233-5188B6BA4F80}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes,DefaultScope = {7B415504-D892-B7B3-D233-5188B6BA4F80}
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS309US312
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{7B415504-D892-B7B3-D233-5188B6BA4F80}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{B459A587-589B-4D52-8EF2-CABA7F2400E0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=&apn_ptnrs=L6&apn_dtid=YYYYYYYYUS&apn_uid=4bfe247e-a536-4390-ac8e-a5e17c72ab3c&apn_sauid=8761349F-FE93-4B00-874B-710076343D7E
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Greg\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/31 06:30:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/01/18 19:23:40 | 000,000,000 | ---D | M]

    [2012/09/07 17:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/ig
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/ig
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Norton Identity Protection = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: Gmail = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3:64bit: - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LXCTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCTtime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [lxctmon.exe] C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe ()
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [Lexmark 5400 Series] C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe ()
    O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3F27C9-B9D9-42D6-9893-4D145E057DD2}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A86402-F5FB-487B-AB19-A46F94CFC834}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\Shell - "" = AutoRun
    O33 - MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
    O33 - MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
    O33 - MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\Shell - "" = AutoRun
    O33 - MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\Shell\AutoRun\command - "" = F:\Runstaller.exe
    O33 - MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\Shell - "" = AutoRun
    O33 - MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/16 19:33:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/16 19:33:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/16 19:33:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/09 14:17:48 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/09 14:17:30 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
    [2013/01/02 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/02 20:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ========== Files - Modified Within 30 Days ==========

    [2013/01/19 23:46:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/19 23:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/19 23:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3611441785-2701502880-310225778-1000UA.job
    [2013/01/19 23:38:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 23:38:55 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/19 21:41:35 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3611441785-2701502880-310225778-1000Core.job
    [2013/01/19 17:46:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/19 09:38:45 | 000,228,550 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2013/01/19 09:38:44 | 000,228,550 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2013/01/19 09:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/18 19:30:18 | 000,735,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/18 19:30:18 | 000,625,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/18 19:30:18 | 000,114,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/18 19:23:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2013/01/18 19:22:41 | 4289,609,728 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/18 19:22:37 | 701,263,045 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/18 18:02:31 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Greg.job
    [2013/01/17 17:26:45 | 000,139,264 | ---- | M] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/17 05:30:29 | 000,365,568 | ---- | M] () -- C:\Users\Greg\Desktop\xzzc5ykr.exe
    [2013/01/16 20:26:10 | 000,003,616 | ---- | M] () -- C:\{FD1FAC21-03DC-4A8C-9E46-2A2BC9E8EB0C}
    [2013/01/16 20:23:41 | 000,003,016 | ---- | M] () -- C:\{4711FED7-2E6A-4F61-B660-BE5ED408F7E6}
    [2013/01/16 19:02:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/16 15:16:21 | 000,011,225 | ---- | M] () -- C:\Users\Greg\Documents\molly barker poem.odt
    [2013/01/14 04:56:25 | 000,002,041 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/14 04:56:23 | 000,002,039 | ---- | M] () -- C:\Users\Greg\Desktop\Google Chrome.lnk
    [2013/01/13 16:29:58 | 000,000,680 | ---- | M] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/10 03:42:50 | 000,349,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 05:56:23 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/09 05:56:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/06 21:01:15 | 000,093,533 | ---- | M] () -- C:\Users\Greg\Documents\Justin Drew Bieber.odt
    [2013/01/02 20:58:58 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/17 05:30:56 | 000,365,568 | ---- | C] () -- C:\Users\Greg\Desktop\xzzc5ykr.exe
    [2013/01/16 20:26:08 | 000,003,616 | ---- | C] () -- C:\{FD1FAC21-03DC-4A8C-9E46-2A2BC9E8EB0C}
    [2013/01/16 20:23:36 | 000,003,016 | ---- | C] () -- C:\{4711FED7-2E6A-4F61-B660-BE5ED408F7E6}
    [2013/01/16 15:16:18 | 000,011,225 | ---- | C] () -- C:\Users\Greg\Documents\molly barker poem.odt
    [2013/01/06 21:01:13 | 000,093,533 | ---- | C] () -- C:\Users\Greg\Documents\Justin Drew Bieber.odt
    [2013/01/02 20:58:58 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/03 18:39:26 | 000,000,732 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps64.dat
    [2012/08/23 19:05:58 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2012/07/11 20:25:11 | 000,000,352 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\wklnhst.dat
    [2012/04/01 09:21:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2011/05/18 17:50:04 | 000,001,940 | ---- | C] () -- C:\Users\Greg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/18 10:53:10 | 000,000,287 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/08/12 20:12:25 | 000,072,080 | ---- | C] () -- C:\Users\Greg\g2mdlhlpx.exe
    [2010/04/13 19:22:44 | 000,000,680 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2010/01/17 14:51:40 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/09/27 19:10:37 | 000,000,092 | ---- | C] () -- C:\Users\Greg\AppData\Local\fusioncache.dat
    [2009/07/05 16:24:07 | 000,139,264 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/07 09:30:34 | 000,870,128 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\mcs.rma
    [2009/02/07 09:30:34 | 000,000,004 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\0B24D6
    [2009/01/10 22:52:52 | 000,228,550 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/01/10 19:16:49 | 000,228,550 | ---- | C] () -- C:\ProgramData\nvModes.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:886133E1

    < End of report >

    Extras.txt:
    OTL Extras logfile created on: 1/19/2013 11:59:17 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 40.02% Memory free
    8.17 Gb Paging File | 5.43 Gb Available in Paging File | 66.45% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.09 Gb Total Space | 81.17 Gb Free Space | 28.17% Space Free | Partition Type: NTFS

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = DA 3A 25 C2 42 3F CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{132E09C3-35A8-4F80-8EC1-804B508EEF82}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1AA9D454-29CA-4FBF-AD23-9AF0D3D7C2A7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2CBDE77B-69A1-41C1-9770-EF9B1C4F90ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{3E961241-58BB-423A-9CE5-F16830E6B279}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6155D193-D387-4FBF-84AE-2B80B6BE7C0E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{698CD32C-5B6F-4F3F-A027-F9E8B8A236E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{81FA1127-AB9C-4D7F-9EFE-2ECEC37B3048}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{94C24BAD-4DBC-45EE-9746-FBD898CE4680}" = rport=445 | protocol=6 | dir=out | app=system |
    "{990F6968-9280-431F-95FB-AECF6CDFB165}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A66A70F3-01FA-4FC2-BC90-6326A821B2F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B1FF8605-E583-4796-A64B-131EFA97E657}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DD4EE2B3-0D2B-480E-8AFC-648CE3ADD404}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{021572A5-C4A4-43F8-988F-93438BD09439}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{03B81ABD-D0A8-43BA-B6E6-157C3F58EC9D}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
    "{03E61470-24BF-4621-9335-8114BC7CD97F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0A55006B-AF4D-406B-8C87-19AE58965900}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{0B9DF6C0-9830-419B-8186-DDDEED8C6FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
    "{10D347D7-8877-4363-96D7-208D9533D185}" = protocol=1 | dir=in | [email protected],-28543 |
    "{17686034-96F8-4543-9017-35379033D6C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
    "{229C9C64-E4E2-4E9C-9F17-59A850B8C78B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2832AA24-498E-4F44-B7E8-FEE1991FA75B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
    "{309EDC74-58A7-4193-9BC7-E34C55B19021}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{3D9731BB-86CF-457A-B206-6A15F4F389CD}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
    "{46BB031A-CF4E-460F-927E-345CB0D5AA70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{4E194BD6-79CC-4C30-9D7E-72B68AF30E21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{54220ABD-3A93-4B3F-97A7-BAA8D19BFD4F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{5D29BA63-C6C2-4C6A-9050-C1F72F924606}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{5FBBF906-2ED1-44B5-ABF4-FF65E94BE6D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{60669B55-2407-4377-91A9-5B28F9D8F404}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{7321A999-B680-46C5-9B8E-0A2EB1DBE187}" = protocol=58 | dir=out | [email protected],-28546 |
    "{8AA971BE-6031-4C35-B407-D88C18BDEAE0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
    "{93559A02-7256-4B23-9C0F-E2C1AADA6B18}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{9398510C-0CAB-4994-A40D-2F256BF104DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A9B61FB4-CEEB-478B-B576-641C1DA20BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
    "{B7B7D0AB-9774-4C56-BBF9-CEDFAA01AA92}" = protocol=58 | dir=in | [email protected],-28545 |
    "{BBCE77C4-49AD-4FBE-8871-03EC5CDB6846}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{C38C116D-DFF8-4C4C-B6F8-791AFE049614}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C498CC7A-5A41-4792-BC97-6BF1BF96F889}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
    "{C6BBD8DA-B656-404B-9529-14B71EA3D024}" = protocol=1 | dir=out | [email protected],-28544 |
    "{CA0E4FAB-1DE8-482A-80D5-3907D4BE906B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CD1A2284-2394-4D1C-B595-565D3C8506E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{D120350D-C900-4163-A8EC-3695A250C71F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D8D28F59-78E4-48F3-BA5F-32CA24A71824}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{E2B01C72-A5E9-4657-ABDC-180F7C75B575}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{F39504F9-C57B-4D68-B3B9-4F75CD5DBCCC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F688EDA8-C68A-4D2E-9EBE-34D714AB9795}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{FA9C60A2-E1EE-451F-9036-85D2284873DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "Lexmark 5400 Series" = Lexmark 5400 Series
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
    "{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
    "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "110555303" = Family Feud
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
    "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.04.804
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Guild Wars" = Guild Wars
    "Guild Wars 2" = Guild Wars 2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2007b" = Microsoft Money Essentials
    "N360" = Norton 360 Premier Edition
    "Network MagicUninstall" = Network Magic
    "NSS" = Norton Security Scan
    "Origin" = Origin
    "QuickFlix" = QuickFlix Companion
    "SmartMusic 2012c" = SmartMusic 2012c
    "SpeedFan" = SpeedFan (remove only)
    "Timez Attack Launcher O" = Timez Attack Launcher
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "Video Express_is1" = VideoExpress1.0
    "WildTangent gateway Master Uninstall" = Gateway Games

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "RPTools TokenTool" = RPTools TokenTool
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/10/2011 11:42:00 PM | Computer Name = Greg-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/10/2011 11:42:00 PM | Computer Name = Greg-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10374

    Error - 3/10/2011 11:42:00 PM | Computer Name = Greg-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10374

    Error - 3/12/2011 10:00:32 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Western
    Digital\WD SmartWare\Front Parlor\Vista\Shadow.dll". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 3/12/2011 10:01:50 AM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3/14/2011 6:35:27 PM | Computer Name = Greg-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.6001.19019 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 14c4 Start Time: 01cbe297eb038a80 Termination Time: 0

    Error - 3/16/2011 7:12:33 AM | Computer Name = Greg-PC | Source = Bonjour Service | ID = 100
    Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
    too short

    Error - 3/18/2011 4:55:42 AM | Computer Name = Greg-PC | Source = Bonjour Service | ID = 100
    Description = DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0
    too short

    Error - 3/21/2011 4:53:03 AM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\Western
    Digital\WD SmartWare\Front Parlor\Vista\Shadow.dll". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 3/21/2011 4:54:10 AM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 10/7/2009 5:53:49 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 7:41:11 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 11/1/2010 8:51:54 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 4/12/2012 8:56:47 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    Error - 4/13/2012 10:57:52 PM | Computer Name = Greg-PC | Source = MCUpdate | ID = 0
    Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
    due to an abandoned mutex.'.

