1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Mind Of It's Own?

Discussion in 'Malware Removal Help' started by cocomac11, Sep 8, 2012.

  1. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    So, I've noticed my computer (a Toshiba Satellite), that I just purchased in January, has been kind of running slowly. I noticed about 5 days ago that some of my icons (like skype, and utorrent) changed to the general icon (just looks like a folded piece of paper with a graphic on it, not sure what that icon is called) instead of the individual icons for the programs. Also, the computer doesn't have my cd/dvd rom driver on the computer folder. I haven't downloaded anything other than Norton just yesterday, 4 days after iI saw these things going on. What might be causing this and what can I do about it?
     
  2. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    To begin with I am going to move this from the windows 7 forum to the malware removal forum where our Malware Specialists can have a look. That does not mean that it is definitely malware but I would place a good bet on it. If you were just downloading Norton yesterday what was protecting the computer before that?

    Most people who use torrenting software eventually infect their machines. They offer you a free lunch and we all know there is no such thing.

    Please have a look at the following in order to prepare for the process of disinfecting your computer it looks more difficult than it is. http://computerhelpf...e-removal-help/

    In the meantime I will alert our malware specialists which I am sure will have a look soon.
     
  3. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    I had a 2 month free subscription with Norton at first. I got AVG free when Norton was over, until I could afford getting another subscription. I really do appreciate your help.
     
  4. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    Our malware experts have been alerted and are just waiting for you to follow the directions in the link I gave you. If you have any problem with the process just post them here.
     
  5. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    So here are the results after I was finally able to perform the operations:
    MBAM:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.27.05
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    CoCoMac :: COCOMAC-PC [administrator]
    10/27/2012 12:54:55 PM
    mbam-log-2012-10-27 (12-54-55).txt
    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 323334
    Time elapsed: 42 minute(s), 32 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 5
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    (end)
     
  6. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    aswMBR:
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-27 14:13:30
    -----------------------------
    14:13:30.793 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:13:30.793 Number of processors: 4 586 0x100
    14:13:30.809 ComputerName: COCOMAC-PC UserName: CoCoMac
    14:13:34.225 Initialize success
    14:13:57.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:13:57.812 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60B Size: 610480MB BusType: 11
    14:13:57.828 Disk 0 MBR read successfully
    14:13:57.828 Disk 0 MBR scan
    14:13:57.843 Disk 0 Windows VISTA default MBR code
    14:13:57.843 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    14:13:57.859 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595178 MB offset 3074048
    14:13:57.890 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13801 MB offset 1221998592
    14:13:57.937 Disk 0 scanning C:\windows\system32\drivers
    14:14:04.832 Service scanning
    14:14:25.798 Modules scanning
    14:14:25.814 Disk 0 trace - called modules:
    14:14:25.830 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    14:14:25.830 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004792060]
    14:14:25.845 3 CLASSPNP.SYS[fffff880010ad43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800419f060]
    14:14:25.845 Scan finished successfully
    14:14:48.793 Disk 0 MBR has been saved successfully to "C:\Users\CoCoMac\Desktop\MBR.dat"
    14:14:48.793 The log file has been saved successfully to "C:\Users\CoCoMac\Desktop\aswMBR.txt"
     
  7. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    OTL:
    OTL logfile created on: 10/27/2012 1:55:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CoCoMac\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 52.55% Memory free
    6.95 Gb Paging File | 5.00 Gb Available in Paging File | 71.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.23 Gb Total Space | 524.36 Gb Free Space | 90.22% Space Free | Partition Type: NTFS

    Computer Name: COCOMAC-PC | User Name: CoCoMac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\CoCoMac\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
    PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Users\CoCoMac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Users\CoCoMac\AppData\LocalLow\alotservice\alotservice.exe (Vertro Inc.)
    PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    PRC - C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe (ABBYY)
    PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\pysqlite2._sqlite.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32com.shell.shell.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32api.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\_elementtree.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._html2.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\_socket.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32crypt.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._gdi_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\windows._cacheinvalidation.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._core_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._controls_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._windows_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._misc_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\_ssl.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\unicodedata.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\pythoncom26.dll ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\_hashlib.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\pyexpat.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\wx._wizard.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32file.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32security.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\pywintypes26.dll ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\_ctypes.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32inet.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32process.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32pdh.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\win32event.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI40602\select.pyd ()
    MOD - C:\Users\CoCoMac\AppData\LocalLow\FCTB000100815\Toolbar\Toolbar.dll ()
    MOD - C:\Users\CoCoMac\AppData\LocalLow\FCTB000100815\Toolbar\Helper.dll ()
    MOD - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Toolbar.dll ()
    MOD - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll ()
    MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
    SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
    SRV - (AlotService) -- C:\Users\CoCoMac\AppData\LocalLow\alotservice\alotservice.exe (Vertro Inc.)
    SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys (Symantec Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys (Symantec Corporation)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
    DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
    DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
    DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
    DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121026.032\ex64.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121026.032\eng64.sys (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121005.002\BHDrvx64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121027.001\IDSviA64.sys (Symantec Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {19A2F426-3FA9-413A-9079-5E1CE441393B}
    IE:64bit: - HKLM\..\SearchScopes\{19A2F426-3FA9-413A-9079-5E1CE441393B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {7304F5BD-A478-4588-AD02-66011D09112A}
    IE - HKLM\..\SearchScopes\{7304F5BD-A478-4588-AD02-66011D09112A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {4d95229d-bcd1-51b4-d184-411b9857a1f4} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll ()
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {7304F5BD-A478-4588-AD02-66011D09112A}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101385&mntrId=92ef5b6e000000000000000000000000
    IE - HKCU\..\SearchScopes\{49DA172A-C18A-4408-BE23-9AD91E101CFF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{7304F5BD-A478-4588-AD02-66011D09112A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS470
    IE - HKCU\..\SearchScopes\{CB54E719-100D-4861-9F3B-BB880EFEA1A8}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/09/07 15:49:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/10/27 13:41:11 | 000,000,000 | ---D | M]

    [2012/05/11 20:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CoCoMac\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/05/11 20:19:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\CoCoMac\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ========== Chrome ==========

    CHR - homepage: http://start.toshiba.com/g/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://start.toshiba.com/g/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Wajam (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\plugins/PriamNPAPI.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Guitarist's Reference = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk\1_0\
    CHR - Extension: Online Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemellbcpjiodfgadpoebbjobfaoiga\1.1.6_0\
    CHR - Extension: Google Search = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi\2.2_0\
    CHR - Extension: ESV Bible Online = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\efoiegbeomiljakglbmkmlhdahkndejc\1.2_0\
    CHR - Extension: Marvel Comics = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
    CHR - Extension: We-Care Reminder = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
    CHR - Extension: Lose It! = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
    CHR - Extension: Heavenly Cross = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepdlccjceknhloddohpnmciihblkann\1.0_1\
    CHR - Extension: Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdnemdhflomhllfglbehifomfialkbd\1.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
    CHR - Extension: Open Library Book Search = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfabonemecnhlpcdippbpgjhmdciegii\1.1_0\
    CHR - Extension: Norton Identity Protection = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: uTorrentControl2 = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.52_0\crossrider
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.52_0\
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\crossrider
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\
    CHR - Extension: Gmail = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: KJV Simple Search Parallel Bible = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjlenmjncdhpnahiceddcbagckmecpb\1.2_0\

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Bucksbee Loyalty Plugin - 100815) - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll (Freecause Inc.)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro, Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    O4 - HKCU..\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun File not found
    O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 645" File not found
    O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - Startup: C:\Users\CoCoMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CoCoMac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: pstcc.edu ([elearn] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: pstcc.edu ([www] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6476BD96-BFF3-4C53-84FB-7B1BB04FD4BA}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914ACDC4-E02C-4968-8222-EE3A745F3572}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell - "" = AutoRun
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell\AutoRun\command - "" = E:\Start.exe
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell\menu1\command - "" = E:\Start.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/27 13:46:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CoCoMac\Desktop\OTL.exe
    [2012/10/27 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\CoCoMac\AppData\Roaming\Malwarebytes
    [2012/10/27 12:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/27 12:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/27 12:53:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/10/27 12:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/27 12:46:49 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/10/27 12:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/10/27 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/10/19 23:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
    [2012/10/19 23:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
    [2012/10/19 23:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2012/10/19 23:19:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/10/10 19:41:35 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/10/10 19:41:34 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/10/10 19:41:34 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/10/10 19:41:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2012/10/10 19:41:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
    [2012/10/10 19:41:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
    [2012/10/10 19:41:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
    [2012/10/10 19:41:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2012/10/10 19:41:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2012/10/10 19:41:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2012/10/10 19:41:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2012/10/10 19:41:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2012/10/10 19:41:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2012/10/10 19:41:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2012/10/10 19:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2012/10/10 19:40:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2012/10/10 19:40:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2012/10/10 19:40:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\CoCoMac\Documents\*.tmp files -> C:\Users\CoCoMac\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/27 13:54:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/10/27 13:48:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/27 13:48:35 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/27 13:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CoCoMac\Desktop\OTL.exe
    [2012/10/27 13:41:32 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/27 13:41:11 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/10/27 13:40:38 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/27 13:12:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/27 12:53:39 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/27 12:45:29 | 000,000,935 | ---- | M] () -- C:\Users\CoCoMac\Desktop\NTREGOPT.lnk
    [2012/10/27 12:45:29 | 000,000,916 | ---- | M] () -- C:\Users\CoCoMac\Desktop\ERUNT.lnk
    [2012/10/25 13:17:37 | 000,062,522 | ---- | M] () -- C:\Users\CoCoMac\Desktop\Corey McMahanresume.rtf
    [2012/10/15 21:42:47 | 000,010,074 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604000.009\VT20121008.022
    [2012/10/13 15:53:59 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/10/13 15:53:59 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/10/13 15:53:59 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/10/11 14:44:23 | 001,494,856 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
    [2012/10/09 16:41:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/10/09 16:41:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/10/07 21:40:54 | 015,711,338 | ---- | M] () -- C:\Users\CoCoMac\Desktop\PSTCC Viewbook.pdf
    [2012/10/03 16:37:59 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\CoCoMac\Documents\*.tmp files -> C:\Users\CoCoMac\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/27 12:53:39 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/27 12:45:29 | 000,000,935 | ---- | C] () -- C:\Users\CoCoMac\Desktop\NTREGOPT.lnk
    [2012/10/27 12:45:29 | 000,000,916 | ---- | C] () -- C:\Users\CoCoMac\Desktop\ERUNT.lnk
    [2012/10/09 21:46:45 | 000,062,522 | ---- | C] () -- C:\Users\CoCoMac\Desktop\Corey McMahanresume.rtf
    [2012/10/07 21:40:53 | 015,711,338 | ---- | C] () -- C:\Users\CoCoMac\Desktop\PSTCC Viewbook.pdf
    [2012/08/29 19:00:14 | 000,000,106 | ---- | C] () -- C:\windows\EWF645.ini
    [2012/05/22 23:49:14 | 000,000,230 | ---- | C] () -- C:\Users\CoCoMac\AppData\Roaming\Statdisk.prefs
    [2012/05/11 20:30:57 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2012/02/05 17:19:46 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/08/05 10:39:17 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/08/05 10:37:09 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/08/12 00:05:38 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\AVG
    [2012/02/26 14:40:44 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Babylon
    [2012/02/07 04:37:38 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Book Place
    [2012/09/08 17:56:32 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\DAEMON Tools Lite
    [2012/10/27 13:42:38 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Dropbox
    [2012/08/31 02:48:42 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Epson
    [2012/08/29 19:59:41 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Leader Technologies
    [2012/08/29 19:31:29 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Leadertech
    [2012/05/19 11:58:05 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\OpenCandy
    [2012/06/23 16:08:44 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\PCCUStubInstaller
    [2012/08/25 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\SoftGrid Client
    [2012/02/07 17:24:49 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Tific
    [2012/02/09 22:42:06 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\Toshiba
    [2012/02/05 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\TP
    [2012/09/08 22:07:10 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\TuneUp Software
    [2012/07/31 10:39:38 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\WildTangent
    [2012/02/05 12:18:06 | 000,000,000 | ---D | M] -- C:\Users\CoCoMac\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HTS547564A9E384 ATA Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 1.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 581.00GB
    Starting Offset: 1573912576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 13.00GB
    Starting Offset: 625663279104
    Hidden sectors: 0


