Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus???


  • This topic is locked This topic is locked
20 replies to this topic

#1 sbautch

sbautch

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 24 August 2013 - 01:43 PM

I am having no luck resolving this on my own and need some help.  I am running a Toshiba Sat c655d-s5531, windows 7, with 4g ram, and an amd-e300 apu Radeon hd graphics.  Not sure what other information is needed, but I can provide if asked.

 

 

Thank you for helping.

 

Steve

 

I should add that I have done the Kaspersky, Malwarebytes, Rkill, Trendmicro, Hitman Pro, etc.  I am running microsoft security suite as well and my firewall is enabled.

Attached Files


Edited by sbautch, 24 August 2013 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 29 August 2013 - 10:03 AM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.
 
Having said that.... YBCQLm4.gif

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.
 

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Edited by jeffce, 29 August 2013 - 10:04 AM.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 30 August 2013 - 09:32 AM

Thanks for helping me with this issue.  I downloaded ADWCLEANER and ran as admninistrator.  I was not sure if I should have "cleaned" but I did.  Here is the log file:

 

 

# AdwCleaner v3.001 - Report created 30/08/2013 at 09:23:05
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve Bautch - STEVEBAUTCH-PC
# Running from : C:\Users\Steve Bautch\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\STEVEB~1\AppData\Local\Temp\boost_interprocess
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v28.0.1500.95
 
[ File : C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1127 octets] - [30/08/2013 09:19:30]
AdwCleaner[S0].txt - [1057 octets] - [30/08/2013 09:23:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1117 octets] ##########
 

 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 30 August 2013 - 10:18 AM

Hi,
 
You did just fine.   :)
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

----------
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 30 August 2013 - 12:04 PM

Jeff,
 
Here are the next 2 steps you requested:
 
 
# AdwCleaner v3.001 - Report created 30/08/2013 at 10:38:33
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Steve Bautch - STEVEBAUTCH-PC
# Running from : C:\Users\Steve Bautch\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Google Chrome v28.0.1500.95
 
[ File : C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1127 octets] - [30/08/2013 09:19:30]
AdwCleaner[R1].txt - [909 octets] - [30/08/2013 10:37:25]
AdwCleaner[S0].txt - [1201 octets] - [30/08/2013 09:23:05]
AdwCleaner[S1].txt - [831 octets] - [30/08/2013 10:38:33]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [890 octets] ##########
 
 
 
 
 

 

ComboFix 13-08-29.02 - Steve Bautch 08/30/2013  11:00:38.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3687.1900 [GMT -5:00]
Running from: c:\users\Steve Bautch\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Steve Bautch\AppData\Local\DefineExt\teMP.dat
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 16:47 . 2013-08-30 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 14:37 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F221CB8-2407-42B5-9183-4C02B5784F86}\mpengine.dll
2013-08-30 14:19 . 2013-08-30 15:47 -------- d-----w- C:\AdwCleaner
2013-08-25 03:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-24 16:57 . 2013-08-24 17:02 -------- d-----w- c:\programdata\HitmanPro
2013-08-24 16:35 . 2013-08-24 16:35 -------- d-----w- c:\users\Steve Bautch\AppData\Roaming\FixTDSS
2013-08-24 00:17 . 2013-08-24 15:02 -------- d-----w- c:\users\Steve Bautch\AppData\Local\NPE
2013-08-23 01:18 . 2013-07-27 15:31 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-23 01:18 . 2013-08-23 01:16 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C66E3E31-73FB-43AB-9AF6-50846C3CC3E6}\gapaengine.dll
2013-08-22 15:59 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-22 15:59 . 2013-08-22 15:59 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-22 15:59 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-22 15:59 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-22 15:59 . 2013-08-22 15:59 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-22 15:59 . 2013-08-22 15:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-22 15:59 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-22 15:59 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-22 15:59 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-22 15:58 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-22 15:57 . 2013-08-22 15:57 -------- d-----w- c:\program files\AVAST Software
2013-08-22 15:56 . 2013-08-22 15:57 -------- d-----w- c:\programdata\AVAST Software
2013-08-22 06:00 . 2013-08-22 06:00 -------- d-----w- c:\program files\Enigma Software Group
2013-08-22 05:58 . 2013-08-22 15:40 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-22 05:58 . 2013-08-22 05:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-19 03:02 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-19 03:02 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-19 03:02 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-19 03:02 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-19 03:02 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-19 02:41 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-19 02:41 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-19 02:41 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-19 02:41 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-19 02:41 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-19 02:41 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-19 02:41 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-19 02:41 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-19 02:41 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-19 02:41 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-19 02:41 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-17 15:16 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 15:16 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 15:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 15:16 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 15:16 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 15:16 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 15:16 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-17 15:16 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-17 15:16 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 15:16 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-17 15:15 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 15:15 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-17 15:15 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-17 15:15 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-17 15:14 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 15:14 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\programdata\TomTom
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\users\Steve Bautch\AppData\Roaming\TomTom
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\users\Steve Bautch\AppData\Local\TomTom
2013-08-03 15:45 . 2013-08-03 15:45 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2013-08-03 15:44 . 2013-08-03 15:44 -------- d-----w- c:\program files (x86)\TomTom International B.V
2013-08-03 15:42 . 2013-08-03 15:42 -------- d-----w- c:\users\Steve Bautch\AppData\Local\Downloaded Installations
2013-08-02 05:33 . 2013-08-02 05:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-02 05:32 . 2013-08-02 05:32 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-02 05:32 . 2013-08-02 05:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-02 05:31 . 2013-08-02 05:31 -------- d-----w- c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 18:35 . 2013-07-05 05:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 18:35 . 2011-10-31 03:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-19 02:43 . 2013-07-04 19:55 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 05:32 . 2011-10-31 03:31 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-25 20:41 . 2013-07-25 20:41 162 ----a-w- c:\programdata\wavav0bdtzbtb43b.reg
2013-07-09 04:45 . 2013-08-19 02:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-07 19:55 . 2013-07-04 19:53 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-07 15:27 . 2013-07-07 15:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-07-07 15:13 . 2013-07-07 15:13 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-07 15:13 . 2013-07-07 15:13 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-07 15:13 . 2013-07-07 15:13 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-07 15:13 . 2013-07-07 15:13 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-07 15:13 . 2013-07-07 15:13 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-07 15:13 . 2013-07-07 15:13 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-07 15:13 . 2013-07-07 15:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-07 15:13 . 2013-07-07 15:13 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-07 15:13 . 2013-07-07 15:13 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-07 15:13 . 2013-07-07 15:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-07 15:13 . 2013-07-07 15:13 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-07 15:13 . 2013-07-07 15:13 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-07 15:13 . 2013-07-07 15:13 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-07 15:13 . 2013-07-07 15:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-07 15:13 . 2013-07-07 15:13 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-07 15:13 . 2013-07-07 15:13 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-07 15:13 . 2013-07-07 15:13 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-07 15:13 . 2013-07-07 15:13 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-07 15:13 . 2013-07-07 15:13 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-07 15:13 . 2013-07-07 15:13 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-07 15:13 . 2013-07-07 15:13 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-07 15:13 . 2013-07-07 15:13 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-07 15:13 . 2013-07-07 15:13 441856 ----a-w- c:\windows\system32\html.iec
2013-07-07 15:13 . 2013-07-07 15:13 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-07 15:13 . 2013-07-07 15:13 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-07 15:13 . 2013-07-07 15:13 235008 ----a-w- c:\windows\system32\url.dll
2013-07-07 15:13 . 2013-07-07 15:13 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-07 15:13 . 2013-07-07 15:13 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-07 15:13 . 2013-07-07 15:13 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-07 15:13 . 2013-07-07 15:13 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-07 15:13 . 2013-07-07 15:13 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-07 15:13 . 2013-07-07 15:13 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-07 15:13 . 2013-07-07 15:13 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-07 15:13 . 2013-07-07 15:13 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-07 15:13 . 2013-07-07 15:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-07 15:13 . 2013-07-07 15:13 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-07 15:13 . 2013-07-07 15:13 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-07 15:13 . 2013-07-07 15:13 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-07 15:13 . 2013-07-07 15:13 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-07 15:13 . 2013-07-07 15:13 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-07 15:13 . 2013-07-07 15:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-07 15:13 . 2013-07-07 15:13 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-07 15:13 . 2013-07-07 15:13 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-07 15:13 . 2013-07-07 15:13 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-07 15:13 . 2013-07-07 15:13 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-07 15:13 . 2013-07-07 15:13 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-07 15:13 . 2013-07-07 15:13 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-07 15:13 . 2013-07-07 15:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-07 15:13 . 2013-07-07 15:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-07 15:05 . 2013-07-07 15:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-07 15:05 . 2013-07-07 15:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-07 15:05 . 2013-07-07 15:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-07 15:05 . 2013-07-07 15:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-07 15:05 . 2013-07-07 15:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-07 15:05 . 2013-07-07 15:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-07 15:05 . 2013-07-07 15:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-07 15:05 . 2013-07-07 15:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-07 15:05 . 2013-07-07 15:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-07 15:05 . 2013-07-07 15:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-07 15:05 . 2013-07-07 15:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-07 15:05 . 2013-07-07 15:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-07 15:05 . 2013-07-07 15:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-07 15:05 . 2013-07-07 15:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-07 15:05 . 2013-07-07 15:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-07 15:05 . 2013-07-07 15:05 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-07 15:05 . 2013-07-07 15:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-07-07 15:05 . 2013-07-07 15:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-07 15:05 . 2013-07-07 15:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-07 15:05 . 2013-07-07 15:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-07 15:05 . 2013-07-07 15:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-07 15:05 . 2013-07-07 15:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-07 15:05 . 2013-07-07 15:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-07-07 15:05 . 2013-07-07 15:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-07 15:05 . 2013-07-07 15:05 221184 ----a-w- c:\windows\system32\UIAnimation.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 22:53 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-05 18:35]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04 20:01]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Steve Bautch\AppData\Local\DefineExt\temp.dat
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{B3E1ADAF-E39E-480E-A8B0-B229E943F174} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-30  11:59:49
ComboFix-quarantined-files.txt  2013-08-30 16:59
.
Pre-Run: 256,150,470,656 bytes free
Post-Run: 256,274,784,256 bytes free
.
- - End Of File - - AF576E7F459C3C292D1B3705BEE1C229
5B5E648D12FCADC244C1EC30318E1EB9

 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 30 August 2013 - 12:48 PM

Hi,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    c:\programdata\wavav0bdtzbtb43b.reg

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

 

Post the new ComboFix log to your next reply and let me know how your system is running now.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 30 August 2013 - 04:14 PM

Here is the latest log.....I will checkout the browser functioning and post again

 

 