    [ System Events ]
    Error - 1/16/2013 7:59:35 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/16/2013 7:59:35 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/17/2013 6:36:15 AM | Computer Name = Greg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:34:04 AM on 1/17/2013 was unexpected.

    Error - 1/17/2013 6:37:35 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/17/2013 6:37:35 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/18/2013 8:22:59 PM | Computer Name = Greg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:21:23 PM on 1/18/2013 was unexpected.

    Error - 1/18/2013 8:23:52 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/18/2013 8:23:52 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/19/2013 10:41:35 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 1/19/2013 10:42:04 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >

    TDSSKiller report:
    00:15:28.0347 2724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    00:15:29.0047 2724 ============================================================
    00:15:29.0047 2724 Current date / time: 2013/01/20 00:15:29.0047
    00:15:29.0047 2724 SystemInfo:
    00:15:29.0047 2724
    00:15:29.0048 2724 OS Version: 6.0.6002 ServicePack: 2.0
    00:15:29.0048 2724 Product type: Workstation
    00:15:29.0048 2724 ComputerName: GREG-PC
    00:15:29.0048 2724 UserName: Greg
    00:15:29.0048 2724 Windows directory: C:\Windows
    00:15:29.0048 2724 System windows directory: C:\Windows
    00:15:29.0048 2724 Running under WOW64
    00:15:29.0048 2724 Processor architecture: Intel x64
    00:15:29.0048 2724 Number of processors: 2
    00:15:29.0048 2724 Page size: 0x1000
    00:15:29.0048 2724 Boot type: Normal boot
    00:15:29.0048 2724 ============================================================
    00:15:29.0925 2724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:15:29.0930 2724 ============================================================
    00:15:29.0930 2724 \Device\Harddisk0\DR0:
    00:15:29.0930 2724 MBR partitions:
    00:15:29.0930 2724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x2402D800
    00:15:29.0930 2724 ============================================================
    00:15:29.0973 2724 C: <-> \Device\Harddisk0\DR0\Partition1
    00:15:29.0973 2724 ============================================================
    00:15:29.0973 2724 Initialize success
    00:15:29.0973 2724 ============================================================
    00:15:44.0648 5780 ============================================================
    00:15:44.0648 5780 Scan started
    00:15:44.0649 5780 Mode: Manual;
    00:15:44.0649 5780 ============================================================
    00:15:45.0087 5780 ================ Scan system memory ========================
    00:15:45.0087 5780 System memory - ok
    00:15:45.0087 5780 ================ Scan services =============================
    00:15:45.0267 5780 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
    00:15:45.0272 5780 ACPI - ok
    00:15:45.0358 5780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:15:45.0360 5780 AdobeARMservice - ok
    00:15:45.0490 5780 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    00:15:45.0495 5780 AdobeFlashPlayerUpdateSvc - ok
    00:15:45.0544 5780 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    00:15:45.0558 5780 adp94xx - ok
    00:15:45.0605 5780 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    00:15:45.0610 5780 adpahci - ok
    00:15:45.0640 5780 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    00:15:45.0643 5780 adpu160m - ok
    00:15:45.0669 5780 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    00:15:45.0672 5780 adpu320 - ok
    00:15:45.0713 5780 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    00:15:45.0714 5780 AeLookupSvc - ok
    00:15:45.0758 5780 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
    00:15:45.0765 5780 AFD - ok
    00:15:45.0797 5780 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    00:15:45.0799 5780 agp440 - ok
    00:15:45.0877 5780 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    00:15:45.0879 5780 aic78xx - ok
    00:15:45.0902 5780 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    00:15:45.0903 5780 ALG - ok
    00:15:45.0919 5780 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
    00:15:45.0920 5780 aliide - ok
    00:15:45.0926 5780 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    00:15:45.0927 5780 amdide - ok
    00:15:45.0948 5780 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    00:15:45.0949 5780 AmdK8 - ok
    00:15:45.0978 5780 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    00:15:45.0980 5780 Appinfo - ok
    00:15:46.0059 5780 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    00:15:46.0061 5780 Apple Mobile Device - ok
    00:15:46.0095 5780 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    00:15:46.0097 5780 arc - ok
    00:15:46.0109 5780 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    00:15:46.0111 5780 arcsas - ok
    00:15:46.0165 5780 aspnet_state - ok
    00:15:46.0198 5780 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    00:15:46.0199 5780 AsyncMac - ok
    00:15:46.0218 5780 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
    00:15:46.0219 5780 atapi - ok
    00:15:46.0265 5780 [ 40767B965A8D575D794F1F95E2E017E9 ] atashost C:\Windows\SysWOW64\atashost.exe
    00:15:46.0266 5780 atashost - ok
    00:15:46.0319 5780 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    00:15:46.0327 5780 AudioEndpointBuilder - ok
    00:15:46.0352 5780 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    00:15:46.0355 5780 AudioSrv - ok
    00:15:46.0404 5780 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
    00:15:46.0419 5780 BFE - ok
    00:15:46.0583 5780 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
    00:15:46.0606 5780 BHDrvx64 - ok
    00:15:46.0683 5780 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
    00:15:46.0707 5780 BITS - ok
    00:15:46.0729 5780 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    00:15:46.0730 5780 blbdrive - ok
    00:15:46.0790 5780 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    00:15:46.0796 5780 Bonjour Service - ok
    00:15:46.0822 5780 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    00:15:46.0824 5780 bowser - ok
    00:15:46.0843 5780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    00:15:46.0844 5780 BrFiltLo - ok
    00:15:46.0862 5780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    00:15:46.0862 5780 BrFiltUp - ok
    00:15:46.0888 5780 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    00:15:46.0890 5780 Browser - ok
    00:15:46.0917 5780 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    00:15:46.0919 5780 Brserid - ok
    00:15:46.0945 5780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    00:15:46.0946 5780 BrSerWdm - ok
    00:15:46.0957 5780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    00:15:46.0958 5780 BrUsbMdm - ok
    00:15:46.0966 5780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    00:15:46.0967 5780 BrUsbSer - ok
    00:15:46.0988 5780 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    00:15:46.0989 5780 BTHMODEM - ok
    00:15:47.0043 5780 [ CD69E6640BC4778EB4159D34A707106E ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
    00:15:47.0047 5780 CAXHWAZL - ok
    00:15:47.0147 5780 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
    00:15:47.0159 5780 ccSet_N360 - ok
    00:15:47.0174 5780 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    00:15:47.0176 5780 cdfs - ok
    00:15:47.0214 5780 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    00:15:47.0216 5780 cdrom - ok
    00:15:47.0254 5780 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
    00:15:47.0256 5780 CertPropSvc - ok
    00:15:47.0276 5780 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
    00:15:47.0277 5780 circlass - ok
    00:15:47.0314 5780 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
    00:15:47.0320 5780 CLFS - ok
    00:15:47.0361 5780 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:15:47.0363 5780 clr_optimization_v2.0.50727_32 - ok
    00:15:47.0440 5780 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:15:47.0442 5780 clr_optimization_v2.0.50727_64 - ok
    00:15:47.0537 5780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:15:47.0545 5780 clr_optimization_v4.0.30319_32 - ok
    00:15:47.0586 5780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:15:47.0588 5780 clr_optimization_v4.0.30319_64 - ok
    00:15:47.0606 5780 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    00:15:47.0607 5780 CmBatt - ok
    00:15:47.0620 5780 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    00:15:47.0621 5780 cmdide - ok
    00:15:47.0656 5780 [ 491CBD050CE600B0FB8E71D01D76E0F9 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    00:15:47.0660 5780 CnxtHdAudService - ok
    00:15:47.0668 5780 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    00:15:47.0668 5780 Compbatt - ok
    00:15:47.0676 5780 COMSysApp - ok
    00:15:47.0684 5780 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    00:15:47.0685 5780 crcdisk - ok
    00:15:47.0741 5780 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    00:15:47.0743 5780 CryptSvc - ok
    00:15:47.0808 5780 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    00:15:47.0809 5780 DAUpdaterSvc - ok
    00:15:47.0942 5780 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
    00:15:47.0957 5780 DcomLaunch - ok
    00:15:48.0001 5780 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    00:15:48.0002 5780 DfsC - ok
    00:15:48.0087 5780 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
    00:15:48.0161 5780 DFSR - ok
    00:15:48.0220 5780 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    00:15:48.0224 5780 Dhcp - ok
    00:15:48.0247 5780 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
    00:15:48.0248 5780 disk - ok
    00:15:48.0287 5780 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    00:15:48.0289 5780 Dnscache - ok
    00:15:48.0322 5780 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
    00:15:48.0325 5780 dot3svc - ok
    00:15:48.0352 5780 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    00:15:48.0356 5780 DPS - ok
    00:15:48.0386 5780 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    00:15:48.0386 5780 drmkaud - ok
    00:15:48.0429 5780 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    00:15:48.0455 5780 DXGKrnl - ok
    00:15:48.0497 5780 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    00:15:48.0499 5780 E1G60 - ok
    00:15:48.0524 5780 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    00:15:48.0526 5780 EapHost - ok
    00:15:48.0562 5780 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
    00:15:48.0565 5780 Ecache - ok
    00:15:48.0617 5780 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    00:15:48.0634 5780 eeCtrl - ok
    00:15:48.0709 5780 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    00:15:48.0715 5780 ehRecvr - ok
    00:15:48.0721 5780 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    00:15:48.0723 5780 ehSched - ok
    00:15:48.0747 5780 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    00:15:48.0748 5780 ehstart - ok
    00:15:48.0780 5780 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    00:15:48.0787 5780 elxstor - ok
    00:15:48.0832 5780 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    00:15:48.0840 5780 EMDMgmt - ok
    00:15:48.0889 5780 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    00:15:48.0891 5780 EraserUtilRebootDrv - ok
    00:15:48.0907 5780 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    00:15:48.0908 5780 ErrDev - ok
    00:15:48.0973 5780 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    00:15:48.0974 5780 ETService - ok
    00:15:49.0034 5780 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
    00:15:49.0040 5780 EventSystem - ok
    00:15:49.0090 5780 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
    00:15:49.0095 5780 exfat - ok
    00:15:49.0135 5780 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    00:15:49.0140 5780 fastfat - ok
    00:15:49.0176 5780 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    00:15:49.0178 5780 fdc - ok