    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/04/29 17:27:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/10/27 13:40:38 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/27 13:40:39 | 3731,742,720 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/12 18:59:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/12 18:59:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/12 18:59:29 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/12 18:59:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/12 18:59:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/12 18:59:28 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 03:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

    < >
    [2009/07/14 01:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
    [2009/07/14 01:08:49 | 000,032,624 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
    [2011/08/05 11:40:44 | 000,000,908 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2011/08/05 11:40:45 | 000,000,912 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/04/18 10:45:32 | 000,000,830 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    < End of report >
     
  8. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    Extras:
    OTL Extras logfile created on: 10/27/2012 1:55:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CoCoMac\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 52.55% Memory free
    6.95 Gb Paging File | 5.00 Gb Available in Paging File | 71.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.23 Gb Total Space | 524.36 Gb Free Space | 90.22% Space Free | Partition Type: NTFS

    Computer Name: COCOMAC-PC | User Name: CoCoMac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02E5FE3B-ADE6-4564-B785-8C54E61B5BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1D3D2268-4EBB-42CB-BBCD-D3D9F459669C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{3F8F0891-5FC6-4439-B81A-3A93982EC9FB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{46A471DE-4A20-4FBB-96A2-3836B80DC3B4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4833AAE7-B40C-4FF8-9DF5-886E0FC0A576}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{70F2CE25-FE5E-4679-8BB0-B494EB29D2A8}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{792842AE-F1B7-4148-921F-DCE82B5C0160}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{7AEFD19B-97D2-4457-8C8F-4EC8DCE5F430}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{98D50728-1E52-4A1A-A3D8-A543D5B899B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C659F08B-279F-454A-8FE0-226C7020E602}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D43395B5-C434-48D6-96AB-58EFC78B3E20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D660B2CC-8208-4F6E-B270-744B984794CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00CCBC03-614D-41EB-8ECE-A9F463B05C31}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{0B9D0A21-FCB4-4DDE-9F8D-C226E23CFF32}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{10DDBECC-26FE-43BB-9B84-F90F68DDE2F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{16CD7C3F-3F70-48CF-B7C2-AA6FEAD84D11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1B9558F5-9057-4F18-9C67-E4C359CD6192}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{21789BE1-8BE7-4D6B-82D3-41B3C2461F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{22843ABC-1A43-48F2-B8D2-52960BE81F61}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{27BFCC90-874D-4E93-8C97-DF8B8E215AB3}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{2F11FCA5-DF69-46FD-9DB8-E477315D569B}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
    "{31A12497-88FD-425A-A16B-410D58E7B4BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - 100815\troubleshooter.exe |
    "{38C4D840-892A-440A-B17E-EAE6E1C62B62}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{38F432C8-DDB4-4191-95ED-4D1190D64921}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4AB7AF0B-AD2B-40F1-AD57-8AFE1FA2DCD2}" = protocol=6 | dir=in | app=c:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe |
    "{5685CDF7-BD97-4128-95A2-703FB8FAAFEA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{57900D5E-C9BC-47B6-880D-189428D3AAE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5E896B74-B85E-4A70-8737-3F2C25B07B34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6045F933-52CC-4C85-BB5F-000702A05E95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{61278C25-16FD-403A-8E4A-A17F403AD840}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{660508F1-65C4-4694-85C1-D43FA4E1628C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6876F07B-4105-42E2-AF8B-668C54D81097}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6C8E9960-6729-4DC1-9C94-7C0E67971C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{73BCDA9B-9096-4643-A9EB-74BBDD469845}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{7575622D-B76F-403A-9BE5-E6DCC8BB791B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{76423FF8-26DF-44E3-860B-459B3C04FF31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7C7F50FE-EC32-4438-8BA1-97EFCA0FA830}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{824B0690-67A0-483B-9081-7A8E6B78D779}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{8852B8D7-B820-422F-B76C-245857CAFA52}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{8F5C9482-D068-45A2-87B4-E88658E68032}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{91091E8F-AA86-425B-9A2F-AA59AD548809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{910A4BF6-09DA-480E-AEA3-4071B50837A2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{9131D47B-2CB2-4310-A96E-525AF27546B5}" = protocol=17 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{AFCA81E0-F027-4039-A920-BC3934EA7979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B07EB7CB-65C5-4382-B9D8-8D0D47BB6D26}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{B0B4A408-2340-428B-B99B-A204B23903D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B893B11D-8F68-4078-B243-B9C0B70C152B}" = protocol=17 | dir=in | app=c:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B98B350F-8C4E-4FF3-B1AA-69160C78675A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{CC168154-E282-4919-9342-0284794E82C7}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
    "{E258CB4F-B9F6-4B25-AF4E-B5A9603DE9A9}" = protocol=17 | dir=in | app=c:\program files (x86)\bucksbee loyalty plugin - 100815\troubleshooter.exe |
    "{E9252B83-AA8E-4DB2-8A04-F779CC3C878A}" = protocol=6 | dir=in | app=d:\common\epsonnet setup\eneasyapp.exe |
    "{EF095940-8DD7-48C1-84B9-5E15CD4113AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F3CA5EDB-EE81-4281-94D5-AE3F3C497C4F}" = protocol=6 | dir=out | app=system |
    "TCP Query User{438194FA-429C-4143-847E-D9AF18DFB8A8}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{9117D7AE-5986-4901-A3D5-88CE8995A4D7}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "TCP Query User{F62B3AC2-FCB1-4EC4-8F8C-A25B4BE0F49E}C:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{3DDDC68F-FEF1-4383-878E-36CA3EDA8A92}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{A588F399-8B8B-44DE-B6E5-1F54516DBB84}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
    "UDP Query User{CC6EDF08-BAD2-4E19-BE8C-1C4E07623B3D}C:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\cocomac\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{14AC80A3-D80B-85E0-131D-8E0F581DACB6}" = ccc-utility64
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{65486209-5C54-439C-8383-8AC9BBE25932}" = Atheros Bluetooth Filter Driver Package
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
    "{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{9F455BA4-BAFB-AE04-2537-1CFC94FE400A}" = ATI Catalyst Install Manager
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{ADF96813-AFAD-7A71-402D-2D2795401B9E}" = WMV9/VC-1 Video Playback
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06CF83C8-A7F9-37E0-18E0-76F78E4E93BE}" = CCC Help Korean
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
    "{0C6A8CB7-A4F8-CC55-5554-6315DC90B587}" = CCC Help Japanese
    "{0C71A279-B127-7C96-3084-5E23C4607E8B}" = CCC Help Chinese Standard
    "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
    "{13616DE2-9795-4910-8C93-80D45AF09658}" = iTunes
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27993E6B-F23B-B04C-2C43-F6A1EA57CBD2}" = CCC Help Greek
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2B0F41D8-A9BD-70AC-B5E9-88DCF3A67E78}" = AMD VISION Engine Control Center
    "{2C3CE57D-29A8-A7CE-5A66-C32A6F1CCBF0}" = CCC Help Thai
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{41986453-361D-B758-D8B4-3880347C40F8}" = CCC Help Italian
    "{42310CC1-FA1E-9FE1-232F-256464800E3B}" = CCC Help Russian
    "{42CAFBDA-8AFC-1CF9-9C48-53C0983F3CA2}" = CCC Help Polish
    "{436246B4-B913-A367-EA3B-FB3681DE297B}" = CCC Help Dutch
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F3831C7-EE2B-804E-E580-9380D1D3E3CF}" = CCC Help English
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5B73583F-A5B8-EDC3-24BE-5EE0B77B44D3}" = Catalyst Control Center Localization All
    "{5BA99779-6E12-49EF-BE49-F35B1EDB4DF9}" = TOSHIBA Wireless LAN Indicator
    "{5D323CD4-8229-2A02-947C-6B79BB162B32}" = CCC Help French
    "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
    "{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{6791C5E8-F9BE-FE7A-8CE1-2A9BEEF0CC49}" = CCC Help Spanish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{744128C6-16E7-77F0-6A60-79AB9ECBC7D4}" = CCC Help Chinese Traditional
    "{7689CE69-8BBC-D1D2-E43B-EFFCEFEC9819}" = CCC Help Portuguese
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC9DDFF-EA30-00D7-4E4D-9ED088A6E847}" = CCC Help Norwegian
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = ASPCA Reminder by We-Care.com v4.0.19.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9AACD17B-FDD5-2E2F-BD31-15C1C92373E6}" = CCC Help Turkish
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
    "{A4595B6E-142F-DDEA-0B08-401261B26C5C}" = CCC Help German
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA6010CC-B655-0E28-FB36-DF4CD17FAA43}" = Catalyst Control Center Graphics Previews Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B670EB67-B0B2-836B-ACF2-CB29325A01BE}" = CCC Help Czech
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{CC5C6A92-C80A-4582-8542-BAE0F91B28EE}" = YTD Toolbar v6.5
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0D3144A-939C-840B-4337-87467F91C1EA}" = CCC Help Danish
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6B7EF81-4AEF-75A9-6F2C-787E65919BCF}" = CCC Help Swedish
    "{D6EDFC58-862D-84DC-81B5-D122F30DC744}" = CCC Help Finnish
    "{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
    "{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
    "{DBA3414A-3B2B-3A62-2CD8-A0C80D6E9DAE}" = Catalyst Control Center InstallProxy
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EA2FC14A-5A8F-8C2A-ED2B-34B91DBB547E}" = CCC Help Hungarian
    "{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
    "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeâ„¢ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
    "{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}" = Epson Event Manager
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "alotAppbar" = ALOT Appbar
    "BabylonToolbar" = Babylon toolbar on IE
    "Bucksbee Loyalty Plugin - 100815" = Bucksbee Loyalty Plugin - 100815
    "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
    "EPSON Scanner" = EPSON Scan
    "ERUNT_is1" = ERUNT 1.1j
    "Google Chrome" = Google Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
    "InstallShield_{13616DE2-9795-4910-8C93-80D45AF09658}" = iTunes
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "LTCM Client" = LTCM Client
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "N360" = Norton 360
    "Norton PC Checkup_is1" = Norton PC Checkup
    "NortonPCCheckup" = Toshiba Laptop Checkup
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-3266cc00-12b5-498c-b7a7-80f7b1686d89" = Jewel Quest: The Sleepless Star - Collector's Edition
    "WTA-34569fce-77ca-439a-92b4-bae6306ade0d" = Chuzzle Deluxe
    "WTA-656ceb4d-b5a6-4f94-8007-8ce7fdef9ff1" = FATE - The Traitor Soul
    "WTA-7b501093-6516-426d-91c5-789257362fed" = Tom Clancy's Splinter Cell
    "WTA-8020c968-0c23-44e6-88bb-46830affd3ed" = Polar Bowler
    "WTA-ab820912-de9b-4a99-bb6f-f4f89d8840f4" = Penguins!
    "WTA-bfa2caf2-6d5d-4e1f-87ef-2441a6260451" = Zuma's Revenge
    "WTA-c17bfede-ff2d-4831-998a-7d0753bb2565" = Plants vs. Zombies - Game of the Year
    "WTA-d3d57f1f-0760-4aab-b727-4109878d616e" = Bejeweled 3
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/9/2012 2:32:26 PM | Computer Name = CoCoMac-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 8/9/2012 2:33:18 PM | Computer Name = CoCoMac-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/10/2012 3:13:29 PM | Computer Name = CoCoMac-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/10/2012 3:13:41 PM | Computer Name = CoCoMac-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 8/11/2012 3:56:36 PM | Computer Name = CoCoMac-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 8/11/2012 3:57:30 PM | Computer Name = CoCoMac-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/11/2012 4:38:23 PM | Computer Name = CoCoMac-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
    time stamp: 0x4fc9cd53 Faulting module name: TOSHIBAMediaControllerIE.dll, version:
    1.0.6.1, time stamp: 0x4cf89027 Exception code: 0xc0000005 Fault offset: 0x00005e8b
    Faulting
    process id: 0x1f88 Faulting application start time: 0x01cd78013a02c9ab Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    Report
    Id: 7e168dec-e3f4-11e1-a9a7-e89a8f9a60fd