ComboFix 13-08-30.02 - Steve Bautch 08/30/2013  15:10:06.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3687.1558 [GMT -5:00]
Running from: c:\users\Steve Bautch\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve Bautch\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\wavav0bdtzbtb43b.reg"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wavav0bdtzbtb43b.reg
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
.
.
2013-08-30 21:05 . 2013-08-30 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-30 14:37 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F221CB8-2407-42B5-9183-4C02B5784F86}\mpengine.dll
2013-08-30 14:19 . 2013-08-30 15:47 -------- d-----w- C:\AdwCleaner
2013-08-25 03:41 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-24 16:57 . 2013-08-24 17:02 -------- d-----w- c:\programdata\HitmanPro
2013-08-24 16:35 . 2013-08-24 16:35 -------- d-----w- c:\users\Steve Bautch\AppData\Roaming\FixTDSS
2013-08-24 00:17 . 2013-08-24 15:02 -------- d-----w- c:\users\Steve Bautch\AppData\Local\NPE
2013-08-23 01:18 . 2013-07-27 15:31 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-23 01:18 . 2013-08-23 01:16 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C66E3E31-73FB-43AB-9AF6-50846C3CC3E6}\gapaengine.dll
2013-08-22 15:59 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-22 15:59 . 2013-08-22 15:59 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-22 15:59 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-22 15:59 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-22 15:59 . 2013-08-22 15:59 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-22 15:59 . 2013-08-22 15:59 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-22 15:59 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-22 15:59 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-22 15:59 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-22 15:58 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-08-22 15:57 . 2013-08-22 15:57 -------- d-----w- c:\program files\AVAST Software
2013-08-22 15:56 . 2013-08-22 15:57 -------- d-----w- c:\programdata\AVAST Software
2013-08-22 06:00 . 2013-08-22 06:00 -------- d-----w- c:\program files\Enigma Software Group
2013-08-22 05:58 . 2013-08-22 15:40 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-08-22 05:58 . 2013-08-22 05:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-19 03:02 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-19 03:02 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-19 03:02 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-19 03:02 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-19 03:02 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-19 02:41 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-19 02:41 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-19 02:41 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-19 02:41 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-19 02:41 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-19 02:41 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-19 02:41 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-19 02:41 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-19 02:41 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-19 02:41 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-19 02:41 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-17 15:16 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-17 15:16 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-17 15:16 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-17 15:16 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-17 15:16 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-17 15:16 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-17 15:16 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-17 15:16 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-17 15:16 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-17 15:16 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-17 15:15 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-17 15:15 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-17 15:15 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-17 15:15 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-17 15:14 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-17 15:14 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\programdata\TomTom
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\users\Steve Bautch\AppData\Roaming\TomTom
2013-08-03 15:46 . 2013-08-03 15:46 -------- d-----w- c:\users\Steve Bautch\AppData\Local\TomTom
2013-08-03 15:45 . 2013-08-03 15:45 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2013-08-03 15:44 . 2013-08-03 15:44 -------- d-----w- c:\program files (x86)\TomTom International B.V
2013-08-03 15:42 . 2013-08-03 15:42 -------- d-----w- c:\users\Steve Bautch\AppData\Local\Downloaded Installations
2013-08-02 05:33 . 2013-08-02 05:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-08-02 05:32 . 2013-08-02 05:32 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-08-02 05:32 . 2013-08-02 05:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-02 05:31 . 2013-08-02 05:31 -------- d-----w- c:\programdata\McAfee
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 18:35 . 2013-07-05 05:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 18:35 . 2011-10-31 03:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-19 02:43 . 2013-07-04 19:55 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-02 05:32 . 2011-10-31 03:31 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-19 02:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-07 19:55 . 2013-07-04 19:53 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-07-07 15:27 . 2013-07-07 15:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-07-07 15:13 . 2013-07-07 15:13 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-07 15:13 . 2013-07-07 15:13 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-07 15:13 . 2013-07-07 15:13 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-07 15:13 . 2013-07-07 15:13 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-07 15:13 . 2013-07-07 15:13 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-07 15:13 . 2013-07-07 15:13 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-07 15:13 . 2013-07-07 15:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-07 15:13 . 2013-07-07 15:13 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-07 15:13 . 2013-07-07 15:13 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-07 15:13 . 2013-07-07 15:13 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-07 15:13 . 2013-07-07 15:13 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-07 15:13 . 2013-07-07 15:13 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-07 15:13 . 2013-07-07 15:13 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-07 15:13 . 2013-07-07 15:13 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-07 15:13 . 2013-07-07 15:13 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-07 15:13 . 2013-07-07 15:13 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-07 15:13 . 2013-07-07 15:13 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-07 15:13 . 2013-07-07 15:13 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-07 15:13 . 2013-07-07 15:13 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-07 15:13 . 2013-07-07 15:13 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-07 15:13 . 2013-07-07 15:13 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-07 15:13 . 2013-07-07 15:13 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-07 15:13 . 2013-07-07 15:13 441856 ----a-w- c:\windows\system32\html.iec
2013-07-07 15:13 . 2013-07-07 15:13 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-07 15:13 . 2013-07-07 15:13 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-07 15:13 . 2013-07-07 15:13 235008 ----a-w- c:\windows\system32\url.dll
2013-07-07 15:13 . 2013-07-07 15:13 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-07 15:13 . 2013-07-07 15:13 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-07 15:13 . 2013-07-07 15:13 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-07 15:13 . 2013-07-07 15:13 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-07 15:13 . 2013-07-07 15:13 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-07 15:13 . 2013-07-07 15:13 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-07 15:13 . 2013-07-07 15:13 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-07 15:13 . 2013-07-07 15:13 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-07 15:13 . 2013-07-07 15:13 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-07 15:13 . 2013-07-07 15:13 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-07 15:13 . 2013-07-07 15:13 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-07 15:13 . 2013-07-07 15:13 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-07 15:13 . 2013-07-07 15:13 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-07 15:13 . 2013-07-07 15:13 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-07 15:13 . 2013-07-07 15:13 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-07 15:13 . 2013-07-07 15:13 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-07 15:13 . 2013-07-07 15:13 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-07 15:13 . 2013-07-07 15:13 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-07 15:13 . 2013-07-07 15:13 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-07 15:13 . 2013-07-07 15:13 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-07 15:13 . 2013-07-07 15:13 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-07 15:13 . 2013-07-07 15:13 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-07 15:13 . 2013-07-07 15:13 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-07 15:05 . 2013-07-07 15:05 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-07 15:05 . 2013-07-07 15:05 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-07 15:05 . 2013-07-07 15:05 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-07 15:05 . 2013-07-07 15:05 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-07 15:05 . 2013-07-07 15:05 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-07 15:05 . 2013-07-07 15:05 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-07 15:05 . 2013-07-07 15:05 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-07 15:05 . 2013-07-07 15:05 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-07 15:05 . 2013-07-07 15:05 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-07 15:05 . 2013-07-07 15:05 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-07 15:05 . 2013-07-07 15:05 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-07 15:05 . 2013-07-07 15:05 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-07 15:05 . 2013-07-07 15:05 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-07 15:05 . 2013-07-07 15:05 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-07 15:05 . 2013-07-07 15:05 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-07 15:05 . 2013-07-07 15:05 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-07 15:05 . 2013-07-07 15:05 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-07 15:05 . 2013-07-07 15:05 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-07-07 15:05 . 2013-07-07 15:05 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-07 15:05 . 2013-07-07 15:05 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-07 15:05 . 2013-07-07 15:05 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-07 15:05 . 2013-07-07 15:05 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-07 15:05 . 2013-07-07 15:05 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-07 15:05 . 2013-07-07 15:05 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-07-07 15:05 . 2013-07-07 15:05 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-07 15:05 . 2013-07-07 15:05 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-07 15:05 . 2013-07-07 15:05 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}]
c:\users\Steve Bautch\AppData\Local\DefineExt\temp.dat [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-01 22:53 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-05 18:35]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04 20:01]
.
2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\mssecex.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{B3E1ADAF-E39E-480E-A8B0-B229E943F174} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)

 



#8 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 30 August 2013 - 04:18 PM

Jeff,

 

Well it was a fast check.    Clicksure and other junk still is alive and redirecting the browser.  It usually does it the first time I attempt to do a google search and navigate to a web page from the selections offered.  When I hit back and then reattempt to load the page, it usually does not seem to be an issue.vee

 

 

Steve

 

 



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 31 August 2013 - 09:07 AM

Hi,
 
Ok thanks for letting me know.  I will not be back until later tonight due to family issues but will return as soon as I can....
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 31 August 2013 - 07:04 PM

Jeff,

 

Here are the next 2 pieces of the puzzle:

 

And FYI  I checked the redirect issue and it is still present after these 2 interventions.

 

Thanks for all you help

 