    00:15:49.0208 5780 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    00:15:49.0211 5780 fdPHost - ok
    00:15:49.0273 5780 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    00:15:49.0275 5780 FDResPub - ok
    00:15:49.0287 5780 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    00:15:49.0289 5780 FileInfo - ok
    00:15:49.0309 5780 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    00:15:49.0310 5780 Filetrace - ok
    00:15:49.0322 5780 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    00:15:49.0323 5780 flpydisk - ok
    00:15:49.0345 5780 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    00:15:49.0351 5780 FltMgr - ok
    00:15:49.0418 5780 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
    00:15:49.0445 5780 FontCache - ok
    00:15:49.0489 5780 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:15:49.0490 5780 FontCache3.0.0.0 - ok
    00:15:49.0508 5780 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    00:15:49.0509 5780 Fs_Rec - ok
    00:15:49.0539 5780 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    00:15:49.0540 5780 gagp30kx - ok
    00:15:49.0641 5780 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
    00:15:49.0644 5780 GameConsoleService - ok
    00:15:49.0684 5780 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
    00:15:49.0685 5780 GEARAspiWDM - ok
    00:15:49.0724 5780 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
    00:15:49.0741 5780 gpsvc - ok
    00:15:49.0788 5780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:15:49.0789 5780 gupdate - ok
    00:15:49.0806 5780 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:15:49.0807 5780 gupdatem - ok
    00:15:49.0868 5780 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:15:49.0871 5780 gusvc - ok
    00:15:49.0895 5780 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:15:49.0899 5780 HdAudAddService - ok
    00:15:49.0952 5780 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    00:15:49.0977 5780 HDAudBus - ok
    00:15:50.0008 5780 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    00:15:50.0009 5780 HidBth - ok
    00:15:50.0027 5780 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    00:15:50.0027 5780 HidIr - ok
    00:15:50.0056 5780 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
    00:15:50.0057 5780 hidserv - ok
    00:15:50.0090 5780 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    00:15:50.0090 5780 HidUsb - ok
    00:15:50.0115 5780 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:15:50.0117 5780 hkmsvc - ok
    00:15:50.0141 5780 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    00:15:50.0143 5780 HpCISSs - ok
    00:15:50.0188 5780 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    00:15:50.0192 5780 HSFHWAZL - ok
    00:15:50.0251 5780 [ EBDBA99C2362457BE429F024396B63BE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
    00:15:50.0284 5780 HSF_DPV - ok
    00:15:50.0337 5780 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:15:50.0352 5780 HTTP - ok
    00:15:50.0385 5780 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    00:15:50.0386 5780 i2omp - ok
    00:15:50.0419 5780 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    00:15:50.0420 5780 i8042prt - ok
    00:15:50.0472 5780 [ CB686F44BF955EA02520710A56874FA4 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    00:15:50.0477 5780 IAANTMON - ok
    00:15:50.0531 5780 [ 8D58627FEF3F8767665D9F4DC91CBD97 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    00:15:50.0533 5780 iaStor - ok
    00:15:50.0576 5780 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    00:15:50.0580 5780 iaStorV - ok
    00:15:50.0666 5780 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    00:15:50.0668 5780 IDriverT - ok
    00:15:50.0721 5780 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:15:50.0747 5780 idsvc - ok
    00:15:50.0873 5780 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130118.001\IDSvia64.sys
    00:15:50.0881 5780 IDSVia64 - ok
    00:15:50.0898 5780 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    00:15:50.0899 5780 iirsp - ok
    00:15:50.0940 5780 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
    00:15:50.0957 5780 IKEEXT - ok
    00:15:51.0069 5780 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
    00:15:51.0070 5780 int15 - ok
    00:15:51.0087 5780 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    00:15:51.0088 5780 intelide - ok
    00:15:51.0109 5780 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:15:51.0110 5780 intelppm - ok
    00:15:51.0134 5780 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:15:51.0137 5780 IPBusEnum - ok
    00:15:51.0177 5780 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:15:51.0179 5780 IpFilterDriver - ok
    00:15:51.0219 5780 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    00:15:51.0223 5780 iphlpsvc - ok
    00:15:51.0232 5780 IpInIp - ok
    00:15:51.0293 5780 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    00:15:51.0294 5780 IPMIDRV - ok
    00:15:51.0317 5780 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    00:15:51.0319 5780 IPNAT - ok
    00:15:51.0363 5780 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    00:15:51.0377 5780 iPod Service - ok
    00:15:51.0402 5780 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:15:51.0402 5780 IRENUM - ok
    00:15:51.0435 5780 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:15:51.0436 5780 isapnp - ok
    00:15:51.0475 5780 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    00:15:51.0478 5780 iScsiPrt - ok
    00:15:51.0507 5780 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    00:15:51.0508 5780 iteatapi - ok
    00:15:51.0553 5780 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    00:15:51.0554 5780 iteraid - ok
    00:15:51.0558 5780 ivusb - ok
    00:15:51.0585 5780 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    00:15:51.0586 5780 kbdclass - ok
    00:15:51.0621 5780 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    00:15:51.0622 5780 kbdhid - ok
    00:15:51.0657 5780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
    00:15:51.0658 5780 KeyIso - ok
    00:15:51.0700 5780 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:15:51.0714 5780 KSecDD - ok
    00:15:51.0766 5780 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:15:51.0767 5780 ksthunk - ok
    00:15:51.0785 5780 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:15:51.0791 5780 KtmRm - ok
    00:15:51.0818 5780 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:15:51.0822 5780 LanmanServer - ok
    00:15:51.0863 5780 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:15:51.0868 5780 LanmanWorkstation - ok
    00:15:51.0916 5780 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:15:51.0917 5780 lltdio - ok
    00:15:51.0948 5780 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:15:51.0952 5780 lltdsvc - ok
    00:15:51.0978 5780 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:15:51.0980 5780 lmhosts - ok
    00:15:52.0002 5780 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    00:15:52.0003 5780 LSI_FC - ok
    00:15:52.0019 5780 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    00:15:52.0021 5780 LSI_SAS - ok
    00:15:52.0035 5780 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    00:15:52.0037 5780 LSI_SCSI - ok
    00:15:52.0061 5780 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:15:52.0064 5780 luafv - ok
    00:15:52.0076 5780 lxct_device - ok
    00:15:52.0088 5780 MCSTRM - ok
    00:15:52.0109 5780 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:15:52.0111 5780 Mcx2Svc - ok
    00:15:52.0138 5780 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    00:15:52.0139 5780 mdmxsdk - ok
    00:15:52.0166 5780 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    00:15:52.0167 5780 megasas - ok
    00:15:52.0213 5780 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    00:15:52.0219 5780 MegaSR - ok
    00:15:52.0241 5780 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    00:15:52.0243 5780 MMCSS - ok
    00:15:52.0255 5780 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    00:15:52.0256 5780 Modem - ok
    00:15:52.0283 5780 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:15:52.0284 5780 monitor - ok
    00:15:52.0310 5780 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    00:15:52.0311 5780 mouclass - ok
    00:15:52.0332 5780 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:15:52.0333 5780 mouhid - ok
    00:15:52.0342 5780 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    00:15:52.0344 5780 MountMgr - ok
    00:15:52.0370 5780 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:15:52.0372 5780 mpio - ok
    00:15:52.0400 5780 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:15:52.0402 5780 mpsdrv - ok
    00:15:52.0440 5780 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
    00:15:52.0457 5780 MpsSvc - ok
    00:15:52.0488 5780 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    00:15:52.0489 5780 Mraid35x - ok
    00:15:52.0532 5780 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:15:52.0535 5780 MRxDAV - ok
    00:15:52.0596 5780 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:15:52.0598 5780 mrxsmb - ok
    00:15:52.0635 5780 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:15:52.0639 5780 mrxsmb10 - ok
    00:15:52.0649 5780 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:15:52.0651 5780 mrxsmb20 - ok
    00:15:52.0687 5780 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
    00:15:52.0688 5780 msahci - ok
    00:15:52.0707 5780 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:15:52.0710 5780 msdsm - ok
    00:15:52.0736 5780 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    00:15:52.0739 5780 MSDTC - ok
    00:15:52.0787 5780 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:15:52.0788 5780 Msfs - ok
    00:15:52.0869 5780 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:15:52.0871 5780 msisadrv - ok
    00:15:52.0908 5780 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:15:52.0911 5780 MSiSCSI - ok
    00:15:52.0916 5780 msiserver - ok
    00:15:52.0965 5780 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:15:52.0966 5780 MSKSSRV - ok
    00:15:52.0981 5780 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:15:52.0982 5780 MSPCLOCK - ok
    00:15:52.0994 5780 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:15:52.0995 5780 MSPQM - ok
    00:15:53.0030 5780 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:15:53.0036 5780 MsRPC - ok
    00:15:53.0084 5780 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    00:15:53.0086 5780 mssmbios - ok
    00:15:53.0107 5780 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:15:53.0109 5780 MSTEE - ok
    00:15:53.0154 5780 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:15:53.0156 5780 Mup - ok
    00:15:53.0259 5780 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe
    00:15:53.0264 5780 N360 - ok
    00:15:53.0377 5780 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    00:15:53.0412 5780 napagent - ok
    00:15:53.0464 5780 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:15:53.0469 5780 NativeWifiP - ok
    00:15:53.0527 5780 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130119.024\ENG64.SYS
    00:15:53.0530 5780 NAVENG - ok
    00:15:53.0649 5780 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130119.024\EX64.SYS
    00:15:53.0703 5780 NAVEX15 - ok
    00:15:53.0764 5780 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:15:53.0781 5780 NDIS - ok
    00:15:53.0808 5780 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:15:53.0811 5780 NdisTapi - ok
    00:15:53.0823 5780 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:15:53.0824 5780 Ndisuio - ok
    00:15:53.0889 5780 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:15:53.0892 5780 NdisWan - ok
    00:15:53.0910 5780 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:15:53.0911 5780 NDProxy - ok
    00:15:53.0924 5780 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:15:53.0925 5780 NetBIOS - ok
    00:15:53.0952 5780 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    00:15:53.0955 5780 netbt - ok
    00:15:53.0970 5780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    00:15:53.0971 5780 Netlogon - ok
    00:15:53.0998 5780 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    00:15:54.0004 5780 Netman - ok