    Error - 8/11/2012 8:36:33 PM | Computer Name = CoCoMac-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
    time stamp: 0x4fc9cd53 Faulting module name: atidxx32.dll, version: 8.17.10.342,
    time stamp: 0x4daf3de8 Exception code: 0xc0000005 Fault offset: 0x00214bab Faulting
    process id: 0x23f4 Faulting application start time: 0x01cd780114c3ad48 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\windows\system32\atidxx32.dll Report Id: c3bc346d-e415-11e1-a9a7-e89a8f9a60fd

    Error - 8/12/2012 10:57:53 PM | Computer Name = CoCoMac-PC | Source = Toshiba App Place | ID = 0
    Description =

    Error - 8/12/2012 10:58:37 PM | Computer Name = CoCoMac-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 7/11/2012 10:09:15 PM | Computer Name = CoCoMac-PC | Source = MCUpdate | ID = 0
    Description = 10:09:15 PM - Error connecting to the internet. 10:09:15 PM - Unable
    to contact server..

    Error - 7/11/2012 10:09:26 PM | Computer Name = CoCoMac-PC | Source = MCUpdate | ID = 0
    Description = 10:09:20 PM - Error connecting to the internet. 10:09:20 PM - Unable
    to contact server..

    Error - 8/30/2012 5:00:58 PM | Computer Name = CoCoMac-PC | Source = MCUpdate | ID = 0
    Description = 5:00:58 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 10/20/2012 9:40:44 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/21/2012 10:17:58 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/21/2012 11:57:01 PM | Computer Name = CoCoMac-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/21/2012 11:57:03 PM | Computer Name = CoCoMac-PC | Source = DCOM | ID = 10016
    Description =

    Error - 10/22/2012 11:23:03 AM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/22/2012 10:21:30 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/25/2012 12:55:30 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/26/2012 2:32:57 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/27/2012 10:29:21 AM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/27/2012 1:41:11 PM | Computer Name = CoCoMac-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom


    < End of report >
     
  9. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, cocomac11.
    My name is etavares and I will be helping you with this log.

    Here are some guidelines to ensure we are able to get your machine back under your control.

    • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
    • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
    • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
    • Please reply within 3 days to be fair to other people asking for help.
    • When in doubt, please stop and ask first. There's no harm in asking questions!


    Trusted Zone Warning

    Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

    It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

    They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



    Step 1

    Download and run the AVG removal tool from here...it isn't fully uninstalled.
    http://www.avg.com/us-en/utilities




    Step 2

    Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.

    ALOT appbar
    Babylon Toolbar on IE


    Be sure to reboot when done.



    Step 3

    We need run an OTL Script
    1. Please download OTL from one of the following mirrors if you do not still have it.
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Paste the following code under the Custom Scans/Fixes box at the bottom.
      Code:
      :files
      C:\Program Files (x86)\Common Files\Spigot\Search Settings\
      C:\Program Files (x86)\YTD Toolbar
      C:\Program Files (x86)\Common Files\Spigot
      C:\Users\CoCoMac\AppData\Roaming\AVG
      C:\Users\CoCoMac\AppData\Roaming\Babylon
      :OTL
      IE - HKCU\..\URLSearchHook:  - No CLSID value found
      IE - HKCU\..\URLSearchHook: {4d95229d-bcd1-51b4-d184-411b9857a1f4} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll ()
      IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
      IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
      IE - HKCU\..\SearchScopes,DefaultScope = {7304F5BD-A478-4588-AD02-66011D09112A}
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
      O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
      O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
      O2 - BHO: (Bucksbee Loyalty Plugin - 100815) - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll (Freecause Inc.)
      O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
      O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
      O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro, Inc)
      O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll (Spigot, Inc.)
      O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
      O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 645" File not found
      O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
      
    5. Click the Run Fix button at the top.
    6. let the program run unhindered and reboot when it is done.
    7. You will get a log when it is done, please post that in your reply.
    8. Please then create a new OTL report....
    9. Click the "Scan All Users" checkbox.
    10. Push the [​IMG] button.
    11. A report will open, copy and paste it in a reply here.



    Step 4

    I'd like us to scan your machine with ESET OnlineScan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]

    etavares
     
  10. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    Ok, thank you very much. I'll start working on this later in the evening.
     
  11. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    ========== FILES ==========
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
    C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
    C:\Program Files (x86)\YTD Toolbar\Res\Lang folder moved successfully.
    C:\Program Files (x86)\YTD Toolbar\Res folder moved successfully.
    C:\Program Files (x86)\YTD Toolbar\IE\6.5 folder moved successfully.
    C:\Program Files (x86)\YTD Toolbar\IE folder moved successfully.
    C:\Program Files (x86)\YTD Toolbar folder moved successfully.
    C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG\Rescue folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG\PC Tuneup\User Reports folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\AVG folder moved successfully.
    C:\Users\CoCoMac\AppData\Roaming\Babylon folder moved successfully.
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{4d95229d-bcd1-51b4-d184-411b9857a1f4} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d95229d-bcd1-51b4-d184-411b9857a1f4}\ deleted successfully.
    C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll moved successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
    File C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll not found.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
    File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
    File C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}\ deleted successfully.
    C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
    File C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
    File C:\Program Files (x86)\alotappbar\bin\alothelper.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
    File C:\Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
    File C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000001 deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 10272012_192613
     
  12. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    OTL logfile created on: 10/27/2012 7:34:01 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CoCoMac\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 56.43% Memory free
    6.95 Gb Paging File | 5.23 Gb Available in Paging File | 75.28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.23 Gb Total Space | 523.89 Gb Free Space | 90.13% Space Free | Partition Type: NTFS

    Computer Name: COCOMAC-PC | User Name: CoCoMac | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\CoCoMac\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    PRC - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Users\CoCoMac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    PRC - C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe (ABBYY)
    PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._core_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._controls_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\windows._cacheinvalidation.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._windows_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._gdi_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._misc_.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\_ssl.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\pysqlite2._sqlite.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\pythoncom26.dll ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\_hashlib.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32com.shell.shell.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\pyexpat.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._wizard.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32file.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32security.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\pywintypes26.dll ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32api.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\_elementtree.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\_ctypes.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\wx._html2.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\_socket.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32inet.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32process.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32pdh.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32event.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\win32crypt.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\unicodedata.pyd ()
    MOD - C:\Users\CoCoMac\AppData\Local\Temp\_MEI36882\select.pyd ()
    MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
    MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (EpsonCustomerParticipation) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (SEIKO EPSON CORPORATION)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
    SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
    SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Symantec Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe (Symantec Corporation)
    SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
    SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys (Symantec Corporation)
    DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys (Symantec Corporation)
    DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys (Symantec Corporation)
    DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
    DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
    DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
    DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
    DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
    DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
    DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
    DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
    DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
    DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
    DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
    DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
    DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121026.032\ex64.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121026.032\eng64.sys (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121005.002\BHDrvx64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121027.001\IDSviA64.sys (Symantec Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {19A2F426-3FA9-413A-9079-5E1CE441393B}
    IE:64bit: - HKLM\..\SearchScopes\{19A2F426-3FA9-413A-9079-5E1CE441393B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {7304F5BD-A478-4588-AD02-66011D09112A}
    IE - HKLM\..\SearchScopes\{7304F5BD-A478-4588-AD02-66011D09112A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\SearchScopes,DefaultScope = {7304F5BD-A478-4588-AD02-66011D09112A}
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\SearchScopes\{49DA172A-C18A-4408-BE23-9AD91E101CFF}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\SearchScopes\{7304F5BD-A478-4588-AD02-66011D09112A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS470
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\SearchScopes\{CB54E719-100D-4861-9F3B-BB880EFEA1A8}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/09/07 15:49:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/10/27 19:31:16 | 000,000,000 | ---D | M]