Steve

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Steve Bautch on Sat 08/31/2013 at 18:28:40.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Steve Bautch\appdata\local\defineext"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Steve Bautch\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/31/2013 at 18:54:18.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
18:24:42.0914 6524  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:24:43.0631 6524  ============================================================
18:24:43.0631 6524  Current date / time: 2013/08/31 18:24:43.0631
18:24:43.0631 6524  SystemInfo:
18:24:43.0631 6524  
18:24:43.0631 6524  OS Version: 6.1.7601 ServicePack: 1.0
18:24:43.0631 6524  Product type: Workstation
18:24:43.0631 6524  ComputerName: STEVEBAUTCH-PC
18:24:43.0631 6524  UserName: Steve Bautch
18:24:43.0631 6524  Windows directory: C:\windows
18:24:43.0631 6524  System windows directory: C:\windows
18:24:43.0631 6524  Running under WOW64
18:24:43.0631 6524  Processor architecture: Intel x64
18:24:43.0631 6524  Number of processors: 2
18:24:43.0631 6524  Page size: 0x1000
18:24:43.0631 6524  Boot type: Normal boot
18:24:43.0631 6524  ============================================================
18:24:45.0472 6524  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:24:45.0488 6524  ============================================================
18:24:45.0488 6524  \Device\Harddisk0\DR0:
18:24:45.0503 6524  MBR partitions:
18:24:45.0503 6524  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235D7000
18:24:45.0503 6524  ============================================================
18:24:45.0534 6524  C: <-> \Device\Harddisk0\DR0\Partition1
18:24:45.0534 6524  ============================================================
18:24:45.0534 6524  Initialize success
18:24:45.0534 6524  ============================================================
18:24:55.0534 6016  ============================================================
18:24:55.0534 6016  Scan started
18:24:55.0534 6016  Mode: Manual; TDLFS; 
18:24:55.0534 6016  ============================================================
18:24:56.0283 6016  ================ Scan system memory ========================
18:24:56.0283 6016  System memory - ok
18:24:56.0283 6016  ================ Scan services =============================
18:24:56.0548 6016  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
18:24:56.0548 6016  1394ohci - ok
18:24:56.0626 6016  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
18:24:56.0626 6016  ACPI - ok
18:24:56.0657 6016  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
18:24:56.0673 6016  AcpiPmi - ok
18:24:56.0735 6016  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:24:56.0735 6016  AdobeARMservice - ok
18:24:56.0922 6016  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:24:56.0922 6016  AdobeFlashPlayerUpdateSvc - ok
18:24:56.0985 6016  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
18:24:56.0985 6016  adp94xx - ok
18:24:57.0032 6016  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
18:24:57.0032 6016  adpahci - ok
18:24:57.0047 6016  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
18:24:57.0063 6016  adpu320 - ok
18:24:57.0094 6016  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
18:24:57.0094 6016  AeLookupSvc - ok
18:24:57.0141 6016  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
18:24:57.0156 6016  AFD - ok
18:24:57.0188 6016  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
18:24:57.0188 6016  agp440 - ok
18:24:57.0219 6016  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
18:24:57.0219 6016  ALG - ok
18:24:57.0234 6016  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
18:24:57.0234 6016  aliide - ok
18:24:57.0312 6016  [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:24:57.0312 6016  AMD External Events Utility - ok
18:24:57.0344 6016  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
18:24:57.0344 6016  amdide - ok
18:24:57.0359 6016  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
18:24:57.0375 6016  AmdK8 - ok
18:24:57.0640 6016  [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
18:24:57.0734 6016  amdkmdag - ok
18:24:57.0812 6016  [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
18:24:57.0812 6016  amdkmdap - ok
18:24:57.0858 6016  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
18:24:57.0858 6016  AmdPPM - ok
18:24:57.0890 6016  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
18:24:57.0890 6016  amdsata - ok
18:24:57.0905 6016  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
18:24:57.0905 6016  amdsbs - ok
18:24:57.0921 6016  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
18:24:57.0921 6016  amdxata - ok
18:24:57.0952 6016  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata        C:\windows\system32\DRIVERS\amd_sata.sys
18:24:57.0968 6016  amd_sata - ok
18:24:57.0968 6016  [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata        C:\windows\system32\DRIVERS\amd_xata.sys
18:24:57.0983 6016  amd_xata - ok
18:24:57.0999 6016  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
18:24:58.0014 6016  AppID - ok
18:24:58.0046 6016  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
18:24:58.0046 6016  AppIDSvc - ok
18:24:58.0077 6016  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
18:24:58.0077 6016  Appinfo - ok
18:24:58.0139 6016  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
18:24:58.0139 6016  arc - ok
18:24:58.0155 6016  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
18:24:58.0170 6016  arcsas - ok
18:24:58.0217 6016  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
18:24:58.0217 6016  aswFsBlk - ok
18:24:58.0264 6016  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
18:24:58.0264 6016  aswMonFlt - ok
18:24:58.0280 6016  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
18:24:58.0280 6016  aswRdr - ok
18:24:58.0326 6016  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
18:24:58.0326 6016  aswRvrt - ok
18:24:58.0373 6016  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
18:24:58.0389 6016  aswSnx - ok
18:24:58.0420 6016  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\windows\system32\drivers\aswSP.sys
18:24:58.0436 6016  aswSP - ok
18:24:58.0467 6016  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
18:24:58.0467 6016  aswTdi - ok
18:24:58.0514 6016  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
18:24:58.0514 6016  aswVmm - ok
18:24:58.0545 6016  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
18:24:58.0545 6016  AsyncMac - ok
18:24:58.0638 6016  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
18:24:58.0638 6016  atapi - ok
18:24:58.0716 6016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:24:58.0716 6016  AudioEndpointBuilder - ok
18:24:58.0748 6016  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
18:24:58.0748 6016  AudioSrv - ok
18:24:58.0841 6016  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:24:58.0841 6016  avast! Antivirus - ok
18:24:58.0888 6016  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
18:24:58.0888 6016  AxInstSV - ok
18:24:58.0950 6016  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
18:24:58.0950 6016  b06bdrv - ok
18:24:58.0997 6016  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
18:24:58.0997 6016  b57nd60a - ok
18:24:59.0044 6016  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
18:24:59.0060 6016  BDESVC - ok
18:24:59.0075 6016  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
18:24:59.0075 6016  Beep - ok
18:24:59.0138 6016  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
18:24:59.0138 6016  BFE - ok
18:24:59.0325 6016  [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys
18:24:59.0340 6016  BHDrvx64 - ok
18:24:59.0403 6016  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
18:24:59.0418 6016  BITS - ok
18:24:59.0450 6016  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
18:24:59.0450 6016  blbdrive - ok
18:24:59.0481 6016  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
18:24:59.0496 6016  bowser - ok
18:24:59.0528 6016  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
18:24:59.0528 6016  BrFiltLo - ok
18:24:59.0543 6016  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
18:24:59.0543 6016  BrFiltUp - ok
18:24:59.0574 6016  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
18:24:59.0574 6016  BridgeMP - ok
18:24:59.0590 6016  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
18:24:59.0590 6016  Browser - ok
18:24:59.0621 6016  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
18:24:59.0621 6016  Brserid - ok
18:24:59.0652 6016  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
18:24:59.0652 6016  BrSerWdm - ok
18:24:59.0668 6016  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
18:24:59.0668 6016  BrUsbMdm - ok
18:24:59.0668 6016  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
18:24:59.0684 6016  BrUsbSer - ok
18:24:59.0699 6016  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
18:24:59.0699 6016  BTHMODEM - ok
18:24:59.0746 6016  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
18:24:59.0746 6016  bthserv - ok
18:24:59.0762 6016  catchme - ok
18:24:59.0840 6016  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
18:24:59.0840 6016  ccSet_NIS - ok
18:24:59.0886 6016  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
18:24:59.0886 6016  cdfs - ok
18:24:59.0949 6016  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
18:24:59.0949 6016  cdrom - ok
18:24:59.0996 6016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
18:25:00.0011 6016  CertPropSvc - ok
18:25:00.0027 6016  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
18:25:00.0027 6016  circlass - ok
18:25:00.0074 6016  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
18:25:00.0074 6016  CLFS - ok
18:25:00.0136 6016  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:25:00.0136 6016  clr_optimization_v2.0.50727_32 - ok
18:25:00.0167 6016  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:25:00.0183 6016  clr_optimization_v2.0.50727_64 - ok
18:25:00.0292 6016  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:25:00.0292 6016  clr_optimization_v4.0.30319_32 - ok
18:25:00.0354 6016  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:25:00.0370 6016  clr_optimization_v4.0.30319_64 - ok
18:25:00.0417 6016  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
18:25:00.0417 6016  CmBatt - ok
18:25:00.0448 6016  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
18:25:00.0448 6016  cmdide - ok
18:25:00.0495 6016  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
18:25:00.0510 6016  CNG - ok
18:25:00.0651 6016  [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
18:25:00.0666 6016  CnxtHdAudService - ok
18:25:00.0713 6016  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
18:25:00.0713 6016  Compbatt - ok
18:25:00.0729 6016  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
18:25:00.0729 6016  CompositeBus - ok
18:25:00.0744 6016  COMSysApp - ok
18:25:00.0776 6016  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
18:25:00.0776 6016  crcdisk - ok
18:25:00.0838 6016  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\windows\system32\cryptsvc.dll
18:25:00.0838 6016  CryptSvc - ok
18:25:00.0947 6016  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:25:00.0963 6016  cvhsvc - ok
18:25:01.0010 6016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
18:25:01.0025 6016  DcomLaunch - ok
18:25:01.0088 6016  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
18:25:01.0088 6016  defragsvc - ok
18:25:01.0134 6016  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
18:25:01.0134 6016  DfsC - ok
18:25:01.0181 6016  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
18:25:01.0181 6016  Dhcp - ok
18:25:01.0197 6016  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
18:25:01.0197 6016  discache - ok
18:25:01.0228 6016  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
18:25:01.0228 6016  Disk - ok
18:25:01.0259 6016  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
18:25:01.0275 6016  Dnscache - ok
18:25:01.0290 6016  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
18:25:01.0306 6016  dot3svc - ok
18:25:01.0322 6016  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
18:25:01.0322 6016  DPS - ok
18:25:01.0353 6016  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
18:25:01.0353 6016  drmkaud - ok
18:25:01.0400 6016  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
18:25:01.0415 6016  DXGKrnl - ok
18:25:01.0446 6016  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
18:25:01.0462 6016  EapHost - ok
18:25:01.0571 6016  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
18:25:01.0602 6016  ebdrv - ok
18:25:01.0665 6016  [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:25:01.0665 6016  eeCtrl - ok
18:25:01.0712 6016  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
18:25:01.0712 6016  EFS - ok
18:25:01.0790 6016  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
18:25:01.0805 6016  ehRecvr - ok
18:25:01.0836 6016  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
18:25:01.0836 6016  ehSched - ok
18:25:01.0914 6016  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
18:25:01.0914 6016  elxstor - ok
18:25:01.0930 6016  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
18:25:01.0930 6016  ErrDev - ok
18:25:02.0024 6016  esgiguard - ok
18:25:02.0055 6016  [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD             C:\windows\system32\DRIVERS\ETD.sys
18:25:02.0070 6016  ETD - ok
18:25:02.0117 6016  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
18:25:02.0133 6016  EventSystem - ok
18:25:02.0164 6016  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
18:25:02.0164 6016  exfat - ok
18:25:02.0180 6016  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
18:25:02.0195 6016  fastfat - ok
18:25:02.0226 6016  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
18:25:02.0242 6016  Fax - ok
18:25:02.0258 6016  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
18:25:02.0258 6016  fdc - ok
18:25:02.0304 6016  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
18:25:02.0304 6016  fdPHost - ok
18:25:02.0336 6016  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
18:25:02.0336 6016  FDResPub - ok
18:25:02.0351 6016  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
18:25:02.0351 6016  FileInfo - ok
18:25:02.0367 6016  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
18:25:02.0367 6016  Filetrace - ok
18:25:02.0398 6016  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
18:25:02.0398 6016  flpydisk - ok
18:25:02.0414 6016  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
18:25:02.0429 6016  FltMgr - ok
18:25:02.0492 6016  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
18:25:02.0507 6016  FontCache - ok
18:25:02.0538 6016  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:25:02.0538 6016  FontCache3.0.0.0 - ok
18:25:02.0585 6016  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
18:25:02.0585 6016  FsDepends - ok
18:25:02.0616 6016  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
18:25:02.0616 6016  Fs_Rec - ok
18:25:02.0679 6016  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
18:25:02.0679 6016  fvevol - ok
18:25:02.0726 6016  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
18:25:02.0726 6016  FwLnk - ok
18:25:02.0757 6016  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
18:25:02.0772 6016  gagp30kx - ok
18:25:02.0819 6016  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:25:02.0819 6016  GamesAppService - ok
18:25:02.0866 6016  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
18:25:02.0882 6016  gpsvc - ok
18:25:02.0944 6016  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:02.0944 6016  gupdate - ok
18:25:02.0960 6016  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:25:02.0975 6016  gupdatem - ok
18:25:03.0006 6016  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:25:03.0006 6016  gusvc - ok
18:25:03.0038 6016  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
18:25:03.0038 6016  hcw85cir - ok
18:25:03.0084 6016  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:25:03.0084 6016  HdAudAddService - ok
18:25:03.0116 6016  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
18:25:03.0116 6016  HDAudBus - ok
18:25:03.0147 6016  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
18:25:03.0147 6016  HidBatt - ok
18:25:03.0147 6016  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
18:25:03.0162 6016  HidBth - ok
18:25:03.0162 6016  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
18:25:03.0162 6016  HidIr - ok
18:25:03.0194 6016  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\System32\hidserv.dll
18:25:03.0209 6016  hidserv - ok
18:25:03.0240 6016  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
18:25:03.0240 6016  HidUsb - ok
18:25:03.0272 6016  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
18:25:03.0287 6016  hkmsvc - ok
18:25:03.0303 6016  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:25:03.0303 6016  HomeGroupListener - ok