    00:15:54.0022 5780 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    00:15:54.0026 5780 netprofm - ok
    00:15:54.0056 5780 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:15:54.0057 5780 NetTcpPortSharing - ok
    00:15:54.0166 5780 [ 2BDCB7B7917380794C9D87AC2153CE33 ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
    00:15:54.0269 5780 NETw5v64 - ok
    00:15:54.0322 5780 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    00:15:54.0323 5780 nfrd960 - ok
    00:15:54.0351 5780 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:15:54.0355 5780 NlaSvc - ok
    00:15:54.0410 5780 [ CD2FE9C33CFD0FE0AF124E05907E5C3D ] nmservice C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    00:15:54.0426 5780 nmservice - ok
    00:15:54.0445 5780 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:15:54.0446 5780 Npfs - ok
    00:15:54.0465 5780 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    00:15:54.0468 5780 nsi - ok
    00:15:54.0473 5780 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:15:54.0474 5780 nsiproxy - ok
    00:15:54.0561 5780 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:15:54.0611 5780 Ntfs - ok
    00:15:54.0616 5780 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    00:15:54.0618 5780 Null - ok
    00:15:54.0668 5780 [ 29A70AD61FB913B4E6C587924B23B62C ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    00:15:54.0670 5780 NVHDA - ok
    00:15:54.0920 5780 [ C496CFEDEECC02B654EBED3954D47B1B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    00:15:55.0109 5780 nvlddmkm - ok
    00:15:55.0134 5780 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:15:55.0137 5780 nvraid - ok
    00:15:55.0162 5780 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:15:55.0163 5780 nvstor - ok
    00:15:55.0198 5780 [ C083A5414A9D145354F1921BBCD895E4 ] nvsvc C:\Windows\system32\nvvsvc.exe
    00:15:55.0203 5780 nvsvc - ok
    00:15:55.0234 5780 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:15:55.0236 5780 nv_agp - ok
    00:15:55.0240 5780 NwlnkFlt - ok
    00:15:55.0245 5780 NwlnkFwd - ok
    00:15:55.0296 5780 [ D955D5DE998DB2476BF0892BE3A96C26 ] o2flash C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    00:15:55.0298 5780 o2flash - ok
    00:15:55.0324 5780 [ 1FBB63BD15D25B022DC986D463F94219 ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
    00:15:55.0325 5780 O2MDRDR - ok
    00:15:55.0333 5780 [ C88959545B5F598791D30314C7DB5718 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
    00:15:55.0334 5780 O2SDRDR - ok
    00:15:55.0400 5780 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    00:15:55.0405 5780 odserv - ok
    00:15:55.0474 5780 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    00:15:55.0475 5780 ohci1394 - ok
    00:15:55.0501 5780 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:15:55.0503 5780 ose - ok
    00:15:55.0548 5780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    00:15:55.0581 5780 p2pimsvc - ok
    00:15:55.0601 5780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    00:15:55.0606 5780 p2psvc - ok
    00:15:55.0631 5780 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    00:15:55.0633 5780 Parport - ok
    00:15:55.0654 5780 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:15:55.0655 5780 partmgr - ok
    00:15:55.0689 5780 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\Windows\system32\drivers\pavboot64.sys
    00:15:55.0689 5780 pavboot - ok
    00:15:55.0709 5780 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:15:55.0712 5780 PcaSvc - ok
    00:15:55.0729 5780 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    00:15:55.0732 5780 pci - ok
    00:15:55.0745 5780 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
    00:15:55.0746 5780 pciide - ok
    00:15:55.0769 5780 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    00:15:55.0772 5780 pcmcia - ok
    00:15:55.0807 5780 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:15:55.0821 5780 PEAUTH - ok
    00:15:55.0853 5780 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:15:55.0855 5780 PerfHost - ok
    00:15:55.0925 5780 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    00:15:55.0976 5780 pla - ok
    00:15:56.0014 5780 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:15:56.0029 5780 PlugPlay - ok
    00:15:56.0052 5780 [ 4FF73A83A25D0EEAD4F5E6C841BB6704 ] pnarp C:\Windows\system32\DRIVERS\pnarp.sys
    00:15:56.0054 5780 pnarp - ok
    00:15:56.0069 5780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    00:15:56.0076 5780 PNRPAutoReg - ok
    00:15:56.0091 5780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    00:15:56.0099 5780 PNRPsvc - ok
    00:15:56.0135 5780 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:15:56.0151 5780 PolicyAgent - ok
    00:15:56.0184 5780 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:15:56.0186 5780 PptpMiniport - ok
    00:15:56.0206 5780 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    00:15:56.0207 5780 Processor - ok
    00:15:56.0241 5780 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    00:15:56.0246 5780 ProfSvc - ok
    00:15:56.0258 5780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:15:56.0260 5780 ProtectedStorage - ok
    00:15:56.0298 5780 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    00:15:56.0300 5780 PSched - ok
    00:15:56.0333 5780 [ 9A68A89F10F283A23AFEE2A1BFE4BFFB ] purendis C:\Windows\system32\DRIVERS\purendis.sys
    00:15:56.0334 5780 purendis - ok
    00:15:56.0357 5780 [ 05F46042208E515B9C240AAFC54E7AA2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    00:15:56.0358 5780 PxHlpa64 - ok
    00:15:56.0410 5780 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    00:15:56.0443 5780 ql2300 - ok
    00:15:56.0478 5780 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    00:15:56.0481 5780 ql40xx - ok
    00:15:56.0513 5780 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    00:15:56.0519 5780 QWAVE - ok
    00:15:56.0545 5780 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:15:56.0547 5780 QWAVEdrv - ok
    00:15:56.0552 5780 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:15:56.0553 5780 RasAcd - ok
    00:15:56.0567 5780 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    00:15:56.0570 5780 RasAuto - ok
    00:15:56.0584 5780 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:15:56.0587 5780 Rasl2tp - ok
    00:15:56.0604 5780 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    00:15:56.0611 5780 RasMan - ok
    00:15:56.0635 5780 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:15:56.0636 5780 RasPppoe - ok
    00:15:56.0669 5780 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:15:56.0671 5780 RasSstp - ok
    00:15:56.0705 5780 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:15:56.0711 5780 rdbss - ok
    00:15:56.0727 5780 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:15:56.0728 5780 RDPCDD - ok
    00:15:56.0772 5780 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    00:15:56.0778 5780 rdpdr - ok
    00:15:56.0784 5780 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:15:56.0785 5780 RDPENCDD - ok
    00:15:56.0835 5780 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    00:15:56.0838 5780 RDPWD - ok
    00:15:56.0861 5780 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:15:56.0863 5780 RemoteAccess - ok
    00:15:56.0896 5780 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:15:56.0900 5780 RemoteRegistry - ok
    00:15:56.0923 5780 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    00:15:56.0925 5780 RpcLocator - ok
    00:15:56.0962 5780 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    00:15:56.0969 5780 RpcSs - ok
    00:15:56.0991 5780 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:15:56.0992 5780 rspndr - ok
    00:15:57.0048 5780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    00:15:57.0051 5780 SamSs - ok
    00:15:57.0101 5780 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:15:57.0104 5780 sbp2port - ok
    00:15:57.0147 5780 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:15:57.0154 5780 SCardSvr - ok
    00:15:57.0211 5780 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    00:15:57.0245 5780 Schedule - ok
    00:15:57.0288 5780 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:15:57.0289 5780 SCPolicySvc - ok
    00:15:57.0335 5780 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    00:15:57.0338 5780 sdbus - ok
    00:15:57.0369 5780 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:15:57.0373 5780 SDRSVC - ok
    00:15:57.0389 5780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:15:57.0390 5780 secdrv - ok
    00:15:57.0404 5780 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    00:15:57.0406 5780 seclogon - ok
    00:15:57.0421 5780 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    00:15:57.0424 5780 SENS - ok
    00:15:57.0453 5780 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    00:15:57.0454 5780 Serenum - ok
    00:15:57.0473 5780 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    00:15:57.0475 5780 Serial - ok
    00:15:57.0498 5780 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    00:15:57.0500 5780 sermouse - ok
    00:15:57.0531 5780 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:15:57.0535 5780 SessionEnv - ok
    00:15:57.0547 5780 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:15:57.0548 5780 sffdisk - ok
    00:15:57.0563 5780 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:15:57.0564 5780 sffp_mmc - ok
    00:15:57.0576 5780 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:15:57.0577 5780 sffp_sd - ok
    00:15:57.0587 5780 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    00:15:57.0588 5780 sfloppy - ok
    00:15:57.0624 5780 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    00:15:57.0630 5780 SharedAccess - ok
    00:15:57.0661 5780 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:15:57.0667 5780 ShellHWDetection - ok
    00:15:57.0685 5780 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    00:15:57.0687 5780 SiSRaid2 - ok
    00:15:57.0719 5780 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    00:15:57.0721 5780 SiSRaid4 - ok
    00:15:57.0811 5780 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    00:15:57.0900 5780 slsvc - ok
    00:15:57.0928 5780 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    00:15:57.0930 5780 SLUINotify - ok
    00:15:57.0966 5780 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:15:57.0967 5780 Smb - ok
    00:15:57.0990 5780 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:15:57.0992 5780 SNMPTRAP - ok
    00:15:58.0021 5780 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
    00:15:58.0023 5780 speedfan - ok
    00:15:58.0051 5780 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    00:15:58.0051 5780 spldr - ok
    00:15:58.0081 5780 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    00:15:58.0085 5780 Spooler - ok
    00:15:58.0146 5780 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
    00:15:58.0160 5780 SRTSP - ok
    00:15:58.0196 5780 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
    00:15:58.0197 5780 SRTSPX - ok
    00:15:58.0235 5780 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:15:58.0241 5780 srv - ok
    00:15:58.0294 5780 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:15:58.0297 5780 srv2 - ok
    00:15:58.0329 5780 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:15:58.0332 5780 srvnet - ok
    00:15:58.0342 5780 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:15:58.0346 5780 SSDPSRV - ok
    00:15:58.0372 5780 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:15:58.0376 5780 SstpSvc - ok
    00:15:58.0408 5780 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    00:15:58.0425 5780 stisvc - ok
    00:15:58.0451 5780 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    00:15:58.0452 5780 swenum - ok
    00:15:58.0486 5780 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    00:15:58.0502 5780 swprv - ok
    00:15:58.0524 5780 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    00:15:58.0525 5780 Symc8xx - ok
    00:15:58.0560 5780 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
    00:15:58.0576 5780 SymDS - ok
    00:15:58.0634 5780 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
    00:15:58.0660 5780 SymEFA - ok