    [2012/05/11 20:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CoCoMac\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/05/11 20:19:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\CoCoMac\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ========== Chrome ==========

    CHR - homepage: http://start.toshiba.com/g/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://start.toshiba.com/g/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
    CHR - plugin: Wajam (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\plugins/PriamNPAPI.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Guitarist's Reference = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk\1_0\
    CHR - Extension: Online Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnemellbcpjiodfgadpoebbjobfaoiga\1.1.6_0\
    CHR - Extension: Google Search = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi\2.2_0\
    CHR - Extension: ESV Bible Online = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\efoiegbeomiljakglbmkmlhdahkndejc\1.2_0\
    CHR - Extension: Marvel Comics = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
    CHR - Extension: We-Care Reminder = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
    CHR - Extension: Lose It! = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
    CHR - Extension: Heavenly Cross = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kepdlccjceknhloddohpnmciihblkann\1.0_1\
    CHR - Extension: Guitar Tuner = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdnemdhflomhllfglbehifomfialkbd\1.2_0\
    CHR - Extension: Skype Click to Call = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
    CHR - Extension: Open Library Book Search = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfabonemecnhlpcdippbpgjhmdciegii\1.1_0\
    CHR - Extension: Norton Identity Protection = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
    CHR - Extension: uTorrentControl2 = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\crossrider
    CHR - Extension: Vid-Saver = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.20.54_0\
    CHR - Extension: Gmail = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: KJV Simple Search Parallel Bible = C:\Users\CoCoMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjlenmjncdhpnahiceddcbagckmecpb\1.2_0\

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
    O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
    O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
    O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000..\Run: [ABBYY Screenshot Reader Bonus] "C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint\Bonus.ScreenshotReader.exe" -autorun File not found
    O4 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\CoCoMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CoCoMac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..Trusted Domains: pstcc.edu ([elearn] https in Trusted sites)
    O15 - HKU\S-1-5-21-1806440895-405104506-2448220726-1000\..Trusted Domains: pstcc.edu ([www] http in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6476BD96-BFF3-4C53-84FB-7B1BB04FD4BA}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914ACDC4-E02C-4968-8222-EE3A745F3572}: DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell - "" = AutoRun
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell\AutoRun\command - "" = E:\Start.exe
    O33 - MountPoints2\{71323065-50db-11e1-a50c-d0df9a9912ec}\Shell\menu1\command - "" = E:\Start.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/27 19:26:13 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/10/27 17:07:07 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\CoCoMac\Desktop\avg_remover_stf_x64_2013_2706.exe
    [2012/10/27 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\CoCoMac\Desktop\Coputer Scan Logs
    [2012/10/27 14:12:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\CoCoMac\Desktop\aswMBR.exe
    [2012/10/27 13:46:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CoCoMac\Desktop\OTL.exe
    [2012/10/27 12:53:57 | 000,000,000 | ---D | C] -- C:\Users\CoCoMac\AppData\Roaming\Malwarebytes
    [2012/10/27 12:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/27 12:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/27 12:53:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/10/27 12:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/27 12:46:49 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
    [2012/10/27 12:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/10/27 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2012/10/19 23:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
    [2012/10/19 23:19:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/10/10 19:41:35 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
    [2012/10/10 19:41:34 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
    [2012/10/10 19:41:34 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
    [2012/10/10 19:41:22 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
    [2012/10/10 19:41:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
    [2012/10/10 19:41:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
    [2012/10/10 19:41:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
    [2012/10/10 19:41:21 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
    [2012/10/10 19:41:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
    [2012/10/10 19:41:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
    [2012/10/10 19:41:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
    [2012/10/10 19:41:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
    [2012/10/10 19:41:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
    [2012/10/10 19:41:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
    [2012/10/10 19:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 19:41:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 19:41:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
    [2012/10/10 19:40:55 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
    [2012/10/10 19:40:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
    [2012/10/10 19:40:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\CoCoMac\Documents\*.tmp files -> C:\Users\CoCoMac\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/27 19:38:57 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/27 19:38:57 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/27 19:31:31 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/27 19:30:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/10/27 19:30:47 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/27 19:25:46 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/10/27 19:25:46 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/10/27 19:25:46 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/10/27 19:24:12 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/27 19:24:12 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/10/27 17:07:07 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\CoCoMac\Desktop\avg_remover_stf_x64_2013_2706.exe
    [2012/10/27 14:13:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\CoCoMac\Desktop\aswMBR.exe
    [2012/10/27 13:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CoCoMac\Desktop\OTL.exe
    [2012/10/27 12:53:39 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/27 12:45:29 | 000,000,935 | ---- | M] () -- C:\Users\CoCoMac\Desktop\NTREGOPT.lnk
    [2012/10/27 12:45:29 | 000,000,916 | ---- | M] () -- C:\Users\CoCoMac\Desktop\ERUNT.lnk
    [2012/10/15 21:42:47 | 000,010,074 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604000.009\VT20121008.022
    [2012/10/11 14:44:23 | 001,494,856 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0604000.009\Cat.DB
    [2012/10/09 16:41:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/10/09 16:41:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/10/03 16:37:59 | 000,002,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [1 C:\Users\CoCoMac\Documents\*.tmp files -> C:\Users\CoCoMac\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/27 12:53:39 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/27 12:45:29 | 000,000,935 | ---- | C] () -- C:\Users\CoCoMac\Desktop\NTREGOPT.lnk
    [2012/10/27 12:45:29 | 000,000,916 | ---- | C] () -- C:\Users\CoCoMac\Desktop\ERUNT.lnk
    [2012/08/29 19:00:14 | 000,000,106 | ---- | C] () -- C:\windows\EWF645.ini
    [2012/05/22 23:49:14 | 000,000,230 | ---- | C] () -- C:\Users\CoCoMac\AppData\Roaming\Statdisk.prefs
    [2012/05/11 20:30:57 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2012/02/05 17:19:46 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/08/05 10:39:17 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/08/05 10:37:09 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    < End of report >
     
  13. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    C:\Users\CoCoMac\Downloads\installer_adobe_flash_player_English.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Users\CoCoMac\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Windows\Installer\5bf65.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined
    C:\_OTL\MovedFiles\10272012_192613\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\10272012_192613\C_Program Files (x86)\YTD Toolbar\IE\6.5\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\10272012_192613\C_Users\CoCoMac\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120812000542705.rsc multiple threats deleted - quarantined
     
  14. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Nothing major in there...I assume you're still having the same issues?
     
  15. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    As far as I can tell. It did boot up quite a bit faster today but, it still does not reister my cdrom. Not noticed anything witht he icons.
     
  16. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, cocomac11.


    We'll run TDSSKiller. I don't think it will see anything, but we'll rule out one last thing. Then, we'll focus on your CD drive issues first.

    Step 1
    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply


    Step 2


    Let's start with the CD drive.

    First:
    • Click Start
    • Right-click Computer
    • Select Manage
    • In the left pane, click Storage --> Disk Management
    • In the middle pane, you should see a list of your hard drives in the top. Underneath, you should see a list of all drives in the gray section. Is your CD-ROM listed there? E.g., mine says:
      CD-ROM 0
      DVD (D:)
      No Media
    Next:
    • Click Start
    • Right-Click Computer
    • Select Properties
    • Click Device Manager on the left
    • Expand DVD/CD-ROM drives and tell me if your CD drive is listed there. If so, does it have a yellow exclamation point on the icon for it?
    etavares
     
  17. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    The scan found no malicious or suspicious objects:

    19:43:43.0760 1272 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    19:43:44.0080 1272 ============================================================
    19:43:44.0080 1272 Current date / time: 2012/10/28 19:43:44.0080
    19:43:44.0080 1272 SystemInfo:
    19:43:44.0080 1272
    19:43:44.0080 1272 OS Version: 6.1.7601 ServicePack: 1.0
    19:43:44.0080 1272 Product type: Workstation
    19:43:44.0080 1272 ComputerName: COCOMAC-PC
    19:43:44.0080 1272 UserName: CoCoMac
    19:43:44.0080 1272 Windows directory: C:\windows
    19:43:44.0080 1272 System windows directory: C:\windows
    19:43:44.0080 1272 Running under WOW64
    19:43:44.0080 1272 Processor architecture: Intel x64
    19:43:44.0080 1272 Number of processors: 4
    19:43:44.0080 1272 Page size: 0x1000
    19:43:44.0080 1272 Boot type: Normal boot
    19:43:44.0080 1272 ============================================================
    19:43:45.0445 1272 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:43:45.0445 1272 ============================================================
    19:43:45.0445 1272 \Device\Harddisk0\DR0:
    19:43:45.0445 1272 MBR partitions:
    19:43:45.0445 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48A75000
    19:43:45.0445 1272 ============================================================
    19:43:45.0492 1272 C: <-> \Device\Harddisk0\DR0\Partition1
    19:43:45.0492 1272 ============================================================
    19:43:45.0492 1272 Initialize success
    19:43:45.0492 1272 ============================================================
    19:43:50.0031 7052 ============================================================
    19:43:50.0031 7052 Scan started
    19:43:50.0031 7052 Mode: Manual;
    19:43:50.0031 7052 ============================================================
    19:43:50.0718 7052 ================ Scan system memory ========================
    19:43:50.0718 7052 System memory - ok
    19:43:50.0718 7052 ================ Scan services =============================
    19:43:50.0999 7052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    19:43:50.0999 7052 1394ohci - ok
    19:43:51.0139 7052 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    19:43:51.0155 7052 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
    19:43:51.0201 7052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
    19:43:51.0217 7052 ACPI - ok
    19:43:51.0233 7052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    19:43:51.0233 7052 AcpiPmi - ok
    19:43:51.0311 7052 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:43:51.0311 7052 AdobeARMservice - ok
    19:43:51.0451 7052 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:43:51.0467 7052 AdobeFlashPlayerUpdateSvc - ok
    19:43:51.0529 7052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    19:43:51.0545 7052 adp94xx - ok
    19:43:51.0576 7052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
    19:43:51.0576 7052 adpahci - ok
    19:43:51.0638 7052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    19:43:51.0638 7052 adpu320 - ok
    19:43:51.0669 7052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    19:43:51.0669 7052 AeLookupSvc - ok
    19:43:51.0732 7052 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
    19:43:51.0747 7052 AFD - ok
    19:43:51.0794 7052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
    19:43:51.0794 7052 agp440 - ok
    19:43:51.0825 7052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
    19:43:51.0825 7052 ALG - ok
    19:43:51.0857 7052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
    19:43:51.0857 7052 aliide - ok
    19:43:51.0903 7052 [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    19:43:51.0903 7052 AMD External Events Utility - ok
    19:43:51.0919 7052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
    19:43:51.0919 7052 amdide - ok
    19:43:51.0950 7052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    19:43:51.0950 7052 AmdK8 - ok
    19:43:52.0215 7052 [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
    19:43:52.0278 7052 amdkmdag - ok
    19:43:52.0309 7052 [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
    19:43:52.0325 7052 amdkmdap - ok
    19:43:52.0340 7052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    19:43:52.0340 7052 AmdPPM - ok
    19:43:52.0356 7052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
    19:43:52.0371 7052 amdsata - ok
    19:43:52.0387 7052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    19:43:52.0403 7052 amdsbs - ok
    19:43:52.0418 7052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
    19:43:52.0418 7052 amdxata - ok
    19:43:52.0481 7052 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\windows\system32\Drivers\ssadadb.sys
    19:43:52.0496 7052 androidusb - ok
    19:43:52.0543 7052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
    19:43:52.0543 7052 AppID - ok
    19:43:52.0559 7052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
    19:43:52.0574 7052 AppIDSvc - ok
    19:43:52.0590 7052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
    19:43:52.0590 7052 Appinfo - ok
    19:43:52.0652 7052 [ 70968A726D9DE0F0259D4AEB965FAD61 ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    19:43:52.0668 7052 Application Updater - ok
    19:43:52.0715 7052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
    19:43:52.0715 7052 arc - ok
    19:43:52.0746 7052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
    19:43:52.0746 7052 arcsas - ok
    19:43:52.0777 7052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    19:43:52.0777 7052 AsyncMac - ok
    19:43:52.0793 7052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
    19:43:52.0793 7052 atapi - ok
    19:43:52.0902 7052 [ B2931C83CFB12A3223A47B180473AE1A ] athr C:\windows\system32\DRIVERS\athrx.sys
    19:43:52.0949 7052 athr - ok
    19:43:53.0027 7052 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
    19:43:53.0027 7052 AtiHDAudioService - ok
    19:43:53.0089 7052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    19:43:53.0105 7052 AudioEndpointBuilder - ok
    19:43:53.0120 7052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
    19:43:53.0136 7052 AudioSrv - ok
    19:43:53.0167 7052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
    19:43:53.0183 7052 AxInstSV - ok
    19:43:53.0214 7052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    19:43:53.0229 7052 b06bdrv - ok
    19:43:53.0261 7052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    19:43:53.0276 7052 b57nd60a - ok
    19:43:53.0292 7052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
    19:43:53.0307 7052 BDESVC - ok
    19:43:53.0323 7052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
    19:43:53.0323 7052 Beep - ok
    19:43:53.0354 7052 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
    19:43:53.0370 7052 BFE - ok
    19:43:53.0588 7052 [ 652F4D186325B69FFE80EE18AE9ACC77 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121005.002\BHDrvx64.sys
    19:43:53.0619 7052 BHDrvx64 - ok
    19:43:53.0666 7052 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
    19:43:53.0682 7052 BITS - ok
    19:43:53.0713 7052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    19:43:53.0713 7052 blbdrive - ok
    19:43:53.0744 7052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    19:43:53.0744 7052 bowser - ok
    19:43:53.0791 7052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    19:43:53.0791 7052 BrFiltLo - ok
    19:43:53.0807 7052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    19:43:53.0807 7052 BrFiltUp - ok
    19:43:53.0838 7052 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
    19:43:53.0838 7052 Browser - ok
    19:43:53.0885 7052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
    19:43:53.0900 7052 Brserid - ok
    19:43:53.0916 7052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    19:43:53.0916 7052 BrSerWdm - ok
    19:43:53.0931 7052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    19:43:53.0931 7052 BrUsbMdm - ok
    19:43:53.0963 7052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    19:43:53.0963 7052 BrUsbSer - ok
    19:43:54.0025 7052 [ 2347ABBD13BADA65826FDAB4CAAFE357 ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
    19:43:54.0025 7052 BtFilter - ok
    19:43:54.0041 7052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    19:43:54.0041 7052 BTHMODEM - ok
    19:43:54.0072 7052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
    19:43:54.0087 7052 bthserv - ok
    19:43:54.0134 7052 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\windows\system32\drivers\BVRPMPR5a64.SYS
    19:43:54.0134 7052 BVRPMPR5a64 - ok
    19:43:54.0212 7052 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
    19:43:54.0212 7052 ccSet_N360 - ok
    19:43:54.0243 7052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    19:43:54.0243 7052 cdfs - ok
    19:43:54.0290 7052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    19:43:54.0290 7052 cdrom - ok
    19:43:54.0337 7052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
    19:43:54.0337 7052 CertPropSvc - ok
    19:43:54.0368 7052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
    19:43:54.0368 7052 circlass - ok
    19:43:54.0415 7052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
    19:43:54.0415 7052 CLFS - ok
    19:43:54.0524 7052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:43:54.0524 7052 clr_optimization_v2.0.50727_32 - ok
    19:43:54.0571 7052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:43:54.0571 7052 clr_optimization_v2.0.50727_64 - ok
    19:43:54.0649 7052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:43:54.0649 7052 clr_optimization_v4.0.30319_32 - ok
    19:43:54.0665 7052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:43:54.0665 7052 clr_optimization_v4.0.30319_64 - ok
    19:43:54.0696 7052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    19:43:54.0696 7052 CmBatt - ok
    19:43:54.0727 7052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
    19:43:54.0727 7052 cmdide - ok
    19:43:54.0774 7052 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
    19:43:54.0774 7052 CNG - ok
    19:43:54.0852 7052 [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
    19:43:54.0867 7052 CnxtHdAudService - ok
    19:43:54.0899 7052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    19:43:54.0899 7052 Compbatt - ok
    19:43:54.0930 7052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    19:43:54.0930 7052 CompositeBus - ok
    19:43:54.0945 7052 COMSysApp - ok
    19:43:54.0992 7052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    19:43:54.0992 7052 crcdisk - ok
    19:43:55.0039 7052 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
    19:43:55.0039 7052 CryptSvc - ok
    19:43:55.0101 7052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
    19:43:55.0101 7052 DcomLaunch - ok
    19:43:55.0133 7052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
    19:43:55.0148 7052 defragsvc - ok
    19:43:55.0164 7052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
    19:43:55.0179 7052 DfsC - ok
    19:43:55.0211 7052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
    19:43:55.0226 7052 Dhcp - ok
    19:43:55.0257 7052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
    19:43:55.0257 7052 discache - ok
    19:43:55.0304 7052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
    19:43:55.0304 7052 Disk - ok
    19:43:55.0320 7052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
    19:43:55.0320 7052 Dnscache - ok
    19:43:55.0335 7052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
    19:43:55.0351 7052 dot3svc - ok
    19:43:55.0367 7052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
    19:43:55.0367 7052 DPS - ok
    19:43:55.0398 7052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    19:43:55.0398 7052 drmkaud - ok
    19:43:55.0445 7052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    19:43:55.0460 7052 DXGKrnl - ok
    19:43:55.0491 7052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
    19:43:55.0491 7052 EapHost - ok
    19:43:55.0616 7052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
    19:43:55.0663 7052 ebdrv - ok
    19:43:55.0741 7052 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    19:43:55.0757 7052 eeCtrl - ok
    19:43:55.0788 7052 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
    19:43:55.0803 7052 EFS - ok
    19:43:55.0866 7052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    19:43:55.0881 7052 ehRecvr - ok
    19:43:55.0913 7052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
    19:43:55.0913 7052 ehSched - ok
    19:43:55.0959 7052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
    19:43:55.0975 7052 elxstor - ok
    19:43:56.0069 7052 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
    19:43:56.0084 7052 EpsonCustomerParticipation - ok
    19:43:56.0131 7052 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    19:43:56.0131 7052 EraserUtilRebootDrv - ok
    19:43:56.0147 7052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
    19:43:56.0147 7052 ErrDev - ok
    19:43:56.0209 7052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
    19:43:56.0225 7052 EventSystem - ok
    19:43:56.0271 7052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
    19:43:56.0271 7052 exfat - ok
    19:43:56.0303 7052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
    19:43:56.0303 7052 fastfat - ok
    19:43:56.0365 7052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
    19:43:56.0381 7052 Fax - ok
    19:43:56.0412 7052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
    19:43:56.0412 7052 fdc - ok
    19:43:56.0474 7052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
    19:43:56.0474 7052 fdPHost - ok
    19:43:56.0490 7052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
    19:43:56.0490 7052 FDResPub - ok
    19:43:56.0505 7052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    19:43:56.0505 7052 FileInfo - ok
    19:43:56.0537 7052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    19:43:56.0537 7052 Filetrace - ok
    19:43:56.0568 7052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    19:43:56.0568 7052 flpydisk - ok
    19:43:56.0599 7052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    19:43:56.0599 7052 FltMgr - ok
    19:43:56.0661 7052 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
    19:43:56.0677 7052 FontCache - ok
    19:43:56.0724 7052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:43:56.0724 7052 FontCache3.0.0.0 - ok
    19:43:56.0739 7052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    19:43:56.0739 7052 FsDepends - ok
    19:43:56.0771 7052 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    19:43:56.0771 7052 Fs_Rec - ok
    19:43:56.0802 7052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    19:43:56.0802 7052 fvevol - ok
    19:43:56.0817 7052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    19:43:56.0817 7052 gagp30kx - ok
    19:43:56.0895 7052 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    19:43:56.0895 7052 GamesAppService - ok
    19:43:56.0958 7052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
    19:43:56.0973 7052 gpsvc - ok
    19:43:57.0051 7052 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:43:57.0051 7052 gupdate - ok
    19:43:57.0067 7052 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:43:57.0067 7052 gupdatem - ok
    19:43:57.0114 7052 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:43:57.0114 7052 gusvc - ok
    19:43:57.0145 7052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    19:43:57.0145 7052 hcw85cir - ok
    19:43:57.0192 7052 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    19:43:57.0192 7052 HdAudAddService - ok
    19:43:57.0223 7052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    19:43:57.0223 7052 HDAudBus - ok
    19:43:57.0254 7052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    19:43:57.0254 7052 HidBatt - ok
    19:43:57.0270 7052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
    19:43:57.0270 7052 HidBth - ok
    19:43:57.0301 7052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
    19:43:57.0301 7052 HidIr - ok
    19:43:57.0332 7052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
    19:43:57.0332 7052 hidserv - ok
    19:43:57.0395 7052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    19:43:57.0395 7052 HidUsb - ok
    19:43:57.0426 7052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
    19:43:57.0426 7052 hkmsvc - ok
    19:43:57.0457 7052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
    19:43:57.0457 7052 HomeGroupListener - ok
    19:43:57.0488 7052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    19:43:57.0504 7052 HomeGroupProvider - ok
    19:43:57.0535 7052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    19:43:57.0535 7052 HpSAMD - ok
    19:43:57.0582 7052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
    19:43:57.0597 7052 HTTP - ok
    19:43:57.0613 7052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    19:43:57.0613 7052 hwpolicy - ok
    19:43:57.0660 7052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    19:43:57.0660 7052 i8042prt - ok
    19:43:57.0707 7052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    19:43:57.0722 7052 iaStorV - ok
    19:43:57.0785 7052 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    19:43:57.0785 7052 IDriverT - ok
    19:43:57.0847 7052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:43:57.0863 7052 idsvc - ok
    19:43:57.0941 7052 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121027.001\IDSvia64.sys
    19:43:57.0941 7052 IDSVia64 - ok
    19:43:57.0987 7052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
    19:43:57.0987 7052 iirsp - ok
    19:43:58.0019 7052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
    19:43:58.0019 7052 IKEEXT - ok
    19:43:58.0034 7052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
    19:43:58.0034 7052 intelide - ok
    19:43:58.0081 7052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
    19:43:58.0081 7052 intelppm - ok
    19:43:58.0112 7052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
    19:43:58.0128 7052 IPBusEnum - ok
    19:43:58.0159 7052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    19:43:58.0159 7052 IpFilterDriver - ok
    19:43:58.0175 7052 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    19:43:58.0190 7052 iphlpsvc - ok
    19:43:58.0206 7052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    19:43:58.0206 7052 IPMIDRV - ok
    19:43:58.0221 7052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
    19:43:58.0221 7052 IPNAT - ok
    19:43:58.0268 7052 [ 2CFE2843F576561B3842ECBFF4A7F744 ] iPodService C:\Program Files (x86)\iPod\bin\iPodService.exe
    19:43:58.0268 7052 iPodService - ok
    19:43:58.0299 7052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
    19:43:58.0299 7052 IRENUM - ok
    19:43:58.0331 7052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
    19:43:58.0331 7052 isapnp - ok
    19:43:58.0346 7052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    19:43:58.0362 7052 iScsiPrt - ok
    19:43:58.0393 7052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    19:43:58.0393 7052 kbdclass - ok
    19:43:58.0424 7052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    19:43:58.0424 7052 kbdhid - ok
    19:43:58.0455 7052 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
    19:43:58.0471 7052 KeyIso - ok
    19:43:58.0502 7052 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    19:43:58.0502 7052 KSecDD - ok
    19:43:58.0518 7052 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    19:43:58.0518 7052 KSecPkg - ok
    19:43:58.0549 7052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    19:43:58.0549 7052 ksthunk - ok
    19:43:58.0580 7052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
    19:43:58.0596 7052 KtmRm - ok
    19:43:58.0627 7052 [ 045FB70BC993B691517CE309045FF02D ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    19:43:58.0627 7052 L1C - ok
    19:43:58.0674 7052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
    19:43:58.0674 7052 LanmanServer - ok
    19:43:58.0705 7052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    19:43:58.0721 7052 LanmanWorkstation - ok
    19:43:58.0752 7052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    19:43:58.0752 7052 lltdio - ok
    19:43:58.0799 7052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
    19:43:58.0799 7052 lltdsvc - ok
    19:43:58.0830 7052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
    19:43:58.0830 7052 lmhosts - ok
    19:43:58.0877 7052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    19:43:58.0877 7052 LSI_FC - ok
    19:43:58.0877 7052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    19:43:58.0892 7052 LSI_SAS - ok
    19:43:58.0908 7052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    19:43:58.0908 7052 LSI_SAS2 - ok
    19:43:58.0923 7052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    19:43:58.0923 7052 LSI_SCSI - ok
    19:43:58.0955 7052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
    19:43:58.0955 7052 luafv - ok
    19:43:59.0017 7052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    19:43:59.0017 7052 Mcx2Svc - ok
    19:43:59.0033 7052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
    19:43:59.0048 7052 megasas - ok
    19:43:59.0095 7052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    19:43:59.0111 7052 MegaSR - ok
    19:43:59.0142 7052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
    19:43:59.0142 7052 MMCSS - ok
    19:43:59.0173 7052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
    19:43:59.0173 7052 Modem - ok
    19:43:59.0204 7052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
    19:43:59.0204 7052 monitor - ok
    19:43:59.0235 7052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    19:43:59.0235 7052 mouclass - ok
    19:43:59.0267 7052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    19:43:59.0282 7052 mouhid - ok
    19:43:59.0298 7052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    19:43:59.0298 7052 mountmgr - ok
    19:43:59.0329 7052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
    19:43:59.0329 7052 mpio - ok
    19:43:59.0360 7052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    19:43:59.0360 7052 mpsdrv - ok
    19:43:59.0407 7052 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
    19:43:59.0407 7052 MpsSvc - ok
    19:43:59.0448 7052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    19:43:59.0448 7052 MRxDAV - ok
    19:43:59.0478 7052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    19:43:59.0478 7052 mrxsmb - ok
    19:43:59.0498 7052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    19:43:59.0498 7052 mrxsmb10 - ok
    19:43:59.0518 7052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    19:43:59.0518 7052 mrxsmb20 - ok
    19:43:59.0538 7052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
    19:43:59.0538 7052 msahci - ok
    19:43:59.0558 7052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
    19:43:59.0558 7052 msdsm - ok
    19:43:59.0598 7052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
    19:43:59.0598 7052 MSDTC - ok
    19:43:59.0618 7052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
    19:43:59.0618 7052 Msfs - ok
    19:43:59.0648 7052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    19:43:59.0658 7052 mshidkmdf - ok
    19:43:59.0678 7052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    19:43:59.0678 7052 msisadrv - ok
    19:43:59.0708 7052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    19:43:59.0708 7052 MSiSCSI - ok
    19:43:59.0718 7052 msiserver - ok
    19:43:59.0748 7052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    19:43:59.0748 7052 MSKSSRV - ok
    19:43:59.0778 7052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    19:43:59.0778 7052 MSPCLOCK - ok
    19:43:59.0798 7052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    19:43:59.0798 7052 MSPQM - ok
    19:43:59.0828 7052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    19:43:59.0838 7052 MsRPC - ok
    19:43:59.0858 7052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    19:43:59.0868 7052 mssmbios - ok
    19:43:59.0888 7052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    19:43:59.0888 7052 MSTEE - ok
    19:43:59.0908 7052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    19:43:59.0908 7052 MTConfig - ok
    19:43:59.0938 7052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
    19:43:59.0938 7052 Mup - ok
    19:44:00.0068 7052 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
    19:44:00.0068 7052 N360 - ok
    19:44:00.0108 7052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
    19:44:00.0118 7052 napagent - ok
    19:44:00.0168 7052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    19:44:00.0168 7052 NativeWifiP - ok
    19:44:00.0248 7052 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121027.007\ENG64.SYS
    19:44:00.0248 7052 NAVENG - ok
    19:44:00.0318 7052 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121027.007\EX64.SYS
    19:44:00.0358 7052 NAVEX15 - ok
    19:44:00.0428 7052 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
    19:44:00.0438 7052 NDIS - ok
    19:44:00.0468 7052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    19:44:00.0468 7052 NdisCap - ok
    19:44:00.0508 7052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    19:44:00.0508 7052 NdisTapi - ok
    19:44:00.0528 7052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    19:44:00.0528 7052 Ndisuio - ok
    19:44:00.0548 7052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    19:44:00.0548 7052 NdisWan - ok
    19:44:00.0578 7052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    19:44:00.0578 7052 NDProxy - ok
    19:44:00.0608 7052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    19:44:00.0608 7052 NetBIOS - ok
    19:44:00.0638 7052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    19:44:00.0648 7052 NetBT - ok
    19:44:00.0668 7052 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
    19:44:00.0668 7052 Netlogon - ok
    19:44:00.0708 7052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
    19:44:00.0718 7052 Netman - ok
    19:44:00.0738 7052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
    19:44:00.0748 7052 netprofm - ok
    19:44:00.0778 7052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:44:00.0778 7052 NetTcpPortSharing - ok
    19:44:00.0808 7052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    19:44:00.0808 7052 nfrd960 - ok
    19:44:00.0848 7052 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
    19:44:00.0858 7052 NlaSvc - ok
    19:44:00.0908 7052 Norton PC Checkup Application Launcher - ok
    19:44:00.0948 7052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
    19:44:00.0948 7052 Npfs - ok
    19:44:00.0968 7052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
    19:44:00.0978 7052 nsi - ok
    19:44:00.0988 7052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    19:44:00.0988 7052 nsiproxy - ok
    19:44:01.0078 7052 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    19:44:01.0098 7052 Ntfs - ok
    19:44:01.0138 7052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
    19:44:01.0138 7052 Null - ok
    19:44:01.0178 7052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
    19:44:01.0178 7052 nvraid - ok
    19:44:01.0208 7052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
    19:44:01.0208 7052 nvstor - ok
    19:44:01.0238 7052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    19:44:01.0238 7052 nv_agp - ok
    19:44:01.0268 7052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    19:44:01.0268 7052 ohci1394 - ok
    19:44:01.0348 7052 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:44:01.0348 7052 ose - ok
    19:44:01.0519 7052 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:44:01.0551 7052 osppsvc - ok
    19:44:01.0582 7052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    19:44:01.0582 7052 p2pimsvc - ok
    19:44:01.0613 7052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
    19:44:01.0613 7052 p2psvc - ok
    19:44:01.0644 7052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
    19:44:01.0644 7052 Parport - ok
    19:44:01.0660 7052 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
    19:44:01.0660 7052 partmgr - ok
    19:44:01.0691 7052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
    19:44:01.0707 7052 PcaSvc - ok
    19:44:01.0738 7052 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    19:44:01.0753 7052 PCCUJobMgr - ok
    19:44:01.0785 7052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
    19:44:01.0785 7052 pci - ok
    19:44:01.0816 7052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
    19:44:01.0816 7052 pciide - ok
    19:44:01.0831 7052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    19:44:01.0847 7052 pcmcia - ok
    19:44:01.0863 7052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
    19:44:01.0863 7052 pcw - ok
    19:44:01.0894 7052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
    19:44:01.0909 7052 PEAUTH - ok
    19:44:02.0003 7052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
    19:44:02.0003 7052 PerfHost - ok
    19:44:02.0050 7052 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    19:44:02.0050 7052 PGEffect - ok
    19:44:02.0128 7052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
    19:44:02.0143 7052 pla - ok
    19:44:02.0206 7052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    19:44:02.0221 7052 PlugPlay - ok
    19:44:02.0237 7052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    19:44:02.0253 7052 PNRPAutoReg - ok
    19:44:02.0284 7052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    19:44:02.0284 7052 PNRPsvc - ok
    19:44:02.0331 7052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    19:44:02.0331 7052 PolicyAgent - ok
    19:44:02.0393 7052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
    19:44:02.0393 7052 Power - ok
    19:44:02.0440 7052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    19:44:02.0455 7052 PptpMiniport - ok
    19:44:02.0471 7052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
    19:44:02.0471 7052 Processor - ok
    19:44:02.0502 7052 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
    19:44:02.0518 7052 ProfSvc - ok
    19:44:02.0533 7052 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
    19:44:02.0533 7052 ProtectedStorage - ok
    19:44:02.0565 7052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
    19:44:02.0565 7052 Psched - ok
    19:44:02.0580 7052 PTUMWBus - ok
    19:44:02.0596 7052 PTUMWCDF - ok
    19:44:02.0611 7052 PTUMWFLT - ok
    19:44:02.0611 7052 PTUMWMdm - ok
    19:44:02.0627 7052 PTUMWNET - ok
    19:44:02.0643 7052 PTUMWVsp - ok
    19:44:02.0689 7052 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
    19:44:02.0689 7052 QIOMem - ok
    19:44:02.0767 7052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    19:44:02.0783 7052 ql2300 - ok
    19:44:02.0814 7052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    19:44:02.0830 7052 ql40xx - ok
    19:44:02.0861 7052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
    19:44:02.0861 7052 QWAVE - ok
    19:44:02.0877 7052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    19:44:02.0877 7052 QWAVEdrv - ok
    19:44:02.0908 7052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    19:44:02.0908 7052 RasAcd - ok
    19:44:02.0939 7052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    19:44:02.0939 7052 RasAgileVpn - ok
    19:44:02.0986 7052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
    19:44:03.0001 7052 RasAuto - ok
    19:44:03.0017 7052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    19:44:03.0033 7052 Rasl2tp - ok
    19:44:03.0064 7052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
    19:44:03.0079 7052 RasMan - ok
    19:44:03.0095 7052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    19:44:03.0095 7052 RasPppoe - ok
    19:44:03.0126 7052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    19:44:03.0126 7052 RasSstp - ok
    19:44:03.0173 7052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    19:44:03.0173 7052 rdbss - ok
    19:44:03.0204 7052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    19:44:03.0204 7052 rdpbus - ok
    19:44:03.0235 7052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    19:44:03.0235 7052 RDPCDD - ok
    19:44:03.0251 7052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    19:44:03.0251 7052 RDPENCDD - ok
    19:44:03.0282 7052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    19:44:03.0282 7052 RDPREFMP - ok
    19:44:03.0313 7052 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    19:44:03.0329 7052 RDPWD - ok
    19:44:03.0360 7052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    19:44:03.0360 7052 rdyboost - ok
    19:44:03.0391 7052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
    19:44:03.0391 7052 RemoteAccess - ok
    19:44:03.0438 7052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
    19:44:03.0438 7052 RemoteRegistry - ok
    19:44:03.0454 7052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    19:44:03.0469 7052 RpcEptMapper - ok
    19:44:03.0485 7052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
    19:44:03.0485 7052 RpcLocator - ok
    19:44:03.0516 7052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
    19:44:03.0532 7052 RpcSs - ok
    19:44:03.0563 7052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    19:44:03.0579 7052 rspndr - ok
    19:44:03.0610 7052 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    19:44:03.0625 7052 RSUSBSTOR - ok
    19:44:03.0641 7052 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys
    19:44:03.0657 7052 RSUSBVSTOR - ok
    19:44:03.0672 7052 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
    19:44:03.0672 7052 SamSs - ok
    19:44:03.0703 7052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    19:44:03.0703 7052 sbp2port - ok
    19:44:03.0735 7052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
    19:44:03.0735 7052 SCardSvr - ok
    19:44:03.0766 7052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    19:44:03.0766 7052 scfilter - ok
    19:44:03.0828 7052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
    19:44:03.0844 7052 Schedule - ok
    19:44:03.0859 7052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
    19:44:03.0859 7052 SCPolicySvc - ok
    19:44:03.0891 7052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
    19:44:03.0891 7052 SDRSVC - ok
    19:44:03.0937 7052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
    19:44:03.0937 7052 secdrv - ok
    19:44:03.0953 7052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
    19:44:03.0969 7052 seclogon - ok
    19:44:03.0984 7052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
    19:44:03.0984 7052 SENS - ok
    19:44:04.0015 7052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
    19:44:04.0015 7052 SensrSvc - ok
    19:44:04.0031 7052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
    19:44:04.0031 7052 Serenum - ok
    19:44:04.0093 7052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
    19:44:04.0093 7052 Serial - ok
    19:44:04.0109 7052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
    19:44:04.0109 7052 sermouse - ok
    19:44:04.0156 7052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
    19:44:04.0156 7052 SessionEnv - ok
    19:44:04.0171 7052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    19:44:04.0171 7052 sffdisk - ok
    19:44:04.0187 7052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    19:44:04.0187 7052 sffp_mmc - ok
    19:44:04.0203 7052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    19:44:04.0203 7052 sffp_sd - ok
    19:44:04.0218 7052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    19:44:04.0218 7052 sfloppy - ok
    19:44:04.0249 7052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
    19:44:04.0249 7052 SharedAccess - ok
    19:44:04.0265 7052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
    19:44:04.0281 7052 ShellHWDetection - ok
    19:44:04.0312 7052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    19:44:04.0312 7052 SiSRaid2 - ok
    19:44:04.0327 7052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    19:44:04.0327 7052 SiSRaid4 - ok
    19:44:04.0468 7052 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    19:44:04.0499 7052 Skype C2C Service - ok
    19:44:04.0561 7052 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:44:04.0577 7052 SkypeUpdate - ok
    19:44:04.0624 7052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
    19:44:04.0624 7052 Smb - ok
    19:44:04.0686 7052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
    19:44:04.0686 7052 SNMPTRAP - ok
    19:44:04.0717 7052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
    19:44:04.0717 7052 spldr - ok
    19:44:04.0764 7052 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
    19:44:04.0780 7052 Spooler - ok
    19:44:04.0905 7052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
    19:44:04.0967 7052 sppsvc - ok
    19:44:04.0983 7052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
    19:44:04.0983 7052 sppuinotify - ok
    19:44:05.0076 7052 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
    19:44:05.0092 7052 SRTSP - ok
    19:44:05.0107 7052 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
    19:44:05.0107 7052 SRTSPX - ok
    19:44:05.0139 7052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
    19:44:05.0154 7052 srv - ok
    19:44:05.0185 7052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    19:44:05.0185 7052 srv2 - ok
    19:44:05.0217 7052 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
    19:44:05.0232 7052 SrvHsfHDA - ok
    19:44:05.0279 7052 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
    19:44:05.0310 7052 SrvHsfV92 - ok
    19:44:05.0341 7052 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
    19:44:05.0357 7052 SrvHsfWinac - ok
    19:44:05.0404 7052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    19:44:05.0404 7052 srvnet - ok
    19:44:05.0451 7052 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
    19:44:05.0466 7052 ssadbus - ok
    19:44:05.0482 7052 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
    19:44:05.0497 7052 ssadmdfl - ok
    19:44:05.0529 7052 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
    19:44:05.0544 7052 ssadmdm - ok
    19:44:05.0560 7052 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\windows\system32\DRIVERS\ssadserd.sys
    19:44:05.0560 7052 ssadserd - ok
    19:44:05.0591 7052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    19:44:05.0607 7052 SSDPSRV - ok
    19:44:05.0622 7052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
    19:44:05.0622 7052 SstpSvc - ok
    19:44:05.0669 7052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
    19:44:05.0669 7052 stexstor - ok
    19:44:05.0716 7052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
    19:44:05.0731 7052 stisvc - ok
    19:44:05.0747 7052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    19:44:05.0747 7052 swenum - ok
    19:44:05.0778 7052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
    19:44:05.0794 7052 swprv - ok
    19:44:05.0841 7052 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
    19:44:05.0841 7052 SymDS - ok
    19:44:05.0903 7052 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
    19:44:05.0919 7052 SymEFA - ok
    19:44:05.0965 7052 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
    19:44:05.0965 7052 SymEvent - ok
    19:44:06.0028 7052 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
    19:44:06.0028 7052 SymIRON - ok
    19:44:06.0059 7052 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
    19:44:06.0075 7052 SymNetS - ok
    19:44:06.0137 7052 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    19:44:06.0153 7052 SynTP - ok
    19:44:06.0231 7052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
    19:44:06.0262 7052 SysMain - ok
    19:44:06.0277 7052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
    19:44:06.0293 7052 TabletInputService - ok
    19:44:06.0309 7052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
    19:44:06.0324 7052 TapiSrv - ok
    19:44:06.0340 7052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
    19:44:06.0340 7052 TBS - ok
    19:44:06.0433 7052 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
    19:44:06.0465 7052 Tcpip - ok
    19:44:06.0543 7052 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    19:44:06.0558 7052 TCPIP6 - ok
    19:44:06.0589 7052 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    19:44:06.0589 7052 tcpipreg - ok
    19:44:06.0621 7052 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    19:44:06.0621 7052 tdcmdpst - ok
    19:44:06.0636 7052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    19:44:06.0636 7052 TDPIPE - ok
    19:44:06.0652 7052 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    19:44:06.0652 7052 TDTCP - ok
    19:44:06.0683 7052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    19:44:06.0683 7052 tdx - ok
    19:44:06.0699 7052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    19:44:06.0699 7052 TermDD - ok
    19:44:06.0745 7052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
    19:44:06.0761 7052 TermService - ok
    19:44:06.0761 7052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
    19:44:06.0761 7052 Themes - ok
    19:44:06.0792 7052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
    19:44:06.0792 7052 THREADORDER - ok
    19:44:06.0839 7052 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    19:44:06.0839 7052 TMachInfo - ok
    19:44:06.0870 7052 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    19:44:06.0870 7052 TODDSrv - ok
    19:44:06.0948 7052 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    19:44:06.0964 7052 TosCoSrv - ok
    19:44:07.0026 7052 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    19:44:07.0026 7052 TOSHIBA Bluetooth Service - ok
    19:44:07.0089 7052 [ 2ECC833EA37CECE0052D4D9ADC184177 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    19:44:07.0089 7052 TOSHIBA eco Utility Service - ok
    19:44:07.0135 7052 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    19:44:07.0135 7052 TOSHIBA HDD SSD Alert Service - ok
    19:44:07.0135 7052 Tosrfcom - ok
    19:44:07.0182 7052 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\windows\system32\DRIVERS\tosrfec.sys
    19:44:07.0182 7052 tosrfec - ok
    19:44:07.0213 7052 [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb C:\windows\system32\DRIVERS\tosrfusb.sys
    19:44:07.0213 7052 Tosrfusb - ok
    19:44:07.0276 7052 [ 9F8410CCC72B3470C96DA415BE0CF423 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    19:44:07.0276 7052 TPCHSrv - ok
    19:44:07.0307 7052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
    19:44:07.0323 7052 TrkWks - ok
    19:44:07.0369 7052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    19:44:07.0369 7052 TrustedInstaller - ok
    19:44:07.0401 7052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    19:44:07.0401 7052 tssecsrv - ok
    19:44:07.0432 7052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    19:44:07.0432 7052 TsUsbFlt - ok
    19:44:07.0463 7052 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    19:44:07.0463 7052 TsUsbGD - ok
    19:44:07.0494 7052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    19:44:07.0494 7052 tunnel - ok
    19:44:07.0541 7052 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    19:44:07.0541 7052 TVALZ - ok
    19:44:07.0572 7052 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    19:44:07.0572 7052 TVALZFL - ok
    19:44:07.0603 7052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    19:44:07.0619 7052 uagp35 - ok
    19:44:07.0635 7052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    19:44:07.0635 7052 udfs - ok
    19:44:07.0681 7052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
    19:44:07.0681 7052 UI0Detect - ok
    19:44:07.0728 7052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    19:44:07.0728 7052 uliagpkx - ok
    19:44:07.0759 7052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
    19:44:07.0759 7052 umbus - ok
    19:44:07.0775 7052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
    19:44:07.0791 7052 UmPass - ok
    19:44:07.0822 7052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
    19:44:07.0837 7052 upnphost - ok
    19:44:07.0869 7052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    19:44:07.0869 7052 usbccgp - ok
    19:44:07.0915 7052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
    19:44:07.0915 7052 usbcir - ok
    19:44:07.0947 7052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    19:44:07.0947 7052 usbehci - ok
    19:44:07.0993 7052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    19:44:07.0993 7052 usbhub - ok
    19:44:08.0025 7052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
    19:44:08.0025 7052 usbohci - ok
    19:44:08.0056 7052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    19:44:08.0056 7052 usbprint - ok
    19:44:08.0103 7052 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    19:44:08.0103 7052 usbscan - ok
    19:44:08.0134 7052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    19:44:08.0149 7052 USBSTOR - ok
    19:44:08.0181 7052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    19:44:08.0181 7052 usbuhci - ok
    19:44:08.0212 7052 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    19:44:08.0212 7052 usbvideo - ok
    19:44:08.0243 7052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
    19:44:08.0259 7052 UxSms - ok
    19:44:08.0274 7052 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
    19:44:08.0274 7052 VaultSvc - ok
    19:44:08.0305 7052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    19:44:08.0305 7052 vdrvroot - ok
    19:44:08.0337 7052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
    19:44:08.0337 7052 vds - ok
    19:44:08.0368 7052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    19:44:08.0368 7052 vga - ok
    19:44:08.0383 7052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
    19:44:08.0383 7052 VgaSave - ok
    19:44:08.0399 7052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    19:44:08.0415 7052 vhdmp - ok
    19:44:08.0430 7052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
    19:44:08.0430 7052 viaide - ok
    19:44:08.0477 7052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
    19:44:08.0477 7052 volmgr - ok
    19:44:08.0524 7052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    19:44:08.0539 7052 volmgrx - ok
    19:44:08.0571 7052 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
    19:44:08.0586 7052 volsnap - ok
    19:44:08.0617 7052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    19:44:08.0617 7052 vsmraid - ok
    19:44:08.0695 7052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
    19:44:08.0711 7052 VSS - ok
    19:44:08.0727 7052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    19:44:08.0727 7052 vwifibus - ok
    19:44:08.0773 7052 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    19:44:08.0773 7052 vwififlt - ok
    19:44:08.0805 7052 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    19:44:08.0805 7052 vwifimp - ok
    19:44:08.0851 7052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
    19:44:08.0851 7052 W32Time - ok
    19:44:08.0883 7052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
    19:44:08.0883 7052 WacomPen - ok
    19:44:08.0914 7052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    19:44:08.0929 7052 WANARP - ok
    19:44:08.0929 7052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    19:44:08.0929 7052 Wanarpv6 - ok
    19:44:09.0039 7052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    19:44:09.0054 7052 WatAdminSvc - ok
    19:44:09.0132 7052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
    19:44:09.0148 7052 wbengine - ok
    19:44:09.0163 7052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    19:44:09.0179 7052 WbioSrvc - ok
    19:44:09.0195 7052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
    19:44:09.0195 7052 wcncsvc - ok
    19:44:09.0210 7052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    19:44:09.0226 7052 WcsPlugInService - ok
    19:44:09.0241 7052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
    19:44:09.0257 7052 Wd - ok
    19:44:09.0288 7052 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    19:44:09.0304 7052 Wdf01000 - ok
    19:44:09.0335 7052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
    19:44:09.0335 7052 WdiServiceHost - ok
    19:44:09.0335 7052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
    19:44:09.0335 7052 WdiSystemHost - ok
    19:44:09.0366 7052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
    19:44:09.0366 7052 WebClient - ok
    19:44:09.0382 7052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
    19:44:09.0382 7052 Wecsvc - ok
    19:44:09.0413 7052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
    19:44:09.0413 7052 wercplsupport - ok
    19:44:09.0444 7052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
    19:44:09.0444 7052 WerSvc - ok
    19:44:09.0460 7052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    19:44:09.0475 7052 WfpLwf - ok
    19:44:09.0491 7052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
    19:44:09.0491 7052 WIMMount - ok
    19:44:09.0507 7052 WinDefend - ok
    19:44:09.0522 7052 WinHttpAutoProxySvc - ok
    19:44:09.0585 7052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    19:44:09.0585 7052 Winmgmt - ok
    19:44:09.0678 7052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
    19:44:09.0694 7052 WinRM - ok
    19:44:09.0756 7052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
    19:44:09.0772 7052 Wlansvc - ok
    19:44:09.0834 7052 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:44:09.0834 7052 wlcrasvc - ok
    19:44:09.0959 7052 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:44:09.0975 7052 wlidsvc - ok
    19:44:09.0990 7052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
    19:44:09.0990 7052 WmiAcpi - ok
    19:44:10.0021 7052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    19:44:10.0021 7052 wmiApSrv - ok
    19:44:10.0068 7052 WMPNetworkSvc - ok
    19:44:10.0084 7052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
    19:44:10.0084 7052 WPCSvc - ok
    19:44:10.0099 7052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    19:44:10.0099 7052 WPDBusEnum - ok
    19:44:10.0131 7052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    19:44:10.0131 7052 ws2ifsl - ok
    19:44:10.0146 7052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
    19:44:10.0146 7052 wscsvc - ok
    19:44:10.0146 7052 WSearch - ok
    19:44:10.0255 7052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
    19:44:10.0287 7052 wuauserv - ok
    19:44:10.0318 7052 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    19:44:10.0318 7052 WudfPf - ok
    19:44:10.0349 7052 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    19:44:10.0349 7052 WUDFRd - ok
    19:44:10.0396 7052 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    19:44:10.0396 7052 wudfsvc - ok
    19:44:10.0427 7052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
    19:44:10.0427 7052 WwanSvc - ok
    19:44:10.0521 7052 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:44:10.0536 7052 YahooAUService - ok
    19:44:10.0567 7052 ================ Scan global ===============================
    19:44:10.0583 7052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
    19:44:10.0630 7052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    19:44:10.0645 7052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
    19:44:10.0677 7052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
    19:44:10.0723 7052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
    19:44:10.0723 7052 [Global] - ok
    19:44:10.0723 7052 ================ Scan MBR ==================================
    19:44:10.0739 7052 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    19:44:11.0020 7052 \Device\Harddisk0\DR0 - ok
    19:44:11.0020 7052 ================ Scan VBR ==================================
    19:44:11.0035 7052 [ C7ACA93D8B16EBF80AEE907CEF93BE90 ] \Device\Harddisk0\DR0\Partition1
    19:44:11.0035 7052 \Device\Harddisk0\DR0\Partition1 - ok
    19:44:11.0035 7052 ============================================================
    19:44:11.0035 7052 Scan finished
    19:44:11.0035 7052 ============================================================
    19:44:11.0067 2572 Detected object count: 0
    19:44:11.0067 2572 Actual detected object count: 0
     
  18. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    I don't see the cd rom listed on the disk management screen. I'll attatch a screen snip. The device manager does show the cd rom and it does have a yellow exclamation point.
     

    Attached Files:

  19. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi cocmac11,

    OK, go to Device Manager again. Right-click the CD-ROM entry with the yellow exclamation point and choose Properties. Under the general tab, there's a section called "Device Status". Please tell me exactly what it says in that box. It should have an error listed in there.

    -etavares
     
  20. cocomac11

    cocomac11 Registered Members

    Joined:
    Sep 8, 2012
    Messages:
    22
    Location:
    Knoxville, TN
    Operating System:
    Windows 8
    Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
     

Share This Page