18:25:03.0334 6016  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:25:03.0350 6016  HomeGroupProvider - ok
18:25:03.0381 6016  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
18:25:03.0381 6016  HpSAMD - ok
18:25:03.0428 6016  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
18:25:03.0443 6016  HTTP - ok
18:25:03.0459 6016  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
18:25:03.0459 6016  hwpolicy - ok
18:25:03.0490 6016  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
18:25:03.0490 6016  i8042prt - ok
18:25:03.0537 6016  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
18:25:03.0537 6016  iaStorV - ok
18:25:03.0615 6016  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:25:03.0630 6016  idsvc - ok
18:25:03.0724 6016  [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys
18:25:03.0740 6016  IDSVia64 - ok
18:25:03.0771 6016  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
18:25:03.0786 6016  iirsp - ok
18:25:03.0849 6016  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
18:25:03.0864 6016  IKEEXT - ok
18:25:03.0880 6016  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
18:25:03.0880 6016  intelide - ok
18:25:03.0896 6016  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
18:25:03.0896 6016  intelppm - ok
18:25:03.0927 6016  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
18:25:03.0927 6016  IPBusEnum - ok
18:25:03.0958 6016  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
18:25:03.0958 6016  IpFilterDriver - ok
18:25:04.0005 6016  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
18:25:04.0020 6016  iphlpsvc - ok
18:25:04.0036 6016  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
18:25:04.0036 6016  IPMIDRV - ok
18:25:04.0036 6016  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
18:25:04.0052 6016  IPNAT - ok
18:25:04.0083 6016  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
18:25:04.0083 6016  IRENUM - ok
18:25:04.0098 6016  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
18:25:04.0098 6016  isapnp - ok
18:25:04.0130 6016  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
18:25:04.0130 6016  iScsiPrt - ok
18:25:04.0161 6016  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
18:25:04.0161 6016  kbdclass - ok
18:25:04.0192 6016  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
18:25:04.0208 6016  kbdhid - ok
18:25:04.0223 6016  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
18:25:04.0239 6016  KeyIso - ok
18:25:04.0286 6016  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
18:25:04.0286 6016  KSecDD - ok
18:25:04.0395 6016  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
18:25:04.0395 6016  KSecPkg - ok
18:25:04.0535 6016  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
18:25:04.0535 6016  ksthunk - ok
18:25:04.0598 6016  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
18:25:04.0613 6016  KtmRm - ok
18:25:04.0660 6016  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
18:25:04.0660 6016  L1C - ok
18:25:04.0691 6016  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
18:25:04.0707 6016  LanmanServer - ok
18:25:04.0738 6016  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:25:04.0754 6016  LanmanWorkstation - ok
18:25:04.0800 6016  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
18:25:04.0800 6016  lltdio - ok
18:25:04.0832 6016  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
18:25:04.0847 6016  lltdsvc - ok
18:25:04.0863 6016  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
18:25:04.0878 6016  lmhosts - ok
18:25:04.0925 6016  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
18:25:04.0925 6016  LSI_FC - ok
18:25:04.0925 6016  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
18:25:04.0941 6016  LSI_SAS - ok
18:25:04.0956 6016  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
18:25:04.0956 6016  LSI_SAS2 - ok
18:25:04.0972 6016  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
18:25:04.0972 6016  LSI_SCSI - ok
18:25:05.0003 6016  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
18:25:05.0003 6016  luafv - ok
18:25:05.0066 6016  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
18:25:05.0066 6016  MBAMProtector - ok
18:25:05.0144 6016  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:25:05.0144 6016  MBAMScheduler - ok
18:25:05.0175 6016  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:25:05.0190 6016  MBAMService - ok
18:25:05.0222 6016  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
18:25:05.0237 6016  Mcx2Svc - ok
18:25:05.0268 6016  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
18:25:05.0268 6016  megasas - ok
18:25:05.0315 6016  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
18:25:05.0331 6016  MegaSR - ok
18:25:05.0362 6016  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
18:25:05.0362 6016  MMCSS - ok
18:25:05.0378 6016  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
18:25:05.0393 6016  Modem - ok
18:25:05.0424 6016  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
18:25:05.0424 6016  monitor - ok
18:25:05.0456 6016  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
18:25:05.0456 6016  mouclass - ok
18:25:05.0487 6016  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\drivers\mouhid.sys
18:25:05.0487 6016  mouhid - ok
18:25:05.0502 6016  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
18:25:05.0502 6016  mountmgr - ok
18:25:05.0549 6016  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\windows\system32\DRIVERS\MpFilter.sys
18:25:05.0549 6016  MpFilter - ok
18:25:05.0565 6016  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
18:25:05.0565 6016  mpio - ok
18:25:05.0596 6016  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
18:25:05.0596 6016  mpsdrv - ok
18:25:05.0643 6016  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
18:25:05.0658 6016  MpsSvc - ok
18:25:05.0690 6016  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
18:25:05.0690 6016  MRxDAV - ok
18:25:05.0705 6016  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
18:25:05.0721 6016  mrxsmb - ok
18:25:05.0752 6016  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
18:25:05.0752 6016  mrxsmb10 - ok
18:25:05.0768 6016  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
18:25:05.0768 6016  mrxsmb20 - ok
18:25:05.0783 6016  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
18:25:05.0783 6016  msahci - ok
18:25:05.0814 6016  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
18:25:05.0814 6016  msdsm - ok
18:25:05.0846 6016  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
18:25:05.0846 6016  MSDTC - ok
18:25:05.0877 6016  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
18:25:05.0892 6016  Msfs - ok
18:25:05.0908 6016  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
18:25:05.0908 6016  mshidkmdf - ok
18:25:05.0924 6016  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
18:25:05.0939 6016  msisadrv - ok
18:25:05.0970 6016  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
18:25:05.0986 6016  MSiSCSI - ok
18:25:05.0986 6016  msiserver - ok
18:25:06.0033 6016  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
18:25:06.0033 6016  MSKSSRV - ok
18:25:06.0080 6016  [ FD909D744ACFCF61CAC3A77854F8B301 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:25:06.0080 6016  MsMpSvc - ok
18:25:06.0111 6016  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
18:25:06.0111 6016  MSPCLOCK - ok
18:25:06.0126 6016  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
18:25:06.0126 6016  MSPQM - ok
18:25:06.0158 6016  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
18:25:06.0158 6016  MsRPC - ok
18:25:06.0173 6016  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
18:25:06.0189 6016  mssmbios - ok
18:25:06.0204 6016  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
18:25:06.0204 6016  MSTEE - ok
18:25:06.0220 6016  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
18:25:06.0220 6016  MTConfig - ok
18:25:06.0236 6016  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
18:25:06.0236 6016  Mup - ok
18:25:06.0282 6016  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
18:25:06.0298 6016  napagent - ok
18:25:06.0345 6016  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
18:25:06.0360 6016  NativeWifiP - ok
18:25:06.0423 6016  [ 56540E526B46E379A476FB5BC381B290 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130711.001\ENG64.SYS
18:25:06.0423 6016  NAVENG - ok
18:25:06.0501 6016  [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130711.001\EX64.SYS
18:25:06.0516 6016  NAVEX15 - ok
18:25:06.0610 6016  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
18:25:06.0626 6016  NDIS - ok
18:25:06.0672 6016  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
18:25:06.0672 6016  NdisCap - ok
18:25:06.0704 6016  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
18:25:06.0704 6016  NdisTapi - ok
18:25:06.0719 6016  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
18:25:06.0719 6016  Ndisuio - ok
18:25:06.0735 6016  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
18:25:06.0735 6016  NdisWan - ok
18:25:06.0750 6016  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
18:25:06.0750 6016  NDProxy - ok
18:25:06.0766 6016  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
18:25:06.0766 6016  NetBIOS - ok
18:25:06.0782 6016  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
18:25:06.0797 6016  NetBT - ok
18:25:06.0813 6016  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
18:25:06.0828 6016  Netlogon - ok
18:25:06.0875 6016  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
18:25:06.0875 6016  Netman - ok
18:25:06.0891 6016  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
18:25:06.0906 6016  netprofm - ok
18:25:06.0938 6016  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:25:06.0953 6016  NetTcpPortSharing - ok
18:25:06.0984 6016  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
18:25:06.0984 6016  nfrd960 - ok
18:25:07.0047 6016  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
18:25:07.0062 6016  NIS - ok
18:25:07.0109 6016  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\windows\system32\DRIVERS\NisDrvWFP.sys
18:25:07.0109 6016  NisDrv - ok
18:25:07.0156 6016  [ EC445A9F0FB52E5F467C156FFF6F6D93 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:25:07.0156 6016  NisSrv - ok
18:25:07.0187 6016  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
18:25:07.0203 6016  NlaSvc - ok
18:25:07.0250 6016  Norton PC Checkup Application Launcher - ok
18:25:07.0281 6016  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
18:25:07.0281 6016  Npfs - ok
18:25:07.0312 6016  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
18:25:07.0312 6016  nsi - ok
18:25:07.0328 6016  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
18:25:07.0328 6016  nsiproxy - ok
18:25:07.0390 6016  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
18:25:07.0421 6016  Ntfs - ok
18:25:07.0452 6016  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
18:25:07.0452 6016  Null - ok
18:25:07.0484 6016  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
18:25:07.0484 6016  nvraid - ok
18:25:07.0515 6016  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
18:25:07.0515 6016  nvstor - ok
18:25:07.0546 6016  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
18:25:07.0546 6016  nv_agp - ok
18:25:07.0577 6016  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
18:25:07.0577 6016  ohci1394 - ok
18:25:07.0608 6016  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:25:07.0608 6016  ose - ok
18:25:07.0796 6016  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:25:07.0842 6016  osppsvc - ok
18:25:07.0905 6016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
18:25:07.0920 6016  p2pimsvc - ok
18:25:07.0952 6016  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
18:25:07.0952 6016  p2psvc - ok
18:25:07.0998 6016  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
18:25:07.0998 6016  Parport - ok
18:25:08.0030 6016  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
18:25:08.0030 6016  partmgr - ok
18:25:08.0076 6016  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
18:25:08.0076 6016  PcaSvc - ok
18:25:08.0123 6016  [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
18:25:08.0123 6016  PCCUJobMgr - ok
18:25:08.0154 6016  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
18:25:08.0154 6016  pci - ok
18:25:08.0186 6016  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
18:25:08.0186 6016  pciide - ok
18:25:08.0201 6016  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
18:25:08.0217 6016  pcmcia - ok
18:25:08.0217 6016  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
18:25:08.0232 6016  pcw - ok
18:25:08.0264 6016  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
18:25:08.0279 6016  PEAUTH - ok
18:25:08.0435 6016  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
18:25:08.0435 6016  PerfHost - ok
18:25:08.0498 6016  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
18:25:08.0513 6016  PGEffect - ok
18:25:08.0591 6016  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
18:25:08.0622 6016  pla - ok
18:25:08.0685 6016  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
18:25:08.0700 6016  PlugPlay - ok
18:25:08.0732 6016  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
18:25:08.0732 6016  PNRPAutoReg - ok
18:25:08.0763 6016  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
18:25:08.0778 6016  PNRPsvc - ok
18:25:08.0810 6016  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
18:25:08.0825 6016  PolicyAgent - ok
18:25:08.0856 6016  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
18:25:08.0872 6016  Power - ok
18:25:08.0919 6016  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
18:25:08.0919 6016  PptpMiniport - ok
18:25:08.0950 6016  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
18:25:08.0950 6016  Processor - ok
18:25:08.0981 6016  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
18:25:08.0997 6016  ProfSvc - ok
18:25:09.0012 6016  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:25:09.0028 6016  ProtectedStorage - ok
18:25:09.0044 6016  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
18:25:09.0059 6016  Psched - ok
18:25:09.0122 6016  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
18:25:09.0137 6016  ql2300 - ok
18:25:09.0168 6016  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
18:25:09.0168 6016  ql40xx - ok
18:25:09.0215 6016  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
18:25:09.0215 6016  QWAVE - ok
18:25:09.0246 6016  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
18:25:09.0246 6016  QWAVEdrv - ok
18:25:09.0262 6016  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
18:25:09.0262 6016  RasAcd - ok
18:25:09.0293 6016  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
18:25:09.0293 6016  RasAgileVpn - ok
18:25:09.0309 6016  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
18:25:09.0324 6016  RasAuto - ok
18:25:09.0340 6016  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
18:25:09.0340 6016  Rasl2tp - ok
18:25:09.0356 6016  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
18:25:09.0371 6016  RasMan - ok
18:25:09.0387 6016  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
18:25:09.0387 6016  RasPppoe - ok
18:25:09.0402 6016  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
18:25:09.0402 6016  RasSstp - ok
18:25:09.0449 6016  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
18:25:09.0449 6016  rdbss - ok
18:25:09.0480 6016  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
18:25:09.0480 6016  rdpbus - ok
18:25:09.0496 6016  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
18:25:09.0496 6016  RDPCDD - ok
18:25:09.0543 6016  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
18:25:09.0543 6016  RDPENCDD - ok
18:25:09.0558 6016  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
18:25:09.0558 6016  RDPREFMP - ok
18:25:09.0683 6016  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
18:25:09.0699 6016  RdpVideoMiniport - ok
18:25:09.0808 6016  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
18:25:09.0808 6016  RDPWD - ok
18:25:09.0964 6016  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
18:25:09.0964 6016  rdyboost - ok
18:25:09.0995 6016  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
18:25:10.0011 6016  RemoteAccess - ok
18:25:10.0058 6016  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
18:25:10.0058 6016  RemoteRegistry - ok
18:25:10.0073 6016  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
18:25:10.0089 6016  RpcEptMapper - ok
18:25:10.0120 6016  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
18:25:10.0120 6016  RpcLocator - ok
18:25:10.0167 6016  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
18:25:10.0182 6016  RpcSs - ok
18:25:10.0229 6016  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
18:25:10.0229 6016  rspndr - ok
18:25:10.0276 6016  [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
18:25:10.0276 6016  RSUSBSTOR - ok