    00:15:58.0689 5780 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    00:15:58.0692 5780 SymEvent - ok
    00:15:58.0722 5780 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
    00:15:58.0726 5780 SymIRON - ok
    00:15:58.0750 5780 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0604000.009\SYMTDIV.SYS
    00:15:58.0765 5780 SYMTDIv - ok
    00:15:58.0789 5780 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    00:15:58.0790 5780 Sym_hi - ok
    00:15:58.0810 5780 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    00:15:58.0812 5780 Sym_u3 - ok
    00:15:58.0847 5780 [ B432C6063D4C621241C2B6E05CA0C3E3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    00:15:58.0852 5780 SynTP - ok
    00:15:58.0900 5780 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    00:15:58.0965 5780 SysMain - ok
    00:15:59.0011 5780 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:15:59.0016 5780 TabletInputService - ok
    00:15:59.0053 5780 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:15:59.0060 5780 TapiSrv - ok
    00:15:59.0079 5780 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    00:15:59.0082 5780 TBS - ok
    00:15:59.0137 5780 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:15:59.0171 5780 Tcpip - ok
    00:15:59.0226 5780 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:15:59.0236 5780 Tcpip6 - ok
    00:15:59.0266 5780 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:15:59.0267 5780 tcpipreg - ok
    00:15:59.0279 5780 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:15:59.0280 5780 TDPIPE - ok
    00:15:59.0324 5780 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:15:59.0325 5780 TDTCP - ok
    00:15:59.0349 5780 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:15:59.0351 5780 tdx - ok
    00:15:59.0382 5780 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    00:15:59.0383 5780 TermDD - ok
    00:15:59.0424 5780 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    00:15:59.0440 5780 TermService - ok
    00:15:59.0460 5780 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    00:15:59.0468 5780 Themes - ok
    00:15:59.0497 5780 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    00:15:59.0501 5780 THREADORDER - ok
    00:15:59.0528 5780 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    00:15:59.0535 5780 TrkWks - ok
    00:15:59.0606 5780 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:15:59.0607 5780 TrustedInstaller - ok
    00:15:59.0633 5780 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:15:59.0634 5780 tssecsrv - ok
    00:15:59.0661 5780 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    00:15:59.0663 5780 tunmp - ok
    00:15:59.0694 5780 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:15:59.0695 5780 tunnel - ok
    00:15:59.0718 5780 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    00:15:59.0720 5780 uagp35 - ok
    00:15:59.0758 5780 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:15:59.0764 5780 udfs - ok
    00:15:59.0810 5780 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:15:59.0813 5780 UI0Detect - ok
    00:15:59.0839 5780 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:15:59.0841 5780 uliagpkx - ok
    00:15:59.0863 5780 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    00:15:59.0869 5780 uliahci - ok
    00:15:59.0894 5780 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    00:15:59.0897 5780 UlSata - ok
    00:15:59.0921 5780 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    00:15:59.0924 5780 ulsata2 - ok
    00:15:59.0946 5780 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    00:15:59.0947 5780 umbus - ok
    00:15:59.0970 5780 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    00:15:59.0978 5780 upnphost - ok
    00:16:00.0018 5780 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    00:16:00.0020 5780 USBAAPL64 - ok
    00:16:00.0049 5780 [ E493A1AB49CEC05E48828CF949A5A2C3 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
    00:16:00.0050 5780 usbbus - ok
    00:16:00.0107 5780 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:16:00.0109 5780 usbccgp - ok
    00:16:00.0137 5780 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:16:00.0139 5780 usbcir - ok
    00:16:00.0192 5780 [ 0614C32187D0D12AD971D83DF2EB9B53 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
    00:16:00.0193 5780 UsbDiag - ok
    00:16:00.0222 5780 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:16:00.0224 5780 usbehci - ok
    00:16:00.0253 5780 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:16:00.0258 5780 usbhub - ok
    00:16:00.0313 5780 [ ECC1F29B4D25EF757BD0986C6A0518D6 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
    00:16:00.0314 5780 USBModem - ok
    00:16:00.0331 5780 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    00:16:00.0332 5780 usbohci - ok
    00:16:00.0365 5780 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:16:00.0366 5780 usbprint - ok
    00:16:00.0386 5780 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    00:16:00.0387 5780 usbscan - ok
    00:16:00.0414 5780 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:16:00.0415 5780 USBSTOR - ok
    00:16:00.0429 5780 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    00:16:00.0430 5780 usbuhci - ok
    00:16:00.0457 5780 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    00:16:00.0460 5780 usbvideo - ok
    00:16:00.0515 5780 [ C5B70A6AA947667CE0E5FC84A05EC8B6 ] usnjsvc C:\Program Files (x86)\MSN Messenger\usnsvc.exe
    00:16:00.0517 5780 usnjsvc - ok
    00:16:00.0542 5780 [ FA3CA291F80EE13A1AC210492A7DFBB9 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
    00:16:00.0543 5780 UVCFTR - ok
    00:16:00.0571 5780 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    00:16:00.0573 5780 UxSms - ok
    00:16:00.0611 5780 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    00:16:00.0618 5780 vds - ok
    00:16:00.0654 5780 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:16:00.0655 5780 vga - ok
    00:16:00.0677 5780 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:16:00.0678 5780 VgaSave - ok
    00:16:00.0693 5780 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    00:16:00.0694 5780 viaide - ok
    00:16:00.0709 5780 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:16:00.0710 5780 volmgr - ok
    00:16:00.0747 5780 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:16:00.0753 5780 volmgrx - ok
    00:16:00.0775 5780 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:16:00.0779 5780 volsnap - ok
    00:16:00.0802 5780 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    00:16:00.0805 5780 vsmraid - ok
    00:16:00.0862 5780 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    00:16:00.0895 5780 VSS - ok
    00:16:00.0955 5780 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    00:16:00.0972 5780 W32Time - ok
    00:16:01.0007 5780 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    00:16:01.0008 5780 WacomPen - ok
    00:16:01.0056 5780 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    00:16:01.0058 5780 Wanarp - ok
    00:16:01.0068 5780 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:16:01.0069 5780 Wanarpv6 - ok
    00:16:01.0138 5780 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:16:01.0155 5780 wcncsvc - ok
    00:16:01.0213 5780 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:16:01.0216 5780 WcsPlugInService - ok
    00:16:01.0231 5780 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    00:16:01.0233 5780 Wd - ok
    00:16:01.0254 5780 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    00:16:01.0255 5780 WDC_SAM - ok
    00:16:01.0339 5780 [ 20442A908FE6D3BC687A5B5DF4D5868C ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
    00:16:01.0345 5780 WDDMService - ok
    00:16:01.0390 5780 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:16:01.0407 5780 Wdf01000 - ok
    00:16:01.0507 5780 [ BB9D012A82F66E08D2E235A53B0EBA40 ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
    00:16:01.0522 5780 WDFMEService - ok
    00:16:01.0558 5780 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:16:01.0562 5780 WdiServiceHost - ok
    00:16:01.0566 5780 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:16:01.0569 5780 WdiSystemHost - ok
    00:16:01.0608 5780 [ D878C31511169DE535852FC6D15570E8 ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
    00:16:01.0641 5780 WDRulesService - ok
    00:16:01.0661 5780 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    00:16:01.0665 5780 WebClient - ok
    00:16:01.0691 5780 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:16:01.0696 5780 Wecsvc - ok
    00:16:01.0710 5780 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:16:01.0713 5780 wercplsupport - ok
    00:16:01.0726 5780 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    00:16:01.0729 5780 WerSvc - ok
    00:16:01.0767 5780 [ 9E6C63F94D2C3D884A8936E448B1028B ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
    00:16:01.0782 5780 winachsf - ok
    00:16:01.0795 5780 WinDefend - ok
    00:16:01.0800 5780 WinHttpAutoProxySvc - ok
    00:16:01.0876 5780 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:16:01.0879 5780 Winmgmt - ok
    00:16:01.0943 5780 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    00:16:01.0984 5780 WinRM - ok
    00:16:02.0067 5780 WisINT15 - ok
    00:16:02.0127 5780 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:16:02.0141 5780 Wlansvc - ok
    00:16:02.0190 5780 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    00:16:02.0190 5780 WmiAcpi - ok
    00:16:02.0224 5780 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:16:02.0227 5780 wmiApSrv - ok
    00:16:02.0238 5780 WMPNetworkSvc - ok
    00:16:02.0255 5780 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:16:02.0259 5780 WPCSvc - ok
    00:16:02.0288 5780 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:16:02.0291 5780 WPDBusEnum - ok
    00:16:02.0318 5780 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    00:16:02.0320 5780 WpdUsb - ok
    00:16:02.0434 5780 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    00:16:02.0459 5780 WPFFontCache_v0400 - ok
    00:16:02.0486 5780 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:16:02.0487 5780 ws2ifsl - ok
    00:16:02.0513 5780 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
    00:16:02.0517 5780 wscsvc - ok
    00:16:02.0522 5780 WSearch - ok
    00:16:02.0615 5780 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    00:16:02.0699 5780 wuauserv - ok
    00:16:02.0771 5780 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:16:02.0773 5780 WudfPf - ok
    00:16:02.0796 5780 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:16:02.0800 5780 WUDFRd - ok
    00:16:02.0836 5780 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:16:02.0839 5780 wudfsvc - ok
    00:16:02.0856 5780 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
    00:16:02.0857 5780 XAudio - ok
    00:16:02.0879 5780 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
    00:16:02.0887 5780 XAudioService - ok
    00:16:02.0893 5780 yksvc - ok
    00:16:02.0980 5780 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
    00:16:02.0987 5780 yukonx64 - ok
    00:16:02.0993 5780 ================ Scan global ===============================
    00:16:03.0047 5780 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    00:16:03.0086 5780 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    00:16:03.0117 5780 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    00:16:03.0178 5780 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
    00:16:03.0186 5780 [Global] - ok
    00:16:03.0186 5780 ================ Scan MBR ==================================
    00:16:03.0205 5780 [ 8C9F9E03865C35F0F3829A23CDA42F5D ] \Device\Harddisk0\DR0
    00:16:05.0469 5780 \Device\Harddisk0\DR0 - ok
    00:16:05.0469 5780 ================ Scan VBR ==================================
    00:16:05.0480 5780 [ 184B83C3C93D176817E48B267E8F6A9F ] \Device\Harddisk0\DR0\Partition1
    00:16:05.0482 5780 \Device\Harddisk0\DR0\Partition1 - ok
    00:16:05.0482 5780 ============================================================
    00:16:05.0482 5780 Scan finished
    00:16:05.0482 5780 ============================================================
    00:16:05.0515 5572 Detected object count: 0
    00:16:05.0515 5572 Actual detected object count: 0
     
  6. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Greetings GWest251,

    This file on your Desktop: xzzc5ykr.exe << Is this the GMER file that causes the BSOD?


    Step 1.
    Junkware Removal Tool
    [​IMG] Please download Junkware Removal Tool and save it to your desktop.

    • Shut down your protection software as shown in This topic now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Please post the contents of JRT.txt into your next reply.



    Please uninstall Google Chrome and after we are done with the cleanup you may reinstall it.

    Step 2.
    Uninstall Programs

    1. Click on Start...then... Click the Start Search box on the Start Menu.
    2. Copy and paste the value below, into the open text entry box:
      control appwiz.cpl
      • Depending on your current view setting ...
      • Double click on Programs and Features.
      • Under Programs, click on Uninstall a program.
    3. Locate the following program(s):
      Google Chrome
    4. Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    5. When finished... Close the Control Panel window.



    Step 3.
    Run OTL Script
    We need to run an OTL Fix

    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :commands
      [createrestorepoint]
      
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDt DtBtCyD0DzztByEzy0DyEtDtD0BtDtN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr= 760592165
      IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
      IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDt DtBtCyD0DzztByEzy0DyEtDtD0BtDtN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr= 760592165
      IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
      IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{B459A587-589B-4D52-8EF2-CABA7F2400E0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=kw&q={searchTerms}&locale=&apn_ptnrs= L6&apn_dtid=YYYYYYYYUS&apn_uid=4bfe247e-a536-4390-ac8e-a5e17c72ab3c&apn_sauid=8761349F-FE93-4B00-874B-710076343D7E
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [eRecoveryService] File not found
      O15 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
      O15 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
      O33 - MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\Shell - "" = AutoRun
      O33 - MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
      O33 - MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
      O33 - MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\Shell - "" = AutoRun
      O33 - MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\Shell\AutoRun\command - "" = F:\Runstaller.exe
      O33 - MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\Shell - "" = AutoRun
      O33 - MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
      MOD - [2013/01/18 19:25:19 | 000,192,512 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfamcc00001.dll
      MOD - [2013/01/18 19:25:19 | 000,158,720 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfareca00001.dll
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:886133E1
      
      :Commands
      [EMPTYTEMP]
      
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    • Please post the contents of report in your next reply.




    Please include in your next reply:

    1. Contents of JRT.txt log
    2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  7. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    Yes, that's correct.

    Working through the steps you've outlined now. I will post the results later this evening or tomorrow.
     
  8. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    jrt.txt log:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.8 (01.21.2013:2)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Greg on Tue 01/22/2013 at 17:46:14.66
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe

    ~~~ Files

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 01/22/2013 at 17:54:43.15
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Chrome uninstalled as instructed. (*sob*)

    OTL log:
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
    HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B459A587-589B-4D52-8EF2-CABA7F2400E0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B459A587-589B-4D52-8EF2-CABA7F2400E0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService not found.
    Registry key HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhap-app-4-0\ not found.
    Registry key HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\real.com\rhapreg\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5345efef-db6c-11e1-9081-001d72e8a351}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5345efef-db6c-11e1-9081-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5345efef-db6c-11e1-9081-001d72e8a351}\ not found.
    File E:\KODAK_Camera_Setup_App.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6787953d-cc07-11df-9e53-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6787953d-cc07-11df-9e53-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6787953d-cc07-11df-9e53-806e6f6e6963}\ not found.
    File E:\unlock.exe autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3244ec7-f287-11de-bd8e-001d72e8a351}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3244ec7-f287-11de-bd8e-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3244ec7-f287-11de-bd8e-001d72e8a351}\ not found.
    File F:\Runstaller.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f916a65a-28f9-11e1-be6e-001d72e8a351}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f916a65a-28f9-11e1-be6e-001d72e8a351}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f916a65a-28f9-11e1-be6e-001d72e8a351}\ not found.
    File E:\unlock.exe autoplay=true not found.
    Unable to delete ADS C:\ProgramData\TEMP:886133E1 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 110592 bytes
    ->Temporary Internet Files folder emptied: 975481 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2391778 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 1121119319 bytes

    Total Files Cleaned = 1,073.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01222013_221121
    Files\Folders moved on Reboot...
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWI8MXLZ\si[1].htm not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZ7US93W\si[1].htm not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74TW01N5\1085732-searh-result-redirects[1].htm not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74TW01N5\si[1].htm not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11IUCRVT\1[1].htm not found!
    File\Folder C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11IUCRVT\push[1].htm not found!
    File\Folder C:\Windows\temp\WebEx\Log\118\atashost.log not found!
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...


    **********

    Note: OTL stopped working before completing it's initial scan (OTL has stopped working, Windows is searching for a solution...). I reran OTL, and it completed the second time. This log is from the second time, following reboot.

    Half a dozen test searches produced no redirects. I will continue to test to be sure, but it looks like they're gone.
     
  9. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi GWest251,

    I am sorry about Chrome having to be deleted. As of now there is no method to reset Chrome like there is for FF or IE. Uninstalling is the only way to clear any redirects at this time until Google rewrites it and adds a reset feature.


    Step 1.
    SystemLook
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2


    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :filefind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :folderfind
      *Fun4IM*
      *Bandoo*
      *Searchnu*
      *Searchqu*
      *iLivid*
      *whitesmoke*
      *datamngr*
      *trolltech*
      
      :Regfind
      Fun4IM
      Bandoo
      Searchnu
      Searchqu
      iLivid
      whitesmoke
      datamngr
      kelkoopartners
      trolltech
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Step 2.
    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
    • Press the Blue Run ESET Online Scanner button on the left side of the page.
    • A popup box will open.
    • Select the option YES, I accept the Terms of Use then click on Start.
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • When the scan is completed and you would like the program removed, select Uninstall application on close. Be sure you have copied the log file first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!




    Please include in your next reply:

    1. Contents of SystemLook.txt
    2. Contents of C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  10. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    SystemLook.txt:
    SystemLook 30.07.11 by jpshortstuff
    Log created at 04:59 on 25/01/2013 by Greg
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*Fun4IM*"
    No files found.
    Searching for "*Bandoo*"
    No files found.
    Searching for "*Searchnu*"
    No files found.
    Searching for "*Searchqu*"
    No files found.
    Searching for "*iLivid*"
    C:\Users\Greg\Downloads\iLividSetupV1.exe --a---- 516136 bytes [14:26 01/04/2012] [14:26 01/04/2012] A22B697205DBBB2BCFF70D6C7BC84E2F
    Searching for "*whitesmoke*"
    No files found.
    Searching for "*datamngr*"
    No files found.
    Searching for "*trolltech*"
    No files found.
    ========== folderfind ==========
    Searching for "*Fun4IM*"
    No folders found.
    Searching for "*Bandoo*"
    No folders found.
    Searching for "*Searchnu*"
    No folders found.
    Searching for "*Searchqu*"
    No folders found.
    Searching for "*iLivid*"
    No folders found.
    Searching for "*whitesmoke*"
    No folders found.
    Searching for "*datamngr*"
    No folders found.
    Searching for "*trolltech*"
    No folders found.
    ========== Regfind ==========
    Searching for "Fun4IM"
    No data found.
    Searching for "Bandoo"
    No data found.
    Searching for "Searchnu"
    No data found.
    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    Searching for "iLivid"
    No data found.
    Searching for "whitesmoke"
    No data found.
    Searching for "datamngr"
    No data found.
    Searching for "kelkoopartners"
    No data found.
    Searching for "trolltech"
    [HKEY_CURRENT_USER\Software\Trolltech]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech]
    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    -= EOF =-

    ESET Online Scanner log:
    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK

    (That seems short. I exported the scan results to a text file and have included that as well.)

    ESET results exported as .txt:
    C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\background.html Win32/BHO.OEI trojan
    C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\ContentScript.js Win32/BHO.OEI trojan
    C:\Users\Greg\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask application
    C:\Users\Greg\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application


    ~~~~~~
    Other than a long scan time (in excess of three hours) and short log (see above), I encountered no problems running these steps. I have had no search redirects through IE since completion of the previous steps on 1/22/12.
     
  11. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hello GWest251,


    Please stay with us as there are still remnants that need to be removed. We still have a few more scans to run.

    Step 1.
    Run OTL Script

    We need to run an OTL Fix


    • Right-click OTL.exe and select " Run as administrator " to run it.
    • Copy and Paste the following code into the [​IMG] textbox. Do not include the word Code
      Code:
      :commands
      [createrestorepoint]
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      @=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      @=-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
      @=-
      [-HKEY_CURRENT_USER\Software\Trolltech]
      [-HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech]
      
      :Files
      C:\Users\Greg\Downloads\iLividSetupV1.exe
      C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\background.html
      C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\ContentScript.js
      C:\Users\Greg\Downloads\CuteWriter.exe
      
      :Commands
      [EMPTYTEMP]
    • Click under the Custom Scan/Fixes box and paste the copied text.
    • Click the Run Fix button. If prompted... click OK.
    • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
    • Please post the contents of report in your next reply.


    C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



    Step 2.
    SystemLook

    Please run SystemLook - it should still be on your Desktop.

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield: Do not include the word Code
      Code:
      :filefind
      *eoengine*
      *eobho*
      *eorezo*
      *iLivid*
      
      :Folderfind
      *Windows Update Add-On*
      *Timeline Remover*
      *HD Media Codec*
      *FBLIX-SOCIAL*
      *Facebook Lily System*
      *Aqori browser extension*
      *Ad-Killer Pro*
      *Noads Popup Blocker*
      *OApps*
      *VideoFileDownload*
      
      :Regfind
      AFBB7970-789A-4264-BA70-E8127DECE400
      18AF7201-4F14-4BCF-93FE-45617CF259FF
      DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
      C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
      3B002D6C-B678-4EC0-B2E0-1F7F36F065E8
      68DD98BF-9DE8-418C-89F0-E37AC61CC2D9
      625F420E-A4A9-4B40-BC23-716C1C43893A
      EoRezo
      eobho
      ieobho
      eoengine
      IgnoreFrameApprovalCheck
      bho_project
      Searchqu
      trolltech
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt



    Please include in your next reply:

    1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
    2. Contents of SystemLook.txt
    3. Any problem executing the instructions?
    4. How is the computer behaving?

    Thanks,
    wbg
     
  12. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    Oh, no worries there. I'm here until I get the all clear. ;)(y)

    Results...