18:25:10.0338 6016  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:25:10.0354 6016  RTL8192Ce - ok
18:25:10.0370 6016  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
18:25:10.0385 6016  SamSs - ok
18:25:10.0416 6016  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
18:25:10.0416 6016  sbp2port - ok
18:25:10.0448 6016  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
18:25:10.0463 6016  SCardSvr - ok
18:25:10.0479 6016  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
18:25:10.0479 6016  scfilter - ok
18:25:10.0541 6016  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
18:25:10.0557 6016  Schedule - ok
18:25:10.0604 6016  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
18:25:10.0604 6016  SCPolicySvc - ok
18:25:10.0650 6016  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
18:25:10.0650 6016  SDRSVC - ok
18:25:10.0697 6016  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
18:25:10.0697 6016  secdrv - ok
18:25:10.0728 6016  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
18:25:10.0728 6016  seclogon - ok
18:25:10.0760 6016  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
18:25:10.0760 6016  SENS - ok
18:25:10.0822 6016  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
18:25:10.0822 6016  SensrSvc - ok
18:25:10.0853 6016  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
18:25:10.0853 6016  Serenum - ok
18:25:10.0869 6016  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
18:25:10.0884 6016  Serial - ok
18:25:10.0900 6016  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
18:25:10.0900 6016  sermouse - ok
18:25:10.0947 6016  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
18:25:10.0962 6016  SessionEnv - ok
18:25:10.0978 6016  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
18:25:10.0978 6016  sffdisk - ok
18:25:10.0994 6016  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
18:25:10.0994 6016  sffp_mmc - ok
18:25:11.0009 6016  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
18:25:11.0009 6016  sffp_sd - ok
18:25:11.0025 6016  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
18:25:11.0025 6016  sfloppy - ok
18:25:11.0072 6016  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
18:25:11.0087 6016  Sftfs - ok
18:25:11.0150 6016  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:25:11.0150 6016  sftlist - ok
18:25:11.0196 6016  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
18:25:11.0212 6016  Sftplay - ok
18:25:11.0243 6016  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
18:25:11.0243 6016  Sftredir - ok
18:25:11.0259 6016  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
18:25:11.0259 6016  Sftvol - ok
18:25:11.0290 6016  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:25:11.0290 6016  sftvsa - ok
18:25:11.0337 6016  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
18:25:11.0337 6016  SharedAccess - ok
18:25:11.0384 6016  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:25:11.0384 6016  ShellHWDetection - ok
18:25:11.0415 6016  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
18:25:11.0430 6016  SiSRaid2 - ok
18:25:11.0462 6016  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
18:25:11.0462 6016  SiSRaid4 - ok
18:25:11.0477 6016  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
18:25:11.0477 6016  Smb - ok
18:25:11.0540 6016  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
18:25:11.0555 6016  SNMPTRAP - ok
18:25:11.0571 6016  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
18:25:11.0571 6016  spldr - ok
18:25:11.0618 6016  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
18:25:11.0633 6016  Spooler - ok
18:25:11.0742 6016  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
18:25:11.0789 6016  sppsvc - ok
18:25:11.0805 6016  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
18:25:11.0820 6016  sppuinotify - ok
18:25:11.0914 6016  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
18:25:11.0930 6016  SRTSP - ok
18:25:11.0961 6016  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
18:25:11.0961 6016  SRTSPX - ok
18:25:11.0992 6016  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
18:25:12.0008 6016  srv - ok
18:25:12.0023 6016  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
18:25:12.0023 6016  srv2 - ok
18:25:12.0039 6016  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
18:25:12.0039 6016  srvnet - ok
18:25:12.0101 6016  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
18:25:12.0101 6016  SSDPSRV - ok
18:25:12.0132 6016  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
18:25:12.0132 6016  SstpSvc - ok
18:25:12.0164 6016  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
18:25:12.0164 6016  stexstor - ok
18:25:12.0210 6016  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
18:25:12.0226 6016  stisvc - ok
18:25:12.0257 6016  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
18:25:12.0257 6016  swenum - ok
18:25:12.0304 6016  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
18:25:12.0320 6016  swprv - ok
18:25:12.0366 6016  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
18:25:12.0366 6016  SymDS - ok
18:25:12.0413 6016  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
18:25:12.0429 6016  SymEFA - ok
18:25:12.0476 6016  [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:25:12.0476 6016  SymEvent - ok
18:25:12.0491 6016  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
18:25:12.0507 6016  SymIRON - ok
18:25:12.0538 6016  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
18:25:12.0554 6016  SymNetS - ok
18:25:12.0632 6016  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
18:25:12.0663 6016  SysMain - ok
18:25:12.0678 6016  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:25:12.0694 6016  TabletInputService - ok
18:25:12.0710 6016  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
18:25:12.0725 6016  TapiSrv - ok
18:25:12.0756 6016  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
18:25:12.0772 6016  TBS - ok
18:25:12.0850 6016  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
18:25:12.0881 6016  Tcpip - ok
18:25:12.0928 6016  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
18:25:12.0944 6016  TCPIP6 - ok
18:25:12.0975 6016  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
18:25:12.0990 6016  tcpipreg - ok
18:25:13.0037 6016  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
18:25:13.0037 6016  tdcmdpst - ok
18:25:13.0068 6016  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
18:25:13.0084 6016  TDPIPE - ok
18:25:13.0115 6016  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
18:25:13.0115 6016  TDTCP - ok
18:25:13.0131 6016  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
18:25:13.0146 6016  tdx - ok
18:25:13.0146 6016  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
18:25:13.0162 6016  TermDD - ok
18:25:13.0209 6016  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
18:25:13.0224 6016  TermService - ok
18:25:13.0256 6016  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
18:25:13.0256 6016  Themes - ok
18:25:13.0287 6016  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
18:25:13.0287 6016  THREADORDER - ok
18:25:13.0365 6016  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:25:13.0365 6016  TMachInfo - ok
18:25:13.0412 6016  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
18:25:13.0427 6016  TODDSrv - ok
18:25:13.0536 6016  [ 9512B0ED87A530A786B4DDB97D22DB17 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:25:13.0536 6016  TomTomHOMEService - ok
18:25:13.0708 6016  [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:25:13.0724 6016  TosCoSrv - ok
18:25:13.0926 6016  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:25:13.0926 6016  TOSHIBA HDD SSD Alert Service - ok
18:25:13.0973 6016  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
18:25:13.0973 6016  TrkWks - ok
18:25:14.0098 6016  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:25:14.0098 6016  TrustedInstaller - ok
18:25:14.0160 6016  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
18:25:14.0160 6016  tssecsrv - ok
18:25:14.0207 6016  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
18:25:14.0207 6016  TsUsbFlt - ok
18:25:14.0238 6016  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
18:25:14.0254 6016  TsUsbGD - ok
18:25:14.0285 6016  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
18:25:14.0285 6016  tunnel - ok
18:25:14.0394 6016  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:25:14.0394 6016  TVALZ - ok
18:25:14.0457 6016  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
18:25:14.0457 6016  uagp35 - ok
18:25:14.0488 6016  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
18:25:14.0488 6016  udfs - ok
18:25:14.0550 6016  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
18:25:14.0550 6016  UI0Detect - ok
18:25:14.0628 6016  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
18:25:14.0628 6016  uliagpkx - ok
18:25:14.0644 6016  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
18:25:14.0660 6016  umbus - ok
18:25:14.0691 6016  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
18:25:14.0691 6016  UmPass - ok
18:25:14.0738 6016  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
18:25:14.0753 6016  upnphost - ok
18:25:14.0784 6016  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
18:25:14.0784 6016  usbccgp - ok
18:25:14.0816 6016  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
18:25:14.0816 6016  usbcir - ok
18:25:14.0831 6016  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
18:25:14.0847 6016  usbehci - ok
18:25:14.0862 6016  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
18:25:14.0878 6016  usbhub - ok
18:25:14.0894 6016  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
18:25:14.0894 6016  usbohci - ok
18:25:14.0909 6016  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
18:25:14.0909 6016  usbprint - ok
18:25:14.0925 6016  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
18:25:14.0940 6016  USBSTOR - ok
18:25:15.0018 6016  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
18:25:15.0034 6016  usbuhci - ok
18:25:15.0128 6016  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
18:25:15.0143 6016  usbvideo - ok
18:25:15.0206 6016  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
18:25:15.0221 6016  UxSms - ok
18:25:15.0237 6016  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
18:25:15.0252 6016  VaultSvc - ok
18:25:15.0268 6016  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
18:25:15.0268 6016  vdrvroot - ok
18:25:15.0299 6016  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
18:25:15.0315 6016  vds - ok
18:25:15.0330 6016  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
18:25:15.0330 6016  vga - ok
18:25:15.0346 6016  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
18:25:15.0346 6016  VgaSave - ok
18:25:15.0362 6016  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
18:25:15.0362 6016  vhdmp - ok
18:25:15.0393 6016  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
18:25:15.0408 6016  viaide - ok
18:25:15.0440 6016  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
18:25:15.0440 6016  volmgr - ok
18:25:15.0486 6016  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
18:25:15.0502 6016  volmgrx - ok
18:25:15.0580 6016  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
18:25:15.0596 6016  volsnap - ok
18:25:15.0674 6016  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
18:25:15.0674 6016  vsmraid - ok
18:25:15.0767 6016  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
18:25:15.0798 6016  VSS - ok
18:25:15.0814 6016  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
18:25:15.0830 6016  vwifibus - ok
18:25:15.0861 6016  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
18:25:15.0861 6016  vwififlt - ok
18:25:15.0892 6016  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
18:25:15.0908 6016  W32Time - ok
18:25:15.0939 6016  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
18:25:15.0939 6016  WacomPen - ok
18:25:15.0954 6016  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
18:25:15.0970 6016  WANARP - ok
18:25:15.0970 6016  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
18:25:15.0986 6016  Wanarpv6 - ok
18:25:16.0079 6016  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
18:25:16.0095 6016  WatAdminSvc - ok
18:25:16.0157 6016  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
18:25:16.0188 6016  wbengine - ok
18:25:16.0220 6016  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
18:25:16.0235 6016  WbioSrvc - ok
18:25:16.0251 6016  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
18:25:16.0266 6016  wcncsvc - ok
18:25:16.0298 6016  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:25:16.0313 6016  WcsPlugInService - ok
18:25:16.0344 6016  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
18:25:16.0344 6016  Wd - ok
18:25:16.0407 6016  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
18:25:16.0422 6016  Wdf01000 - ok
18:25:16.0454 6016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
18:25:16.0469 6016  WdiServiceHost - ok
18:25:16.0469 6016  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
18:25:16.0485 6016  WdiSystemHost - ok
18:25:16.0532 6016  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
18:25:16.0532 6016  WebClient - ok
18:25:16.0578 6016  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
18:25:16.0594 6016  Wecsvc - ok
18:25:16.0610 6016  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
18:25:16.0625 6016  wercplsupport - ok
18:25:16.0672 6016  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
18:25:16.0672 6016  WerSvc - ok
18:25:16.0719 6016  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
18:25:16.0719 6016  WfpLwf - ok
18:25:16.0734 6016  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
18:25:16.0734 6016  WIMMount - ok
18:25:16.0781 6016  WinDefend - ok
18:25:16.0797 6016  WinHttpAutoProxySvc - ok
18:25:16.0875 6016  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
18:25:16.0890 6016  Winmgmt - ok
18:25:16.0968 6016  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
18:25:17.0000 6016  WinRM - ok
18:25:17.0062 6016  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
18:25:17.0078 6016  WinUsb - ok
18:25:17.0140 6016  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
18:25:17.0156 6016  Wlansvc - ok
18:25:17.0218 6016  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:25:17.0218 6016  wlcrasvc - ok
18:25:17.0343 6016  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:25:17.0358 6016  wlidsvc - ok
18:25:17.0405 6016  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
18:25:17.0405 6016  WmiAcpi - ok
18:25:17.0436 6016  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
18:25:17.0452 6016  wmiApSrv - ok
18:25:17.0483 6016  WMPNetworkSvc - ok
18:25:17.0514 6016  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
18:25:17.0530 6016  WPCSvc - ok
18:25:17.0561 6016  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
18:25:17.0561 6016  WPDBusEnum - ok
18:25:17.0608 6016  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
18:25:17.0608 6016  ws2ifsl - ok
18:25:17.0639 6016  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
18:25:17.0639 6016  wscsvc - ok
18:25:17.0702 6016  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
18:25:17.0702 6016  WSDPrintDevice - ok
18:25:17.0702 6016  WSearch - ok
18:25:17.0811 6016  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
18:25:17.0858 6016  wuauserv - ok
18:25:17.0889 6016  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
18:25:17.0889 6016  WudfPf - ok
18:25:17.0936 6016  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
18:25:17.0936 6016  WUDFRd - ok
18:25:17.0967 6016  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
18:25:17.0967 6016  wudfsvc - ok
18:25:17.0998 6016  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
18:25:18.0014 6016  WwanSvc - ok
18:25:18.0045 6016  ================ Scan global ===============================
18:25:18.0076 6016  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:25:18.0107 6016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:25:18.0138 6016  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
18:25:18.0170 6016  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:25:18.0201 6016  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:25:18.0216 6016  [Global] - ok
18:25:18.0216 6016  ================ Scan MBR ==================================
18:25:18.0232 6016  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
18:25:19.0792 6016  \Device\Harddisk0\DR0 - ok
18:25:19.0792 6016  ================ Scan VBR ==================================
18:25:19.0839 6016  [ 69922C8DD49F72E312A5F123C84B92BE ] \Device\Harddisk0\DR0\Partition1
18:25:19.0839 6016  \Device\Harddisk0\DR0\Partition1 - ok
18:25:19.0854 6016  ============================================================
18:25:19.0854 6016  Scan finished
18:25:19.0854 6016  ============================================================
18:25:19.0886 3880  Detected object count: 0
18:25:19.0886 3880  Actual detected object count: 0

 

 



#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 31 August 2013 - 08:20 PM

ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#12 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 01 September 2013 - 02:21 PM

Next.....

 

OTL logfile created on: 9/1/2013 1:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steve Bautch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 68.28% Memory free
7.20 Gb Paging File | 5.48 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 236.72 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
 
Computer Name: STEVEBAUTCH-PC | User Name: Steve Bautch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steve Bautch\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130711.001\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130711.001\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F2095F9E-9AF8-4E07-BF42-D27B7F28800A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{CB68B05C-D649-4701-9A7D-5D18157872D5}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=tightropetb&type=10645&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/07/07 12:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/08/31 10:27:20 | 000,000,000 | ---D | M]
 
[2013/08/03 10:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Bautch\AppData\Roaming\Mozilla\Extensions
[2013/08/03 10:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve Bautch\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: avast! Online Security = C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Norton Identity Protection = C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Steve Bautch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
 
O1 HOSTS File: ([2013/08/30 16:05:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6424F430-0EEF-4291-94E3-B038BBF0D1B2}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/22 01:01:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/01 13:57:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve Bautch\Desktop\OTL.exe
[2013/08/31 18:28:37 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/31 18:20:36 | 001,027,511 | ---- | C] (Thisisu) -- C:\Users\Steve Bautch\Desktop\JRT.exe
[2013/08/30 16:11:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/30 16:05:25 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/08/30 10:56:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/08/30 10:56:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/08/30 10:56:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/08/30 10:49:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/30 10:48:29 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/08/30 10:42:16 | 005,117,322 | R--- | C] (Swearware) -- C:\Users\Steve Bautch\Desktop\ComboFix.exe
[2013/08/30 09:19:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/24 11:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/08/24 11:35:07 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Roaming\FixTDSS
[2013/08/24 11:28:01 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\Desktop\NY
[2013/08/23 19:17:55 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Local\NPE
[2013/08/23 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\Desktop\GooredFix Backups
[2013/08/23 16:26:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Steve Bautch\Desktop\GooredFix.exe
[2013/08/22 10:59:48 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/22 10:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/22 10:59:45 | 000,378,944 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/22 10:59:40 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/22 10:59:38 | 000,064,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/22 10:59:37 | 001,030,952 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/22 10:59:29 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/22 10:59:27 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/08/22 10:58:23 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/22 10:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/22 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/08/22 01:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/08/22 00:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/08/22 00:44:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve Bautch\Desktop\kapkill.com.exe
[2013/08/18 22:03:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/18 22:03:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/18 22:03:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/18 22:03:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/18 22:03:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/18 22:03:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/18 22:03:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/18 22:03:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/18 22:03:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/18 22:03:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/18 22:03:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/18 22:03:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/18 22:03:07 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/18 22:03:07 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/18 22:03:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/18 21:41:44 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/08/18 21:41:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/08/18 21:41:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/08/18 21:41:35 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2013/08/18 21:41:33 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/08/18 21:41:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/08/18 21:41:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/08/18 21:41:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/08/18 21:41:14 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/08/18 21:41:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/08/17 10:16:54 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/17 10:16:53 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/17 10:16:52 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/17 10:16:15 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/17 10:15:05 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/17 10:15:03 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/12 23:41:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve Bautch\Desktop\setupSNK.exe
[2013/08/12 23:40:46 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\Desktop\SMRTNTKY
[2013/08/06 08:36:50 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\Desktop\Cohort 9 PBIS Flashdrive
[2013/08/03 10:46:19 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\Documents\TomTom
[2013/08/03 10:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2013/08/03 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Roaming\TomTom
[2013/08/03 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Local\TomTom
[2013/08/03 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Roaming\Mozilla
[2013/08/03 10:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2013/08/03 10:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2013/08/03 10:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2013/08/03 10:42:50 | 000,000,000 | ---D | C] -- C:\Users\Steve Bautch\AppData\Local\Downloaded Installations
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/01 13:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve Bautch\Desktop\OTL.exe
[2013/09/01 13:54:08 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 13:54:08 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/01 13:54:07 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 13:54:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/31 18:20:42 | 001,027,511 | ---- | M] (Thisisu) -- C:\Users\Steve Bautch\Desktop\JRT.exe
[2013/08/31 10:33:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/31 10:33:06 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/31 10:24:03 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/30 16:11:21 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/30 16:05:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/08/30 15:04:59 | 005,117,322 | R--- | M] (Swearware) -- C:\Users\Steve Bautch\Desktop\ComboFix.exe
[2013/08/24 12:11:01 | 000,000,036 | ---- | M] () -- C:\Users\Steve Bautch\AppData\Local\housecall.guid.cache
[2013/08/24 11:43:58 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/24 11:43:55 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/08/23 16:27:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Steve Bautch\Desktop\GooredFix.exe
[2013/08/23 10:09:23 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/23 10:09:23 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/23 10:09:23 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/22 10:59:59 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/22 10:59:59 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/22 10:59:59 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/22 10:59:59 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/08/22 10:59:58 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/22 10:59:58 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/22 01:01:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/08/22 00:44:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve Bautch\Desktop\kapkill.com.exe
[2013/08/21 22:46:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/20 13:35:43 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/08/20 13:35:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/08 14:05:54 | 000,190,434 | ---- | M] () -- C:\Users\Steve Bautch\Documents\Tyler sport registration 2013.xps
[2013/08/05 17:02:25 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/30 10:56:05 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/08/30 10:56:05 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/08/30 10:56:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/08/30 10:56:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/08/30 10:56:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/08/24 12:11:01 | 000,000,036 | ---- | C] () -- C:\Users\Steve Bautch\AppData\Local\housecall.guid.cache
[2013/08/22 10:59:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/22 10:59:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/08/22 10:59:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/22 10:59:50 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/22 10:59:36 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/22 10:59:35 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/22 10:59:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/08/22 01:01:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/08/21 22:46:33 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/12 23:41:57 | 020,998,890 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03376.MP4
[2013/08/12 23:41:57 | 003,656,288 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03370.MP4
[2013/08/12 23:41:56 | 019,149,240 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03355.MP4
[2013/08/12 23:41:55 | 044,527,755 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03335.MP4
[2013/08/12 23:41:53 | 046,634,315 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03331.MP4
[2013/08/12 23:41:50 | 059,465,766 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03324.MP4
[2013/08/12 23:41:50 | 001,135,805 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03321.MP4
[2013/08/12 23:41:49 | 046,273,739 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03320.MP4
[2013/08/12 23:41:48 | 014,815,213 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03319.MP4
[2013/08/12 23:41:46 | 046,594,234 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03303.MP4
[2013/08/12 23:41:45 | 017,221,415 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03300.MP4
[2013/08/12 23:41:45 | 012,264,828 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03226.MP4
[2013/08/12 23:41:45 | 001,149,806 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03109.MP4
[2013/08/12 23:41:44 | 017,257,685 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H03106.MP4
[2013/08/12 23:41:43 | 016,068,884 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\M4H02999.MP4
[2013/08/12 23:41:43 | 002,318,696 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03401.jpg
[2013/08/12 23:41:43 | 001,447,999 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03402.JPG
[2013/08/12 23:41:43 | 001,434,394 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03403.JPG
[2013/08/12 23:41:42 | 002,214,996 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03400.jpg
[2013/08/12 23:41:42 | 001,502,992 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03396.JPG
[2013/08/12 23:41:42 | 001,488,646 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03399.JPG
[2013/08/12 23:41:42 | 001,401,615 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03393.JPG
[2013/08/12 23:41:42 | 001,353,861 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03395.jpg
[2013/08/12 23:41:42 | 001,205,693 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03398.jpg
[2013/08/12 23:41:42 | 001,197,679 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03394.jpg
[2013/08/12 23:41:41 | 001,970,425 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03390.jpg
[2013/08/12 23:41:41 | 001,730,094 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03392.jpg
[2013/08/12 23:41:41 | 001,454,352 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03389.JPG
[2013/08/12 23:41:41 | 001,450,384 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03391.JPG
[2013/08/12 23:41:41 | 001,413,419 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03387.JPG
[2013/08/12 23:41:41 | 001,391,312 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03388.JPG
[2013/08/12 23:41:40 | 001,403,613 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03386.JPG
[2013/08/12 23:41:40 | 001,364,752 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03385.JPG
[2013/08/12 23:41:40 | 001,349,756 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03384.JPG
[2013/08/12 23:41:40 | 001,338,423 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03381.JPG
[2013/08/12 23:41:40 | 001,334,297 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03382.JPG
[2013/08/12 23:41:40 | 001,132,957 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03383.JPG
[2013/08/12 23:41:39 | 001,335,260 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03375.JPG
[2013/08/12 23:41:39 | 001,268,576 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03377.JPG
[2013/08/12 23:41:39 | 001,243,600 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03379.JPG
[2013/08/12 23:41:39 | 001,218,713 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03378.JPG
[2013/08/12 23:41:39 | 001,193,223 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03380.JPG
[2013/08/12 23:41:38 | 003,877,399 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03365.JPG
[2013/08/12 23:41:38 | 001,366,561 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03371.JPG
[2013/08/12 23:41:38 | 001,341,586 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03369.JPG
[2013/08/12 23:41:38 | 001,315,041 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03373.JPG
[2013/08/12 23:41:38 | 001,304,549 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03372.JPG
[2013/08/12 23:41:38 | 001,239,846 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03374.JPG
[2013/08/12 23:41:38 | 001,166,278 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03366.JPG
[2013/08/12 23:41:38 | 000,992,586 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03368.JPG
[2013/08/12 23:41:38 | 000,857,891 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03367.jpg
[2013/08/12 23:41:37 | 003,631,420 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03363.JPG
[2013/08/12 23:41:37 | 002,693,553 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03364.jpg
[2013/08/12 23:41:37 | 002,607,905 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03362.jpg
[2013/08/12 23:41:37 | 001,215,396 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03360.jpg
[2013/08/12 23:41:37 | 001,199,573 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03361.jpg
[2013/08/12 23:41:37 | 001,139,374 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03358.JPG
[2013/08/12 23:41:37 | 001,072,962 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03357.JPG
[2013/08/12 23:41:37 | 000,999,717 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03356.jpg
[2013/08/12 23:41:37 | 000,827,672 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03359.jpg
[2013/08/12 23:41:36 | 001,455,610 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03349.JPG
[2013/08/12 23:41:36 | 001,438,555 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03353.JPG
[2013/08/12 23:41:36 | 001,403,126 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03354.JPG
[2013/08/12 23:41:36 | 001,380,990 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03352.JPG
[2013/08/12 23:41:36 | 001,349,360 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03350.JPG
[2013/08/12 23:41:36 | 001,292,865 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03351.JPG
[2013/08/12 23:41:35 | 001,458,298 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03346.JPG
[2013/08/12 23:41:35 | 001,441,497 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03339.JPG
[2013/08/12 23:41:35 | 001,402,957 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03345.JPG
[2013/08/12 23:41:35 | 001,401,764 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03347.JPG
[2013/08/12 23:41:35 | 001,390,582 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03348.JPG
[2013/08/12 23:41:35 | 001,388,330 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03342.JPG
[2013/08/12 23:41:35 | 001,361,342 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03340.JPG
[2013/08/12 23:41:35 | 001,348,138 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03341.JPG
[2013/08/12 23:41:35 | 001,199,619 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03338.JPG
[2013/08/12 23:41:35 | 001,094,451 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03344.JPG
[2013/08/12 23:41:35 | 001,087,052 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03343.JPG
[2013/08/12 23:41:34 | 001,432,923 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03328.JPG
[2013/08/12 23:41:34 | 001,424,779 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03329.JPG
[2013/08/12 23:41:34 | 001,398,183 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03332.JPG
[2013/08/12 23:41:34 | 001,397,032 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03334.jpg
[2013/08/12 23:41:34 | 001,386,960 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03326.JPG
[2013/08/12 23:41:34 | 001,382,102 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03333.JPG
[2013/08/12 23:41:34 | 001,370,961 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03337.JPG
[2013/08/12 23:41:34 | 001,317,392 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03336.JPG
[2013/08/12 23:41:34 | 001,308,509 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03327.JPG
[2013/08/12 23:41:34 | 001,279,054 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03330.JPG
[2013/08/12 23:41:33 | 001,451,360 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03323.jpg
[2013/08/12 23:41:33 | 001,410,203 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03325.JPG
[2013/08/12 23:41:33 | 001,389,581 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03313.JPG
[2013/08/12 23:41:33 | 001,368,652 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03318.JPG
[2013/08/12 23:41:33 | 001,289,095 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03314.JPG
[2013/08/12 23:41:33 | 001,269,314 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03312.JPG
[2013/08/12 23:41:33 | 001,203,255 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03315.JPG
[2013/08/12 23:41:33 | 001,092,884 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03316.jpg
[2013/08/12 23:41:33 | 001,087,759 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03322.jpg
[2013/08/12 23:41:33 | 001,041,780 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03317.jpg
[2013/08/12 23:41:33 | 000,988,338 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03311.JPG
[2013/08/12 23:41:32 | 001,368,991 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03307.jpg
[2013/08/12 23:41:32 | 001,325,991 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03306.JPG
[2013/08/12 23:41:32 | 001,316,494 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03302.JPG
[2013/08/12 23:41:32 | 001,309,658 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03297.jpg
[2013/08/12 23:41:32 | 001,287,909 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03299.JPG
[2013/08/12 23:41:32 | 001,260,720 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03301.JPG
[2013/08/12 23:41:32 | 001,257,748 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03309.JPG
[2013/08/12 23:41:32 | 001,236,305 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03298.JPG
[2013/08/12 23:41:32 | 001,207,123 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03310.JPG
[2013/08/12 23:41:32 | 001,161,557 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03308.JPG
[2013/08/12 23:41:32 | 001,094,890 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03305.jpg
[2013/08/12 23:41:32 | 001,063,626 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03304.jpg
[2013/08/12 23:41:31 | 001,483,351 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03296.JPG
[2013/08/12 23:41:31 | 001,454,816 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03295.jpg
[2013/08/12 23:41:31 | 001,450,795 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03289.JPG
[2013/08/12 23:41:31 | 001,409,357 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03293.JPG
[2013/08/12 23:41:31 | 001,385,204 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03288.JPG
[2013/08/12 23:41:31 | 001,382,996 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03292.JPG
[2013/08/12 23:41:31 | 001,359,026 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03291.JPG
[2013/08/12 23:41:31 | 001,338,774 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03287.jpg
[2013/08/12 23:41:31 | 001,308,440 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03294.JPG
[2013/08/12 23:41:31 | 001,280,638 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03290.JPG
[2013/08/12 23:41:30 | 001,536,259 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03278.jpg
[2013/08/12 23:41:30 | 001,452,674 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03284.JPG
[2013/08/12 23:41:30 | 001,438,509 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03283.JPG
[2013/08/12 23:41:30 | 001,422,042 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03281.jpg
[2013/08/12 23:41:30 | 001,355,698 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03280.JPG
[2013/08/12 23:41:30 | 001,344,460 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03286.JPG
[2013/08/12 23:41:30 | 001,184,222 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03282.jpg
[2013/08/12 23:41:30 | 001,181,096 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03285.JPG
[2013/08/12 23:41:30 | 001,110,395 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03279.jpg
[2013/08/12 23:41:29 | 001,413,745 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03276.JPG
[2013/08/12 23:41:29 | 001,381,313 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03274.JPG
[2013/08/12 23:41:29 | 001,353,064 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03275.JPG
[2013/08/12 23:41:29 | 001,332,788 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03270.jpg
[2013/08/12 23:41:29 | 001,329,438 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03272.JPG
[2013/08/12 23:41:29 | 001,277,246 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03271.jpg
[2013/08/12 23:41:29 | 001,265,165 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03277.JPG
[2013/08/12 23:41:29 | 001,158,787 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03273.JPG
[2013/08/12 23:41:28 | 001,838,886 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03264.jpg
[2013/08/12 23:41:28 | 001,480,457 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03263.JPG
[2013/08/12 23:41:28 | 001,462,120 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03267.JPG
[2013/08/12 23:41:28 | 001,447,879 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03265.JPG
[2013/08/12 23:41:28 | 001,404,149 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03262.JPG
[2013/08/12 23:41:28 | 001,391,935 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03269.jpg
[2013/08/12 23:41:28 | 001,347,189 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03266.JPG
[2013/08/12 23:41:28 | 001,316,813 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03268.JPG
[2013/08/12 23:41:27 | 001,445,232 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03253.JPG
[2013/08/12 23:41:27 | 001,434,546 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03258.JPG
[2013/08/12 23:41:27 | 001,432,410 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03255.JPG
[2013/08/12 23:41:27 | 001,422,666 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03257.JPG
[2013/08/12 23:41:27 | 001,371,799 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03261.JPG
[2013/08/12 23:41:27 | 001,361,176 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03256.JPG
[2013/08/12 23:41:27 | 001,358,071 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03260.JPG
[2013/08/12 23:41:27 | 001,351,667 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03254.JPG
[2013/08/12 23:41:27 | 001,322,626 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03259.JPG
[2013/08/12 23:41:26 | 001,444,948 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03248.JPG
[2013/08/12 23:41:26 | 001,428,934 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03251.JPG
[2013/08/12 23:41:26 | 001,395,583 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03252.JPG
[2013/08/12 23:41:26 | 001,383,797 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03249.JPG
[2013/08/12 23:41:26 | 001,371,621 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03244.JPG
[2013/08/12 23:41:26 | 001,362,011 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03250.JPG
[2013/08/12 23:41:26 | 001,360,758 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03247.jpg
[2013/08/12 23:41:26 | 001,289,789 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03245.jpg
[2013/08/12 23:41:26 | 001,027,034 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03246.jpg
[2013/08/12 23:41:25 | 001,410,200 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03239.JPG
[2013/08/12 23:41:25 | 001,401,787 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03242.JPG
[2013/08/12 23:41:25 | 001,393,650 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03243.JPG
[2013/08/12 23:41:25 | 001,365,665 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03233.JPG
[2013/08/12 23:41:25 | 001,337,403 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03235.jpg
[2013/08/12 23:41:25 | 001,310,854 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03236.jpg
[2013/08/12 23:41:25 | 001,291,498 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03240.jpg
[2013/08/12 23:41:25 | 001,286,037 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03241.JPG
[2013/08/12 23:41:25 | 001,283,797 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03234.JPG
[2013/08/12 23:41:25 | 001,072,524 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03238.jpg
[2013/08/12 23:41:25 | 001,016,333 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03237.jpg
[2013/08/12 23:41:24 | 001,463,185 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03229.JPG
[2013/08/12 23:41:24 | 001,447,637 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03221.JPG
[2013/08/12 23:41:24 | 001,427,531 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03225.JPG
[2013/08/12 23:41:24 | 001,420,046 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03228.JPG
[2013/08/12 23:41:24 | 001,384,678 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03230.JPG
[2013/08/12 23:41:24 | 001,369,462 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03227.JPG
[2013/08/12 23:41:24 | 001,360,448 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03222.JPG
[2013/08/12 23:41:24 | 001,261,320 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03232.jpg
[2013/08/12 23:41:24 | 001,261,210 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03231.JPG
[2013/08/12 23:41:24 | 001,183,197 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03224.jpg
[2013/08/12 23:41:24 | 001,027,422 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03223.jpg
[2013/08/12 23:41:23 | 001,480,536 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03218.JPG
[2013/08/12 23:41:23 | 001,415,379 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03215.JPG
[2013/08/12 23:41:23 | 001,412,239 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03220.JPG
[2013/08/12 23:41:23 | 001,398,408 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03213.JPG
[2013/08/12 23:41:23 | 001,393,748 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03216.JPG
[2013/08/12 23:41:23 | 001,359,590 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03219.JPG
[2013/08/12 23:41:23 | 001,298,607 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03212.JPG
[2013/08/12 23:41:23 | 001,216,491 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03217.jpg
[2013/08/12 23:41:23 | 001,179,962 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03210.JPG
[2013/08/12 23:41:23 | 001,178,221 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03211.jpg
[2013/08/12 23:41:23 | 001,130,443 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03214.JPG
[2013/08/12 23:41:22 | 001,450,678 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03206.JPG
[2013/08/12 23:41:22 | 001,418,007 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03203.JPG
[2013/08/12 23:41:22 | 001,385,196 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03204.JPG
[2013/08/12 23:41:22 | 001,360,554 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03201.jpg
[2013/08/12 23:41:22 | 001,315,824 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03207.JPG
[2013/08/12 23:41:22 | 001,300,936 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03199.JPG
[2013/08/12 23:41:22 | 001,294,660 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03205.JPG
[2013/08/12 23:41:22 | 001,289,108 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03200.JPG
[2013/08/12 23:41:22 | 001,263,052 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03208.jpg
[2013/08/12 23:41:22 | 001,167,905 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03202.JPG
[2013/08/12 23:41:22 | 000,861,620 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03209.jpg
[2013/08/12 23:41:21 | 001,447,705 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03191.jpg
[2013/08/12 23:41:21 | 001,435,797 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03196.JPG
[2013/08/12 23:41:21 | 001,435,315 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03195.JPG
[2013/08/12 23:41:21 | 001,380,725 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03193.JPG
[2013/08/12 23:41:21 | 001,285,656 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03198.JPG
[2013/08/12 23:41:21 | 001,254,656 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03197.JPG
[2013/08/12 23:41:21 | 001,193,797 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03192.jpg
[2013/08/12 23:41:21 | 001,097,645 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03194.JPG
[2013/08/12 23:41:21 | 001,042,077 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03190.JPG
[2013/08/12 23:41:20 | 001,452,201 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03180.jpg
[2013/08/12 23:41:20 | 001,449,818 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03185.JPG
[2013/08/12 23:41:20 | 001,426,836 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03181.JPG
[2013/08/12 23:41:20 | 001,416,986 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03186.jpg
[2013/08/12 23:41:20 | 001,385,032 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03179.jpg
[2013/08/12 23:41:20 | 001,383,894 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03184.JPG
[2013/08/12 23:41:20 | 001,375,270 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03183.jpg
[2013/08/12 23:41:20 | 001,356,019 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03182.JPG
[2013/08/12 23:41:20 | 001,253,448 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03187.jpg
[2013/08/12 23:41:20 | 001,124,545 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03189.jpg
[2013/08/12 23:41:20 | 001,121,310 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03188.JPG
[2013/08/12 23:41:19 | 004,477,322 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03176.JPG
[2013/08/12 23:41:19 | 004,402,302 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03177.JPG
[2013/08/12 23:41:19 | 003,717,915 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03175.JPG
[2013/08/12 23:41:19 | 001,396,698 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03178.JPG
[2013/08/12 23:41:18 | 004,360,680 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03172.JPG
[2013/08/12 23:41:18 | 004,303,203 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03174.JPG
[2013/08/12 23:41:18 | 004,287,463 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03173.JPG
[2013/08/12 23:41:18 | 004,236,939 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03171.JPG
[2013/08/12 23:41:18 | 004,115,845 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03170.JPG
[2013/08/12 23:41:17 | 004,447,893 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03169.JPG
[2013/08/12 23:41:17 | 004,420,411 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03167.JPG
[2013/08/12 23:41:17 | 004,363,708 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03166.JPG
[2013/08/12 23:41:17 | 004,318,936 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03168.JPG
[2013/08/12 23:41:16 | 004,370,847 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03162.JPG
[2013/08/12 23:41:16 | 004,288,678 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03164.JPG
[2013/08/12 23:41:16 | 004,146,361 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03163.JPG
[2013/08/12 23:41:16 | 003,948,901 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03165.JPG
[2013/08/12 23:41:15 | 004,361,590 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03161.JPG
[2013/08/12 23:41:15 | 004,358,108 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03160.JPG
[2013/08/12 23:41:15 | 004,022,354 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03159.JPG
[2013/08/12 23:41:15 | 003,452,953 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03158.jpg
[2013/08/12 23:41:14 | 004,439,685 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03157.JPG
[2013/08/12 23:41:14 | 004,282,035 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03154.JPG
[2013/08/12 23:41:14 | 004,210,908 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03155.JPG
[2013/08/12 23:41:14 | 003,979,529 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03153.JPG
[2013/08/12 23:41:14 | 003,808,969 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03156.JPG
[2013/08/12 23:41:13 | 004,072,257 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03150.JPG
[2013/08/12 23:41:13 | 003,879,182 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03148.JPG
[2013/08/12 23:41:13 | 003,545,208 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03149.jpg
[2013/08/12 23:41:13 | 003,417,354 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03152.jpg
[2013/08/12 23:41:13 | 003,374,702 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03151.jpg
[2013/08/12 23:41:12 | 004,100,125 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03146.JPG
[2013/08/12 23:41:12 | 004,008,552 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03147.JPG
[2013/08/12 23:41:12 | 001,446,971 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03142.jpg
[2013/08/12 23:41:12 | 001,318,167 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03144.JPG
[2013/08/12 23:41:12 | 001,269,909 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03145.JPG
[2013/08/12 23:41:12 | 001,260,427 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03143.JPG
[2013/08/12 23:41:11 | 003,781,200 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03137.JPG
[2013/08/12 23:41:11 | 003,661,098 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03136.JPG
[2013/08/12 23:41:11 | 003,614,637 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03138.JPG
[2013/08/12 23:41:11 | 001,422,745 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03141.jpg
[2013/08/12 23:41:11 | 001,233,004 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03139.JPG
[2013/08/12 23:41:11 | 000,834,387 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03140.jpg
[2013/08/12 23:41:10 | 004,337,612 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03132.JPG
[2013/08/12 23:41:10 | 004,240,770 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03133.JPG
[2013/08/12 23:41:10 | 003,335,716 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03134.JPG
[2013/08/12 23:41:10 | 003,327,935 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03135.JPG
[2013/08/12 23:41:09 | 004,247,280 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03131.JPG
[2013/08/12 23:41:09 | 004,166,634 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03127.JPG
[2013/08/12 23:41:09 | 004,140,380 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03129.JPG
[2013/08/12 23:41:09 | 003,676,319 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03128.JPG
[2013/08/12 23:41:09 | 003,393,173 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03130.JPG
[2013/08/12 23:41:08 | 003,998,069 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03124.JPG
[2013/08/12 23:41:08 | 003,844,265 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03126.JPG
[2013/08/12 23:41:08 | 003,635,848 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03125.jpg
[2013/08/12 23:41:07 | 004,413,719 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03121.JPG
[2013/08/12 23:41:07 | 004,139,605 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03119.JPG
[2013/08/12 23:41:07 | 003,885,678 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03122.JPG
[2013/08/12 23:41:06 | 004,214,660 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03118.JPG
[2013/08/12 23:41:06 | 003,670,154 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03117.JPG
[2013/08/12 23:41:06 | 001,441,626 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03114.JPG
[2013/08/12 23:41:06 | 001,440,563 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03115.JPG
[2013/08/12 23:41:06 | 001,420,765 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03116.JPG
[2013/08/12 23:41:06 | 001,302,070 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03113.JPG
[2013/08/12 23:41:05 | 001,463,613 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\DSC03112.JPG
[2013/08/12 23:40:46 | 000,000,090 | ---- | C] () -- C:\Users\Steve Bautch\Desktop\AUTORUN.INF
[2013/08/08 14:05:51 | 000,190,434 | ---- | C] () -- C:\Users\Steve Bautch\Documents\Tyler sport registration 2013.xps
[2013/08/05 17:02:25 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/07/10 22:27:28 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/07/04 14:18:09 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/07/04 14:04:36 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/07/04 14:00:53 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/24 11:35:07 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\FixTDSS
[2013/08/21 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\SoftGrid Client
[2013/07/16 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\Tific
[2013/08/03 10:46:08 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\TomTom
[2013/07/04 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\Toshiba
[2013/07/16 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\TP
[2013/07/04 13:48:26 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\WinBatch
[2013/07/16 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Steve Bautch\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}
 