    OTL:
    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@ not found.
    Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Trolltech\ not found.
    ========== FILES ==========
    C:\Users\Greg\Downloads\iLividSetupV1.exe moved successfully.
    C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\background.html moved successfully.
    C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Default\aagbdhddgbdgdadeggdggegfdedggfdg\ContentScript.js moved successfully.
    C:\Users\Greg\Downloads\CuteWriter.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 10506472 bytes
    ->Temporary Internet Files folder emptied: 220350146 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 5117 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 220.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01292013_203422
    Files\Folders moved on Reboot...
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CU3PQTNB\aclk[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CU3PQTNB\nf[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\53RJ7DKL\1085732-searh-result-redirects[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1UO46TI8\bclick[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1UO46TI8\data_sync[1].htm moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Windows\temp\WebEx\Log\128\atashost.log moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...


    SystemLook
    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:44 on 29/01/2013 by Greg
    Administrator - Elevation successful
    ========== filefind ==========
    Searching for "*eoengine*"
    No files found.
    Searching for "*eobho*"
    No files found.
    Searching for "*eorezo*"
    No files found.
    Searching for "*iLivid*"
    C:\_OTL\MovedFiles\01292013_203422\C_Users\Greg\Downloads\iLividSetupV1.exe --a---- 516136 bytes [14:26 01/04/2012] [14:26 01/04/2012] A22B697205DBBB2BCFF70D6C7BC84E2F
    ========== Folderfind ==========
    Searching for "*Windows Update Add-On*"
    No folders found.
    Searching for "*Timeline Remover*"
    No folders found.
    Searching for "*HD Media Codec*"
    No folders found.
    Searching for "*FBLIX-SOCIAL*"
    No folders found.
    Searching for "*Facebook Lily System*"
    No folders found.
    Searching for "*Aqori browser extension*"
    No folders found.
    Searching for "*Ad-Killer Pro*"
    No folders found.
    Searching for "*Noads Popup Blocker*"
    No folders found.
    Searching for "*OApps*"
    No folders found.
    Searching for "*VideoFileDownload*"
    No folders found.
    ========== Regfind ==========
    Searching for "AFBB7970-789A-4264-BA70-E8127DECE400"
    No data found.
    Searching for "18AF7201-4F14-4BCF-93FE-45617CF259FF"
    No data found.
    Searching for "DF76E9B7-35EC-46FC-AF56-5B79DED9D64F"
    No data found.
    Searching for "C10DC1F4-CCDF-4224-A24D-B23AFC3573C8"
    No data found.
    Searching for "3B002D6C-B678-4EC0-B2E0-1F7F36F065E8"
    No data found.
    Searching for "68DD98BF-9DE8-418C-89F0-E37AC61CC2D9"
    No data found.
    Searching for "625F420E-A4A9-4B40-BC23-716C1C43893A"
    No data found.
    Searching for "EoRezo"
    No data found.
    Searching for "eobho"
    No data found.
    Searching for "ieobho"
    No data found.
    Searching for "eoengine"
    No data found.
    Searching for "IgnoreFrameApprovalCheck"
    No data found.
    Searching for "bho_project"
    No data found.
    Searching for "Searchqu"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    Searching for "trolltech"
    No data found.
    -= EOF =-


    No problems executing the instructions. My system still seems to be running fine.
     
  13. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi GWest251,

    Have you encountered any redirected searches recently?

    Step 1.
    As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:

    • Launch the application.
    • One of 2 things will happen:
      • The program will be so outdated that it will automatically invoke a complete re-install; or
      • The program will check, update the database and then run.
      If it does a complete re-install, be sure to follow the prompts.
    • Perform Quick Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
      Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



    Step 2.
    OTL

    1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    2. Click the Scan All Users checkbox.
    3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
      Leave the remaining selections to the default settings.
    4. Click on Run Scan at the top left hand corner.
    5. When done, two Notepad files will open.
      • OTL.txt <-- Will be opened, maximized
      • Extras.txt <-- Will be minimized on task bar.
    6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.




    Please include in your next reply:

    1. Answer to my question on redirects
    2. Contents of current mbam-log-date (time).txt
    3. Contents of OTL.txt
    4. Contents of Extras.txt
    5. Any problem executing the instructions?
    6. How is the computer behaving?

    Thanks,
    wbg
     
  14. GWest251

    GWest251 Thread Starter

    Joined:
    Nov 24, 2012
    Messages:
    16
    Still no redirects.

    mbam log
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.31.09
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Greg :: GREG-PC [administrator]
    1/31/2013 7:51:56 PM
    mbam-log-2013-01-31 (19-51-56).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 216716
    Time elapsed: 3 minute(s), 17 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    OTL
    OTL logfile created on: 1/31/2013 7:56:57 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 34.85% Memory free
    8.17 Gb Paging File | 5.61 Gb Available in Paging File | 68.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.09 Gb Total Space | 82.32 Gb Free Space | 28.57% Space Free | Partition Type: NTFS

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/19 23:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    PRC - [2013/01/08 22:46:27 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    PRC - [2012/12/17 17:24:10 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2012/09/12 02:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccsvchst.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/04/07 16:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
    PRC - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 19:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/03/09 07:43:30 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    PRC - [2007/01/19 14:54:56 | 005,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
    PRC - [2006/11/22 10:11:24 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
    PRC - [2006/11/22 10:11:22 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/30 14:02:45 | 000,192,512 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfamcc00001.dll
    MOD - [2013/01/30 14:02:45 | 000,158,720 | ---- | M] () -- C:\Users\Greg\AppData\Local\Temp\sfareca00001.dll
    MOD - [2012/03/18 11:49:35 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2008/03/09 07:43:30 | 000,606,208 | ---- | M] () -- C:\Program Files (x86)\QuickFlix Companion\Photags AutoDetect.exe
    MOD - [2006/11/22 10:11:22 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
    MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
    MOD - [2006/06/09 02:39:54 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
    MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/08/01 10:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV:64bit: - [2011/08/01 10:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
    SRV:64bit: - [2011/08/01 10:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2008/06/11 14:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/10/18 17:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV:64bit: - [2006/11/22 10:11:54 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxctcoms.exe -- (lxct_device)
    SRV:64bit: - [2006/11/02 06:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
    SRV - [2013/01/09 05:56:24 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
    SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/04/15 19:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
    SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2006/11/22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxctcoms.exe -- (lxct_device)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SRTSPX64.SYS -- (SRTSPX)
    DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604000.009\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccSetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/05/31 05:49:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMEFA64.SYS -- (SymEFA)
    DRV:64bit: - [2012/03/29 01:28:38 | 000,445,560 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0604000.009\SYMTDIV.SYS -- (SYMTDIv)
    DRV:64bit: - [2012/03/29 01:28:25 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\SYMDS64.SYS -- (SymDS)
    DRV:64bit: - [2012/03/29 01:06:25 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Ironx64.SYS -- (SymIRON)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/02/16 17:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/06/30 08:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
    DRV:64bit: - [2009/04/07 15:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\purendis.sys -- (purendis)
    DRV:64bit: - [2009/04/07 15:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
    DRV:64bit: - [2008/07/24 12:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/07/13 22:04:00 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2008/06/11 20:29:30 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2008/06/02 02:50:04 | 000,264,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2008/05/12 23:48:38 | 000,062,424 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2008/04/15 19:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/03/25 18:51:16 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2008/03/25 18:47:06 | 000,294,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
    DRV:64bit: - [2008/03/25 18:45:44 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2008/01/17 22:31:30 | 000,320,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2007/10/18 17:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/05/23 20:47:28 | 000,020,784 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2013/01/19 09:48:57 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130131.007\ex64.sys -- (NAVEX15)
    DRV - [2013/01/19 09:48:57 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20130131.007\eng64.sys -- (NAVENG)
    DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/12/20 18:09:24 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20130130.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/08/08 22:06:18 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2008/06/11 14:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{7B415504-D892-B7B3-D233-5188B6BA4F80}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACGW


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1108&m=p-7805u&c=BB
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.igoogle.com/
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes,DefaultScope = {7B415504-D892-B7B3-D233-5188B6BA4F80}
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...&oe={outputEncoding}&rlz=1I7ACGW_enUS309US312
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\SearchScopes\{7B415504-D892-B7B3-D233-5188B6BA4F80}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Greg\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\IPSFFPlgn\ [2012/05/31 06:30:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\coFFPlgn\ [2013/01/30 14:00:47 | 000,000,000 | ---D | M]

    [2012/09/07 17:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/ig
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/ig
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Greg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Norton Identity Protection = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: Gmail = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3:64bit: - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LXCTCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCTtime.DLL (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [lxctmon.exe] C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe ()
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
    O4 - HKLM..\Run: [Lexmark 5400 Series] C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe ()
    O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [msnmsgr] C:\Program Files (x86)\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O4 - HKU\S-1-5-21-3611441785-2701502880-310225778-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (SysInfo Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3F27C9-B9D9-42D6-9893-4D145E057DD2}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A86402-F5FB-487B-AB19-A46F94CFC834}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW3_Wide.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{3a5775aa-6587-11e2-897c-001d72e8a351}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a5775aa-6587-11e2-897c-001d72e8a351}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/22 22:07:02 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/01/22 17:45:58 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/22 17:45:53 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/22 17:44:57 | 000,498,790 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Greg\Desktop\JRT.exe
    [2013/01/20 00:14:09 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
    [2013/01/19 23:58:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    [2013/01/16 19:33:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/16 19:33:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/16 19:33:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/09 14:17:48 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/09 14:17:30 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
    [2013/01/02 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/02 20:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/02 20:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    ========== Files - Modified Within 30 Days ==========