========== Purity Check ==========
 
 
 
< End of report >
 

 



#13 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 01 September 2013 - 02:22 PM

Second one:

 

OTL Extras logfile created on: 9/1/2013 1:59:40 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steve Bautch\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 68.28% Memory free
7.20 Gb Paging File | 5.48 Gb Available in Paging File | 76.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 236.72 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
 
Computer Name: STEVEBAUTCH-PC | User Name: Steve Bautch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048ADC82-C65D-4915-9452-73C23A141D8D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{061C643B-BC12-4612-ACE0-100930D15BE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D26808E-AC76-40D0-9289-22C488804C61}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1898DB37-4B3B-48D3-9D71-217E9CA5D7B8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1DABF985-FAA2-45AF-BC0E-2E48A7F2D4A7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DD00109-FC15-47CB-B004-12084DA17C5C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2E4DCFB3-9F01-4A93-880A-14644EAFA197}" = rport=137 | protocol=17 | dir=out | app=system | 
"{30EC48BF-9C04-4B42-BCC9-3676F5037EE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3700ABEB-9862-4C1F-B35A-2DC0B254792F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{388AB848-5CF5-4A6D-A320-6A17F59B8B48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43FD5422-C754-41E9-80F0-F7306695CD76}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{555A4355-AF25-4289-9C06-34ABC49718E6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{55856B6C-443C-4533-984D-8EEF2CD77BF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{59B919D8-DB4C-48DF-96BB-1684D8B22EEE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78E8AC12-512A-40F9-9E32-D10C24DB868B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80A813AA-DE42-49F6-8A0C-1B8AE7E593A6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8842988B-D497-46EC-8708-68B5FF2E52B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B24DFBCA-1AFE-494E-894B-D5FEFAC4B904}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B8BC30BB-905E-4FE5-A249-460053E89DCB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C72ECBBE-0B77-441F-A029-D439A741AEC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CCD6D55F-67AC-4F26-B014-176166F3A268}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F1A0B906-AD19-4796-8050-505CDCD58766}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07762982-2A31-46CC-A72C-394E286F17A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{07A3B1CF-2731-4512-835E-2985F5CDF3DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{095D9F20-2979-4430-B08B-8A4BB1DE54B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{168EF0CE-20CB-4B52-BC4A-2CA5EF6A3F03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{18E36171-96E6-486F-BF4E-777316285C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2C684119-C251-4F9D-8E40-41751C6A0A61}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C466382-A75C-4A1C-8A60-74A2751AD0E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{3DD00568-1ADD-4023-9DDC-EF373B815D02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{46AC3DC8-7490-4F72-9CCB-D4AC7340416A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52EA5428-3DDF-4CC8-9D4A-A10758ACAC6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CC8F22B-C271-427E-A8E4-3485EC66AE7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7BFC42EF-B721-47ED-8ECF-36BD4E0CD6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98249308-C09E-461C-BCE0-0D47B5CDDC70}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4CE0FC3-0D13-43C2-9E79-FC45D8167518}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A75294BF-6D28-4190-9F30-9486B0656966}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AAEE974F-68AD-4F20-BC0A-5F4F9D5D35E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ADF8A4DF-8A60-42BF-8C3B-14143063CB3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB38D750-61F9-4D66-9F0C-B404679AC206}" = protocol=6 | dir=out | app=system | 
"{E1CDE06E-61B7-43BC-B526-DE6727A8E798}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E3ABCA60-800C-4B1D-98D8-1846EABE06B3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FB5FCD34-96B0-475A-ACC7-DFDFEE0C7927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{16133D49-24C5-406B-810C-DE80CEFD4740}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{AF8FDEA4-2471-4D34-ABA3-71AE36DA4184}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NexGen Media Player" = NexGen Media Player - a modern video player
"NIS" = Norton Internet Security
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-029e0309-78fd-4f1c-906c-6aaefc2d4900" = Bejeweled 3
"WTA-0698f587-1795-4b5e-b85b-9cc1d0105244" = Plants vs. Zombies - Game of the Year
"WTA-14bb61eb-c251-419f-ace5-aa6dd4f8b700" = RollerCoaster Tycoon 3: Platinum
"WTA-2ddb498b-eb52-4a60-a6b2-436f12a6c805" = Tales of Lagoona
"WTA-30faa8ed-8e14-4467-9bda-139ba81fe4a3" = Penguins!
"WTA-452cf8a0-0009-4e5d-afe3-1e47cdee8d2c" = Zuma's Revenge
"WTA-468b8f38-a800-4f9a-9aa6-0a597ed77be3" = Polar Bowler
"WTA-8ed25d62-2f37-4bdb-9f98-eaaf22c7d028" = FATE - The Traitor Soul
"WTA-ccf3cb89-6417-49f0-ab9f-1d40cb41d4b0" = Letters from Nowhere 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 9/1/2013 3:14:17 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 9/1/2013 3:14:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the MMCSS service.
 
Error - 9/1/2013 3:14:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the 
following error:   %%1053
 
Error - 9/1/2013 3:15:17 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 9/1/2013 3:15:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the MMCSS service.
 
Error - 9/1/2013 3:15:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the 
following error:   %%1053
 
Error - 9/1/2013 3:16:17 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 9/1/2013 3:16:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the AeLookupSvc service.
 
Error - 9/1/2013 3:16:47 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7000
Description = The Application Experience service failed to start due to the following
 error:   %%1053
 
Error - 9/1/2013 3:17:17 PM | Computer Name = SteveBautch-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
 
< End of report >
 

 



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:18 PM

Posted 02 September 2013 - 11:48 AM

You are still getting the redirect?  What browser(s) are you seeing this in??
 
Please download MBRCheck.exe to your desktop.

  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter

twice.

  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 sbautch

sbautch
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 02 September 2013 - 12:51 PM

Jeff,

 

It seems to only affect Chrome.  Explorer seems to work fine, but I hardly use it anymore.  Just and FYI, I have not seen anything detect anything "bad."  It always redirects the browser sometimes showing clicksure, sometimes other sites, but usually only on the first time clicking on a listed search site.  If I click back and forward using the browser it stays redirected (which makes sense).  If I click back to the original search results and then reclick the selection from the search results it goes there as it should.  Here is the log:

 

MBRCheck, version 1.2.3
© 2010, AD
 
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: Insyde Corp.
System Manufacturer: TOSHIBA
System Product Name: Satellite C655D
Logical Drives Mask: 0x0001000c
 
Kernel Drivers (total 216):
  0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
  0x03005000 \SystemRoot\system32\hal.dll
  0x00BA9000 \SystemRoot\system32\kdcom.dll
  0x00C80000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C98000 \SystemRoot\system32\PSHED.dll
  0x00CAC000 \SystemRoot\system32\CLFS.SYS
  0x00D0A000 \SystemRoot\system32\CI.dll
  0x00E92000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F54000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F64000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FBB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FC4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E00000 \SystemRoot\system32\drivers\pci.sys
  0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
  0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00FCE000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FE8000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00FEF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00E7F000 \SystemRoot\system32\drivers\atapi.sys
  0x00DCA000 \SystemRoot\system32\drivers\ataport.SYS
  0x00DF4000 \SystemRoot\system32\drivers\msahci.sys
  0x00C5C000 \SystemRoot\system32\DRIVERS\amd_sata.sys
  0x010FB000 \SystemRoot\system32\DRIVERS\storport.sys
  0x0115E000 \SystemRoot\system32\DRIVERS\amd_xata.sys
  0x0116B000 \SystemRoot\system32\drivers\amdxata.sys
  0x01176000 \SystemRoot\system32\drivers\fltmgr.sys
  0x011C2000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01000000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x01213000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0103D000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013B5000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x014ED000 \SystemRoot\System32\Drivers\cng.sys
  0x0155F000 \SystemRoot\System32\drivers\pcw.sys
  0x01570000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x016F9000 \SystemRoot\system32\drivers\ndis.sys
  0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01800000 \SystemRoot\System32\drivers\tcpip.sys
  0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x0157A000 \SystemRoot\system32\drivers\volsnap.sys
  0x016D4000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x016D9000 \SystemRoot\System32\Drivers\spldr.sys
  0x015C6000 \SystemRoot\System32\drivers\rdyboost.sys
  0x016E1000 \SystemRoot\System32\Drivers\mup.sys
  0x017EB000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0143A000 \SystemRoot\system32\drivers\disk.sys
  0x01450000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01480000 \SystemRoot\System32\Drivers\aswVmm.sys
  0x014B0000 \SystemRoot\System32\Drivers\aswRvrt.sys
  0x0109B000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x03A1E000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x03B1E000 \SystemRoot\System32\Drivers\Null.SYS
  0x03B27000 \SystemRoot\System32\Drivers\Beep.SYS
  0x03B2E000 \SystemRoot\System32\drivers\vga.sys
  0x03B3C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x03B61000 \SystemRoot\System32\drivers\watchdog.sys
  0x03B71000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x03B7A000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x03B83000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x03B8C000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03B97000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03BA8000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03BCA000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03BD7000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x03EC3000 \SystemRoot\system32\drivers\afd.sys
  0x03F4C000 \SystemRoot\System32\Drivers\aswrdr2.sys
  0x03F60000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03FA5000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x03FB0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03FB9000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03FDF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03E0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03E2A000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x03E3E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03E8F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03E9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x03EA6000 \SystemRoot\System32\drivers\discache.sys
  0x03A00000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03BE9000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x02C9E000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x02D00000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x02D26000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x02D3B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x04840000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x042C5000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x043B9000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04200000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
  0x0420A000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x04215000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x0426B000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x0427C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x042A0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x05180000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0518F000 \SystemRoot\system32\DRIVERS\ETD.sys
  0x051B3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x042BE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x0522C000 \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
  0x05399000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x053A6000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
  0x053BB000 \SystemRoot\system32\DRIVERS\FwLnk.sys
  0x053C3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x053D3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x053E9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x051C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x0481B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x02D8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x053F5000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x02DA6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x02DE9000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x02C00000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x02C5A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x05E02000 \SystemRoot\system32\drivers\CHDRT64.sys
  0x05F92000 \SystemRoot\system32\drivers\portcls.sys
  0x05FCF000 \SystemRoot\system32\drivers\drmk.sys
  0x05FF1000 \SystemRoot\system32\drivers\ksthunk.sys
  0x06053000 \SystemRoot\System32\Drivers\USBD.SYS
  0x06055000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x06072000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x060A0000 \SystemRoot\system32\DRIVERS\pgeffect.sys
  0x000D0000 \SystemRoot\System32\win32k.sys
  0x060A8000 \SystemRoot\System32\drivers\Dxapi.sys
  0x060B4000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x060C2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x060CC000 \SystemRoot\System32\Drivers\dump_amd_sata.sys
  0x060E2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x060F5000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005F0000 \SystemRoot\System32\TSDDD.dll
  0x00770000 \SystemRoot\System32\cdd.dll
  0x06103000 \SystemRoot\system32\drivers\luafv.sys
  0x06126000 \??\C:\windows\system32\drivers\aswMonFlt.sys
  0x06158000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x06163000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
  0x0616E000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x06183000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x061D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x06000000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x05494000 \SystemRoot\system32\drivers\HTTP.sys
  0x0555D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0557B000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x05593000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0709C000 \SystemRoot\system32\drivers\peauth.sys
  0x07142000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0788B000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
  0x0794C000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
  0x07999000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x079CA000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07800000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0714D000 \SystemRoot\System32\DRIVERS\srv.sys
  0x07869000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
  0x07000000 \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
  0x055C0000 \SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
  0x0B4C3000 \SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
  0x0B400000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130710.001\IDSvia64.sys
  0x0B482000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
  0x0B5DB000 \SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
  0x0B8A7000 \SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
  0x0B913000 \SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
  0x0BA8E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130702.001\BHDrvx64.sys
  0x0BA00000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
  0x0BBF1000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
  0x77020000 \Windows\System32\ntdll.dll
  0x48020000 \Windows\System32\smss.exe
  0xFF340000 \Windows\System32\apisetschema.dll
  0xFF0B0000 \Windows\System32\autochk.exe
  0xFF2E0000 \Windows\System32\ws2_32.dll
  0xFF240000 \Windows\System32\comdlg32.dll
  0xFF030000 \Windows\System32\ole32.dll
  0xFE2A0000 \Windows\System32\shell32.dll
  0xFE1C0000 \Windows\System32\oleaut32.dll
  0xFE160000 \Windows\System32\Wldap32.dll
  0xFE140000 \Windows\System32\sechost.dll
  0xFE0A0000 \Windows\System32\clbcatq.dll
  0xFDE70000 \Windows\System32\wininet.dll
  0xFDE60000 \Windows\System32\nsi.dll
  0xFDC80000 \Windows\System32\setupapi.dll
  0xFDC50000 \Windows\System32\imm32.dll
  0x76F20000 \Windows\System32\user32.dll
  0xFDBE0000 \Windows\System32\gdi32.dll
  0xFDB40000 \Windows\System32\msvcrt.dll
  0x771F0000 \Windows\System32\psapi.dll
  0xFDAC0000 \Windows\System32\shlwapi.dll
  0xFD9E0000 \Windows\System32\advapi32.dll
  0xFD750000 \Windows\System32\iertutil.dll
  0xFD680000 \Windows\System32\usp10.dll
  0xFD670000 \Windows\System32\lpk.dll
  0xFD650000 \Windows\System32\imagehlp.dll
  0xFD4F0000 \Windows\System32\urlmon.dll
  0xFD3C0000 \Windows\System32\rpcrt4.dll
  0x771E0000 \Windows\System32\normaliz.dll
  0x76E00000 \Windows\System32\kernel32.dll
  0xFD2B0000 \Windows\System32\msctf.dll
  0xFD230000 \Windows\System32\difxapi.dll
  0xFD220000 \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
  0xFD1B0000 \Windows\System32\KernelBase.dll
  0xFD1A0000 \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
  0xFD190000 \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
  0xFD150000 \Windows\System32\wintrust.dll
  0xFD130000 \Windows\System32\devobj.dll
  0xFD120000 \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
  0xFD110000 \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
  0xFD100000 \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
  0xFCF90000 \Windows\System32\crypt32.dll
  0xFCF50000 \Windows\System32\cfgmgr32.dll
  0xFCEB0000 \Windows\System32\comctl32.dll
  0xFCEA0000 \Windows\System32\msasn1.dll
  0x76840000 \Windows\SysWOW64\normaliz.dll
 
Processes (total 77):
       0 System Idle Process
       4 System
     332 C:\Windows\System32\smss.exe
     460 csrss.exe
     540 C:\Windows\System32\wininit.exe
     548 csrss.exe
     596 C:\Windows\System32\services.exe
     612 C:\Windows\System32\lsass.exe
     620 C:\Windows\System32\lsm.exe
     736 C:\Windows\System32\winlogon.exe
     744 C:\Windows\System32\svchost.exe
     856 C:\Windows\System32\svchost.exe
     904 C:\Program Files\Microsoft Security Client\MsMpEng.exe
     112 C:\Windows\System32\atiesrxx.exe
     360 C:\Windows\System32\svchost.exe
     480 C:\Windows\System32\svchost.exe
     616 C:\Windows\System32\svchost.exe
     936 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1180 C:\Windows\System32\atieclxx.exe
    1240 C:\Windows\System32\svchost.exe
    1444 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1560 C:\Windows\System32\spoolsv.exe
    1612 C:\Windows\System32\svchost.exe
    1716 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1772 C:\Windows\System32\svchost.exe
    1924 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    1788 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    2056 C:\Windows\System32\svchost.exe
    2096 C:\Windows\System32\TODDSrv.exe
    2128 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    2184 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    2316 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2376 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    2484 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2772 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3040 C:\Windows\System32\svchost.exe
    3608 C:\Windows\System32\taskhost.exe
    3680 C:\Windows\System32\dwm.exe
    3732 C:\Windows\explorer.exe
    3748 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    3984 C:\Program Files\Elantech\ETDCtrl.exe
    4004 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    4076 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    1216 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    3292 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    3520 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
     988 C:\Program Files\Elantech\ETDCtrlHelper.exe
    3232 C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
    1476 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3408 C:\Windows\System32\SearchIndexer.exe
    3496 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    1736 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    4224 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4588 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4880 C:\Windows\System32\svchost.exe
    2236 dllhost.exe
    5756 C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
    5912 C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
    3804 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    5636 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    5420 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    3436 C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
    6016 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    5196 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    1304 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6988 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    2912 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6668 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    2836 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    4552 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    6572 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    1384 C:\Windows\System32\audiodg.exe
    2908 C:\Windows\SysWOW64\ctfmon.exe
    4984 C:\Users\Steve Bautch\Desktop\MBRCheck.exe
    2928 C:\Windows\System32\conhost.exe
    6220 C:\Windows\System32\dllhost.exe
 
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\Q: -->  error 5
 
PhysicalDrive0 Model Number: TOSHIBAMK3275GSX, Rev: GT001M  
 
      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
 
 
Done!

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users