    [2013/01/31 18:46:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/31 18:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/31 18:24:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/31 18:09:28 | 000,228,550 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2013/01/31 18:09:27 | 000,228,550 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2013/01/31 18:09:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/31 18:09:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/31 18:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/30 14:00:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2013/01/30 14:00:05 | 4289,609,728 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/30 09:25:44 | 000,735,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/30 09:25:44 | 000,625,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/30 09:25:44 | 000,114,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/28 14:27:45 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Greg.job
    [2013/01/26 11:10:23 | 000,870,128 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\mcs.rma
    [2013/01/26 11:10:22 | 000,000,004 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\0B24D6
    [2013/01/25 04:57:58 | 000,165,376 | ---- | M] () -- C:\Users\Greg\Desktop\SystemLook_x64.exe
    [2013/01/22 17:44:52 | 000,498,790 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Greg\Desktop\JRT.exe
    [2013/01/20 20:38:44 | 000,225,776 | ---- | M] () -- C:\Users\Greg\Documents\pizap.com13587321116861.jpg
    [2013/01/20 00:14:14 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
    [2013/01/19 23:58:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
    [2013/01/18 19:22:37 | 701,263,045 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/17 17:26:45 | 000,139,264 | ---- | M] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/17 05:30:29 | 000,365,568 | ---- | M] () -- C:\Users\Greg\Desktop\xzzc5ykr.exe
    [2013/01/16 20:26:10 | 000,003,616 | ---- | M] () -- C:\{FD1FAC21-03DC-4A8C-9E46-2A2BC9E8EB0C}
    [2013/01/16 20:23:41 | 000,003,016 | ---- | M] () -- C:\{4711FED7-2E6A-4F61-B660-BE5ED408F7E6}
    [2013/01/16 19:02:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/16 15:16:21 | 000,011,225 | ---- | M] () -- C:\Users\Greg\Documents\molly barker poem.odt
    [2013/01/13 16:29:58 | 000,000,680 | ---- | M] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/10 03:42:50 | 000,349,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/09 05:56:23 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/09 05:56:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/06 21:01:15 | 000,093,533 | ---- | M] () -- C:\Users\Greg\Documents\Justin Drew Bieber.odt
    [2013/01/02 20:58:58 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2013/01/25 04:57:58 | 000,165,376 | ---- | C] () -- C:\Users\Greg\Desktop\SystemLook_x64.exe
    [2013/01/20 20:38:43 | 000,225,776 | ---- | C] () -- C:\Users\Greg\Documents\pizap.com13587321116861.jpg
    [2013/01/17 05:30:56 | 000,365,568 | ---- | C] () -- C:\Users\Greg\Desktop\xzzc5ykr.exe
    [2013/01/16 20:26:08 | 000,003,616 | ---- | C] () -- C:\{FD1FAC21-03DC-4A8C-9E46-2A2BC9E8EB0C}
    [2013/01/16 20:23:36 | 000,003,016 | ---- | C] () -- C:\{4711FED7-2E6A-4F61-B660-BE5ED408F7E6}
    [2013/01/16 15:16:18 | 000,011,225 | ---- | C] () -- C:\Users\Greg\Documents\molly barker poem.odt
    [2013/01/06 21:01:13 | 000,093,533 | ---- | C] () -- C:\Users\Greg\Documents\Justin Drew Bieber.odt
    [2013/01/02 20:58:58 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/03 18:39:26 | 000,000,732 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps64.dat
    [2012/08/23 19:05:58 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2012/07/11 20:25:11 | 000,000,352 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\wklnhst.dat
    [2012/04/01 09:21:32 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
    [2011/05/18 17:50:04 | 000,001,940 | ---- | C] () -- C:\Users\Greg\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/09/18 10:53:10 | 000,000,287 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/08/12 20:12:25 | 000,072,080 | ---- | C] () -- C:\Users\Greg\g2mdlhlpx.exe
    [2010/04/13 19:22:44 | 000,000,680 | ---- | C] () -- C:\Users\Greg\AppData\Local\d3d9caps.dat
    [2010/01/17 14:51:40 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/09/27 19:10:37 | 000,000,092 | ---- | C] () -- C:\Users\Greg\AppData\Local\fusioncache.dat
    [2009/07/05 16:24:07 | 000,139,264 | ---- | C] () -- C:\Users\Greg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/02/07 09:30:34 | 000,870,128 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\mcs.rma
    [2009/02/07 09:30:34 | 000,000,004 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\0B24D6
    [2009/01/10 22:52:52 | 000,228,550 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/01/10 19:16:49 | 000,228,550 | ---- | C] () -- C:\ProgramData\nvModes.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    < End of report >

    Extras
    OTL Extras logfile created on: 1/31/2013 7:56:57 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.99 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 34.85% Memory free
    8.17 Gb Paging File | 5.61 Gb Available in Paging File | 68.69% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.09 Gb Total Space | 82.32 Gb Free Space | 28.57% Space Free | Partition Type: NTFS

    Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = DA 3A 25 C2 42 3F CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{132E09C3-35A8-4F80-8EC1-804B508EEF82}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1AA9D454-29CA-4FBF-AD23-9AF0D3D7C2A7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2CBDE77B-69A1-41C1-9770-EF9B1C4F90ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{3E961241-58BB-423A-9CE5-F16830E6B279}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6155D193-D387-4FBF-84AE-2B80B6BE7C0E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{698CD32C-5B6F-4F3F-A027-F9E8B8A236E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{81FA1127-AB9C-4D7F-9EFE-2ECEC37B3048}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{94C24BAD-4DBC-45EE-9746-FBD898CE4680}" = rport=445 | protocol=6 | dir=out | app=system |
    "{990F6968-9280-431F-95FB-AECF6CDFB165}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A66A70F3-01FA-4FC2-BC90-6326A821B2F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B1FF8605-E583-4796-A64B-131EFA97E657}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DD4EE2B3-0D2B-480E-8AFC-648CE3ADD404}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{021572A5-C4A4-43F8-988F-93438BD09439}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{03B81ABD-D0A8-43BA-B6E6-157C3F58EC9D}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
    "{03E61470-24BF-4621-9335-8114BC7CD97F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0A55006B-AF4D-406B-8C87-19AE58965900}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{0B9DF6C0-9830-419B-8186-DDDEED8C6FB3}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
    "{10D347D7-8877-4363-96D7-208D9533D185}" = protocol=1 | dir=in | [email protected],-28543 |
    "{17686034-96F8-4543-9017-35379033D6C8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
    "{229C9C64-E4E2-4E9C-9F17-59A850B8C78B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{2832AA24-498E-4F44-B7E8-FEE1991FA75B}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxctcoms.exe |
    "{309EDC74-58A7-4193-9BC7-E34C55B19021}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{3D9731BB-86CF-457A-B206-6A15F4F389CD}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctmon.exe |
    "{46BB031A-CF4E-460F-927E-345CB0D5AA70}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{4E194BD6-79CC-4C30-9D7E-72B68AF30E21}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{54220ABD-3A93-4B3F-97A7-BAA8D19BFD4F}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{5D29BA63-C6C2-4C6A-9050-C1F72F924606}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{5FBBF906-2ED1-44B5-ABF4-FF65E94BE6D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{60669B55-2407-4377-91A9-5B28F9D8F404}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{7321A999-B680-46C5-9B8E-0A2EB1DBE187}" = protocol=58 | dir=out | [email protected],-28546 |
    "{8AA971BE-6031-4C35-B407-D88C18BDEAE0}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
    "{93559A02-7256-4B23-9C0F-E2C1AADA6B18}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "{9398510C-0CAB-4994-A40D-2F256BF104DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A9B61FB4-CEEB-478B-B576-641C1DA20BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5400 series\lxctaiox.exe |
    "{B7B7D0AB-9774-4C56-BBF9-CEDFAA01AA92}" = protocol=58 | dir=in | [email protected],-28545 |
    "{BBCE77C4-49AD-4FBE-8871-03EC5CDB6846}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{C38C116D-DFF8-4C4C-B6F8-791AFE049614}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C498CC7A-5A41-4792-BC97-6BF1BF96F889}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe |
    "{C6BBD8DA-B656-404B-9529-14B71EA3D024}" = protocol=1 | dir=out | [email protected],-28544 |
    "{CA0E4FAB-1DE8-482A-80D5-3907D4BE906B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CD1A2284-2394-4D1C-B595-565D3C8506E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
    "{D120350D-C900-4163-A8EC-3695A250C71F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D8D28F59-78E4-48F3-BA5F-32CA24A71824}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
    "{E2B01C72-A5E9-4657-ABDC-180F7C75B575}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
    "{F39504F9-C57B-4D68-B3B9-4F75CD5DBCCC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{F688EDA8-C68A-4D2E-9EBE-34D714AB9795}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
    "{FA9C60A2-E1EE-451F-9036-85D2284873DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E3015C78-C196-4039-A279-9959940083DE}" = O2Micro Flash Memory Card Reader Driver (x64)
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "Lexmark 5400 Series" = Lexmark 5400 Series
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
    "{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
    "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
    "{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
    "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
    "{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
    "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
    "{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil
    "{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "110555303" = Family Feud
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
    "15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.09.04.804
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Guild Wars" = Guild Wars
    "Guild Wars 2" = Guild Wars 2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Money2007b" = Microsoft Money Essentials
    "N360" = Norton 360 Premier Edition
    "Network MagicUninstall" = Network Magic
    "NSS" = Norton Security Scan
    "Origin" = Origin
    "QuickFlix" = QuickFlix Companion
    "SmartMusic 2012c" = SmartMusic 2012c
    "SpeedFan" = SpeedFan (remove only)
    "Timez Attack Launcher O" = Timez Attack Launcher
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "Video Express_is1" = VideoExpress1.0
    "WildTangent gateway Master Uninstall" = Gateway Games

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3611441785-2701502880-310225778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "RPTools TokenTool" = RPTools TokenTool
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/22/2013 11:09:24 PM | Computer Name = Greg-PC | Source = Application Error | ID = 1000
    Description = Faulting application OTL.exe, version 3.2.69.0, time stamp 0x2a425e19,
    faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05beb, exception
    code 0xc0000005, fault offset 0x0003633b, process id 0x1644, application start time
    0x01cdf91696d6ba80.

    Error - 1/22/2013 11:15:57 PM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/23/2013 2:05:12 PM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/25/2013 10:55:08 PM | Computer Name = Greg-PC | Source = SideBySide | ID = 16842830
    Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
    Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

    Error - 1/28/2013 11:30:22 PM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/29/2013 9:41:18 PM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/30/2013 10:19:46 AM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 1/30/2013 3:01:14 PM | Computer Name = Greg-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 1/30/2013 10:18:45 AM | Computer Name = Greg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:16:20 AM on 1/30/2013 was unexpected.

    Error - 1/30/2013 10:19:46 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/30/2013 10:19:46 AM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/30/2013 12:33:33 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 1/30/2013 12:34:03 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 1/30/2013 3:00:14 PM | Computer Name = Greg-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:57:27 PM on 1/30/2013 was unexpected.

    Error - 1/30/2013 3:01:14 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/30/2013 3:01:14 PM | Computer Name = Greg-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 1/30/2013 9:18:44 PM | Computer Name = Greg-PC | Source = DCOM | ID = 10016
    Description =

    Error - 1/30/2013 9:33:17 PM | Computer Name = Greg-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >


    No problems with either scan, my system is still running fine and redirect free.
     
  15. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Good news GWest251,

    Your latest set of logs appear to be clean!

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

    Clean up with OTL
    • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CleanUp! button
    • Say Yes to the prompt and then allow the program to reboot your computer.



    Create a new, clean System Restore point which you can use in case of future system problems:

    • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
    • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
    • Now remove old, infected System Restore points:
    • Next click Start >> Run and type cleanmgr in the box and press OK
    • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    • Press OK and Yes to confirm


    Update your AntiVirus Software and keep your other programs up-to-date
    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
    Be sure to update your Adobe Reader to version 11.

    Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

    Here are some additional utilities that will enhance your safety




    Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

    I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Happy surfing and stay clean!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085732

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice