Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Zeroacces.B

Started by carusoconan , Jan 16 2012 03:15 PM

  • Please log in to reply

#1
carusoconan
Posted 16 January 2012 - 03:15 PM

carusoconan

    Member

  • Member
  • PipPip
  • 13 posts
I am running Norton Internet Security 2012. While reading an article on the New York Times website I began getting numerous messages/warnings related to the Win 7 Internet Security 2012 rogue program. I had a similar problem a month earlier and at that time was able to perform a system restore to an earlier date that seemed to solve that problem. I tried performing a system restore this time as well but was informed that the system restore was not successful. I was finally able to run a scan using Norton and it reported that it blocked or quarantined about 40 security risks, all of which it reported under the resolved security risks category. However, under the unresolved security risks category it indicated the presence of the Trojan.Zeroaccess.B virus and said it required manual removal. It also noted the infected file was located in c:\windows\system32\consrv.dll. I ran the scan again after booting into Windows safe mode and got the same results. I have tried running Norton Power Eraser and the Norton Bootable Recovery Tool but come up with the same result (i.e., the virus is still there and manual removal is required). At the moment the computer seems to operating normally. Thank you in advance for any assistance you can provide.


I downloaded and ran OTL. It produced two reports labeled OTL and Extras. The following is the OTL log:

OTL logfile created on: 1/16/2012 1:04:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 61.37% Memory free
15.96 Gb Paging File | 12.21 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.67 Gb Total Space | 836.64 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 229.81 Gb Free Space | 77.11% Space Free | Partition Type: FAT32
Drive E: | 630.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 364.96 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 22.82 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
Drive I: | 7.50 Gb Total Space | 7.44 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: VAIO | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 13:02:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2012/01/07 07:51:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/12/04 20:12:48 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/11/10 06:47:06 | 000,403,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/11/10 06:46:00 | 005,954,016 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/11/05 08:47:17 | 000,435,528 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2011/09/19 10:36:20 | 002,996,008 | ---- | M] (Centered Systems) -- C:\Program Files (x86)\Second Copy 8\SecCopy.exe
PRC - [2011/09/10 15:55:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/29 15:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/08/13 19:14:16 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/04/26 12:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/04/26 12:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/04/14 08:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe
PRC - [2011/03/25 14:41:14 | 000,139,264 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\fjscan32\FjtwMkup.exe
PRC - [2011/03/20 15:00:50 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/14 14:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 14:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/05 16:22:02 | 000,286,720 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/02/08 15:04:00 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
PRC - [2009/10/21 14:58:56 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FiWiaChecker.exe
PRC - [2009/09/16 19:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/10/24 12:20:04 | 000,705,024 | ---- | M] () -- C:\Windows\SysWOW64\TSSchBkpService.exe
PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/07 07:51:24 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/31 15:13:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011/12/31 15:13:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/11/13 12:43:17 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 18:52:28 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/10/14 08:21:10 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2011/10/14 08:21:03 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll
MOD - [2011/10/14 08:21:03 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
MOD - [2011/10/14 08:20:41 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
MOD - [2011/10/14 08:20:41 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
MOD - [2011/10/14 08:19:31 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/14 08:19:28 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2011/10/14 08:19:11 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/10/14 08:19:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/10/14 08:17:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 08:17:22 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/14 08:17:21 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d667bbe4bd8cd45c7cb1e6cc045fc603\System.Data.ni.dll
MOD - [2011/10/14 08:17:21 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/14 08:17:15 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 08:17:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 08:17:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 08:17:01 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011/10/14 08:17:01 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/14 08:17:00 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 08:16:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 08:16:52 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
MOD - [2011/10/14 08:16:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 08:16:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 08:16:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 08:16:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/20 15:00:34 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/02/14 17:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/27 12:25:02 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe -- (Peachtree SmartPosting 2012)
SRV - [2011/12/04 20:12:48 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/11/10 06:48:54 | 001,124,096 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/11/05 08:47:17 | 000,435,528 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/09/19 10:36:26 | 000,075,048 | ---- | M] (Centered Systems) [Auto | Running] -- C:\Program Files (x86)\Second Copy 8\ScVssService64.exe -- (ScVssService64)
SRV - [2011/09/10 15:55:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/13 19:14:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/04/26 12:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/20 15:00:50 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/14 14:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 14:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 12:20:04 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/10 10:50:05 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/09 19:05:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/04 20:12:50 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/04 20:12:45 | 001,285,216 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/12/04 20:12:43 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/04 20:12:40 | 000,211,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2011/12/04 20:12:39 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV:64bit: - [2011/12/04 20:12:38 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/12/04 20:12:37 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2011/09/26 17:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/08 16:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 19:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 19:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/26 00:30:21 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/25 19:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 19:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 19:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/13 20:35:22 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/30 00:12:04 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/12 19:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/12 13:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider)
DRV:64bit: - [2011/02/12 13:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR)
DRV:64bit: - [2011/02/10 03:33:26 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/02/10 00:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011/02/10 00:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2012/01/16 09:12:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\ex64.sys -- (NAVEX15)
DRV - [2012/01/16 09:12:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\eng64.sys -- (NAVENG)
DRV - [2012/01/10 09:05:37 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/10 09:05:37 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/09 16:53:28 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 19:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/06/15 23:56:28 | 000,008,704 | R--- | M] (Initio Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\InAspi32.sys -- (InAspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/m...rizona/home.cox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ww2.cox.com/m...izona/home.cox"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/10 16:33:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/10 16:33:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/12/09 19:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/16 08:52:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 07:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/18 15:08:06 | 000,000,000 | ---D | M]

[2011/09/16 18:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/12/10 10:11:42 | 000,002,470 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\ukm7lh98.default\searchplugins\safesearch.xml
[2011/09/16 18:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/16 08:52:17 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2011/12/09 19:28:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/01/07 07:51:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/05 14:39:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [“FjISIS WIA Service Checker] C:\Windows\PIXTRAN\fujitsu\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\fjscan32\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Second Copy] C:\Program Files (x86)\Second Copy 8\SecCopy.exe (Centered Systems)
O4 - HKCU..\Run: [Smad] "C:\Users\Bob\AppData\Local\SanctionedMedia\Smad\Smad.exe" File not found
O4 - HKCU..\Run: [TSTimer] C:\Program Files (x86)\Timeslips\TSTimer.exe (Sage Software SB, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02ED773F-21D8-4891-AD0F-9FC253DF9FC2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE682A3-EFE8-4FEF-99C6-352B4DC1D09F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/06 01:23:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/08/06 01:23:06 | 000,061,472 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/08/06 01:23:07 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 21:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/01/25 01:17:59 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c69eb960-dbfb-11e0-a173-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c69eb960-dbfb-11e0-a173-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/08/06 01:23:06 | 000,061,472 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 13:02:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/01/16 08:52:16 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/01/11 00:17:49 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/10 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Virus
[2012/01/10 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Norton Virus Problem
[2012/01/10 10:50:05 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/10 08:36:50 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\NPE
[2012/01/10 08:20:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/10 00:48:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\SanctionedMedia
[2012/01/09 10:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Timeslips
[2012/01/09 10:47:14 | 002,827,872 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDBAp32.dll
[2012/01/09 10:47:14 | 001,595,488 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDlgApi.dll
[2012/01/09 10:47:14 | 000,089,696 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDB0132.dll
[2012/01/08 20:01:23 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\PO Receipts
[2012/01/04 16:49:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\2011 Organizers
[2012/01/04 15:20:48 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Accounting Tools
[2012/01/04 15:14:14 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Sage
[2012/01/04 15:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peachtree Accounting 2012
[2012/01/04 15:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Aatrix Software
[2012/01/04 15:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sage
[2012/01/04 15:12:56 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2012/01/04 15:12:14 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
[2012/01/04 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIComponentsDotNet
[2012/01/04 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIGenerator
[2012/01/04 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIComponents
[2012/01/04 15:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012/01/04 15:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2012/01/04 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2012/01/04 15:06:49 | 000,000,000 | ---D | C] -- C:\Sage
[2012/01/04 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sage
[2012/01/04 15:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Peach
[2011/12/29 12:13:15 | 025,855,352 | ---- | C] (Stamps.com, Inc. ) -- C:\Users\Bob\Desktop\Stamps.com 9.0.exe
[2011/12/17 15:22:44 | 000,000,000 | ---D | C] -- C:\EOrganizer
[2011/10/22 17:25:39 | 000,212,992 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.ComctlLib.dll
[2011/10/22 17:25:39 | 000,114,688 | ---- | C] ( ) -- C:\Windows\SysWow64\AxInterop.ComctlLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 13:07:05 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 13:07:05 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 13:02:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/01/16 12:49:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000UA.job
[2012/01/16 08:56:27 | 000,821,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 08:56:27 | 000,688,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 08:56:27 | 000,133,918 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 08:52:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 08:51:54 | 2132,725,759 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/15 15:49:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000Core.job
[2012/01/14 09:43:04 | 000,129,195 | ---- | M] () -- C:\test.xml
[2012/01/13 11:38:19 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\2011 Lacerte Tax.LNK
[2012/01/11 13:26:21 | 003,384,159 | ---- | M] () -- C:\Users\Bob\Desktop\LPC 2011 Estimated K-1s.pdf
[2012/01/10 10:59:45 | 000,000,769 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\SMRBackup210.dat
[2012/01/10 10:50:05 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/10 10:30:03 | 000,445,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/10 10:27:14 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2012/01/10 10:25:38 | 000,005,709 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.nam
[2012/01/10 09:54:42 | 1399,290,021 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 08:38:55 | 000,006,998 | -HS- | M] () -- C:\Users\Bob\AppData\Local\767t3m7h5421
[2012/01/10 08:38:55 | 000,006,998 | -HS- | M] () -- C:\ProgramData\767t3m7h5421
[2012/01/09 19:15:03 | 000,000,091 | ---- | M] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2012/01/09 18:54:05 | 003,970,008 | ---- | M] () -- C:\Users\Bob\Desktop\LPC Holding - 2011-12-15 backup conversion to 2012 Peachtree.ptb
[2012/01/09 12:47:03 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\NEG2BDIC~7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0~
[2012/01/09 12:47:03 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\HIKPQ5UJ~7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0~
[2012/01/09 10:47:53 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Timeslips by Sage.lnk
[2012/01/09 10:47:31 | 000,000,078 | ---- | M] () -- C:\Windows\TSREMOTE.INI
[2012/01/06 17:27:03 | 002,602,771 | ---- | M] () -- C:\Users\Bob\Desktop\2012-01-06 #3.pdf
[2012/01/04 19:11:22 | 003,970,761 | ---- | M] () -- C:\Users\Bob\Desktop\LPC Holding Corporation-12_15_11 unadju-010412 (2009 Peachtree).ptb
[2012/01/04 15:19:26 | 000,063,158 | ---- | M] () -- C:\Windows\PeachWLog.XML
[2012/01/04 15:08:50 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/01/04 15:07:44 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/04 12:36:35 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\2010 Lacerte Tax.LNK
[2012/01/04 11:01:53 | 000,117,901 | ---- | M] () -- C:\Users\Bob\Desktop\Drywall.pdf
[2012/01/04 10:37:03 | 000,000,416 | ---- | M] () -- C:\Windows\TIMESLIP.INI
[2012/01/03 18:24:59 | 000,563,712 | ---- | M] () -- C:\Users\Bob\Desktop\Schmitt 2003AZ.pdf
[2012/01/02 16:30:22 | 000,133,069 | ---- | M] () -- C:\Users\Bob\Desktop\Start-Up Costs.pdf
[2011/12/31 15:12:49 | 000,813,716 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 12:13:15 | 025,855,352 | ---- | M] (Stamps.com, Inc. ) -- C:\Users\Bob\Desktop\Stamps.com 9.0.exe
[2011/12/17 16:08:20 | 000,006,337 | ---- | M] () -- C:\Users\Bob\Desktop\RB10121.od1
[2011/12/17 15:55:06 | 000,322,557 | ---- | M] () -- C:\Users\Bob\Desktop\EOrg2011.exe

========== Files Created - No Company Name ==========

[2012/01/11 13:18:02 | 003,384,159 | ---- | C] () -- C:\Users\Bob\Desktop\LPC 2011 Estimated K-1s.pdf
[2012/01/10 10:50:20 | 000,000,769 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\SMRBackup210.dat
[2012/01/10 10:25:38 | 000,005,709 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.nam
[2012/01/10 10:25:35 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2012/01/10 08:20:04 | 1399,290,021 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/10 00:48:57 | 000,006,998 | -HS- | C] () -- C:\Users\Bob\AppData\Local\767t3m7h5421
[2012/01/10 00:48:57 | 000,006,998 | -HS- | C] () -- C:\ProgramData\767t3m7h5421
[2012/01/09 19:15:03 | 000,000,091 | ---- | C] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2012/01/09 18:54:01 | 003,970,008 | ---- | C] () -- C:\Users\Bob\Desktop\LPC Holding - 2011-12-15 backup conversion to 2012 Peachtree.ptb
[2012/01/09 10:47:53 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Timeslips by Sage.lnk
[2012/01/06 23:08:51 | 003,970,761 | ---- | C] () -- C:\Users\Bob\Desktop\LPC Holding Corporation-12_15_11 unadju-010412 (2009 Peachtree).ptb
[2012/01/06 17:26:59 | 002,602,771 | ---- | C] () -- C:\Users\Bob\Desktop\2012-01-06 #3.pdf
[2012/01/04 15:08:50 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/04 15:07:24 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/04 15:01:57 | 000,063,158 | ---- | C] () -- C:\Windows\PeachWLog.XML
[2012/01/04 11:00:24 | 000,117,901 | ---- | C] () -- C:\Users\Bob\Desktop\Drywall.pdf
[2012/01/03 18:24:59 | 000,563,712 | ---- | C] () -- C:\Users\Bob\Desktop\Schmitt 2003AZ.pdf
[2012/01/02 16:12:10 | 000,133,069 | ---- | C] () -- C:\Users\Bob\Desktop\Start-Up Costs.pdf
[2011/12/17 16:08:20 | 000,006,337 | ---- | C] () -- C:\Users\Bob\Desktop\RB10121.od1
[2011/12/17 15:55:05 | 000,322,557 | ---- | C] () -- C:\Users\Bob\Desktop\EOrg2011.exe
[2011/12/09 17:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\C45Sl.com.b
[2011/12/09 17:40:08 | 000,000,112 | ---- | C] () -- C:\ProgramData\S6K34FU5.dat
[2011/12/09 17:28:39 | 000,005,896 | -HS- | C] () -- C:\Users\Bob\AppData\Local\nlxrgy8n4nqv0odc4cjr8n562o1a
[2011/12/09 17:28:39 | 000,005,896 | -HS- | C] () -- C:\ProgramData\nlxrgy8n4nqv0odc4cjr8n562o1a
[2011/11/08 17:36:11 | 000,000,416 | ---- | C] () -- C:\Windows\TIMESLIP.INI
[2011/11/03 19:35:32 | 000,000,114 | ---- | C] () -- C:\Windows\LTBUI06.INI
[2011/11/03 19:35:30 | 000,000,205 | ---- | C] () -- C:\Windows\WTAXSYNC.INI
[2011/11/03 19:30:56 | 000,003,693 | ---- | C] () -- C:\Windows\setups06.ini
[2011/11/03 19:29:37 | 000,000,262 | ---- | C] () -- C:\Windows\W06Tax.ini
[2011/11/03 19:17:10 | 000,002,874 | ---- | C] () -- C:\Windows\setups05.ini
[2011/11/03 19:05:47 | 000,000,205 | ---- | C] () -- C:\Windows\W05Tax.ini
[2011/11/03 18:39:43 | 000,000,047 | ---- | C] () -- C:\Windows\W04UPDAT.INI
[2011/11/03 18:39:42 | 000,000,045 | ---- | C] () -- C:\Windows\W04Tax.INI
[2011/11/03 18:09:35 | 000,000,045 | ---- | C] () -- C:\Windows\W03Tax.INI
[2011/11/03 18:09:34 | 000,000,047 | ---- | C] () -- C:\Windows\W03UPDAT.INI
[2011/11/03 18:04:36 | 000,002,893 | ---- | C] () -- C:\Windows\setups03.ini
[2011/11/03 17:44:53 | 000,000,029 | ---- | C] () -- C:\Windows\lacerte.ini
[2011/11/03 17:44:45 | 000,000,047 | ---- | C] () -- C:\Windows\W02UPDAT.INI
[2011/11/03 17:44:45 | 000,000,047 | ---- | C] () -- C:\Windows\W02Comgr.INI
[2011/11/03 17:44:44 | 000,000,419 | ---- | C] () -- C:\Windows\W02Tax.INI
[2011/11/03 17:40:29 | 000,002,628 | ---- | C] () -- C:\Windows\setups02.ini
[2011/10/26 16:00:42 | 000,000,078 | ---- | C] () -- C:\Windows\TSREMOTE.INI
[2011/10/26 16:00:39 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\tutil32.dll
[2011/10/26 15:59:14 | 000,705,024 | ---- | C] () -- C:\Windows\SysWow64\TSSchBkpService.exe
[2011/10/22 18:07:13 | 000,098,304 | R--- | C] () -- C:\Windows\SysWow64\fjstdp64.exe
[2011/10/22 18:07:13 | 000,001,850 | R--- | C] () -- C:\Windows\SysWow64\FJOEMINF.ini
[2011/10/22 18:07:13 | 000,001,026 | R--- | C] () -- C:\Windows\SysWow64\copyres.ini
[2011/10/22 17:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\setscan.ini
[2011/10/22 17:41:03 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\WnASPI32.dll
[2011/10/22 17:40:15 | 000,000,529 | ---- | C] () -- C:\Windows\kofax200.ini
[2011/10/22 17:25:39 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/10/22 17:25:39 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/10/22 17:25:39 | 000,000,353 | ---- | C] () -- C:\Windows\SysWow64\regasm.exe.config
[2011/10/22 16:54:21 | 000,000,712 | ---- | C] () -- C:\Windows\FJTWSTI.INI
[2011/10/12 15:14:49 | 000,000,017 | ---- | C] () -- C:\Users\Bob\AppData\Local\resmon.resmoncfg
[2011/10/04 12:15:19 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2011/09/10 16:22:54 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011/09/10 15:29:23 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/10 16:03:27 | 000,813,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/03/21 05:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2005/09/09 07:57:56 | 000,131,072 | R--- | C] () -- C:\Windows\SysWow64\fsipdcbw.dll
[2005/09/09 07:57:44 | 000,000,197 | ---- | C] () -- C:\Windows\SysWow64\FjDeskew.ini
[1999/02/05 17:29:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\Avaspi32.dll
[1997/10/31 02:54:44 | 000,060,928 | ---- | C] () -- C:\Windows\SysWow64\DiIQDBNT.dll
[1997/06/02 18:08:34 | 000,060,712 | ---- | C] () -- C:\Windows\SysWow64\BUICISIS.DLL
[1994/09/30 15:34:54 | 000,011,934 | ---- | C] () -- C:\Windows\SysWow64\PIXPNR.DLL
[1994/09/30 15:34:52 | 000,012,126 | ---- | C] () -- C:\Windows\SysWow64\PIXPCZ.DLL

========== LOP Check ==========

[2011/12/04 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Acronis
[2011/10/22 18:07:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\EMC
[2011/10/22 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Fujitsu
[2011/11/27 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GARMIN
[2011/12/09 18:05:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ISIS Drivers
[2011/10/22 18:40:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Kofax
[2011/12/08 11:39:59 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Lacerte
[2011/10/22 17:24:10 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2012/01/04 15:14:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Sage
[2011/10/04 12:16:16 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Stamps.com Internet Postage
[2011/11/11 15:47:37 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\webex
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/09 17:50:15 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/11/28 08:20:36 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





The following is the Extras log also produced when I ran the OTL scan:


OTL Extras logfile created on: 1/16/2012 1:04:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 4.90 Gb Available Physical Memory | 61.37% Memory free
15.96 Gb Paging File | 12.21 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.67 Gb Total Space | 836.64 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 229.81 Gb Free Space | 77.11% Space Free | Partition Type: FAT32
Drive E: | 630.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 364.96 Gb Free Space | 39.18% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 22.82 Gb Free Space | 30.62% Space Free | Partition Type: NTFS
Drive I: | 7.50 Gb Total Space | 7.44 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: VAIO | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.80
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.80
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.80
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F752405-EA36-4E8E-9644-0D8CB0387DA5}" = ArcSoft Family Paint
"{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8695CD-ED3F-4F22-9EFF-E710E0D98C2F}" = Error Recovery Guide for fi-5120C/fi-5220C
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2186F2E0-7023-453B-B604-0F13C72AFF37}" = Acronis True Image Home 2012
"{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible" = Acronis True Image Home 2012
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B07E034-8AC7-4960-83A2-98EC96750CD6}" = ISIS Driver Bundle Installer for fi-Series Scanners
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows V09L21
"{5A33AFE3-5E09-4A15-B772-4110FF8A572B}" = Kofax VRS Component Fujitsu fi-5120C
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6623AA80-69BE-4D39-852B-329DDE843FB5}" = Software Operation Panel
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.10
"{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}" = Intuit Runtime Components 6.0.16
"{6E68C42C-C3F7-4BF1-B971-B91782DDA434}" = Timeslips by Sage 2008
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{7FEE267E-003F-43B0-95D2-534D4213D4BA}" = Lacerte Runtime Components
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6564CE-1738-417C-8178-BBB7651D972B}" = Garmin Training Center
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}" = ScandAll 21
"{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}" = Peachtree Accounting 2012
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}" = Peachtree Signature Ready Forms
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D5E1BC1D-5955-44D2-A5F2-6BFCA659DDA1}" = Kofax TWAIN Data Source
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE27B805-6833-4B20-9B62-D3EF2660791A}" = ArcSoft WebCam Message Board
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LACERTEDB)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F5248E24-F52C-4FD1-B76F-102460BAFD6B}" = VAIO Help and Support
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"{FB8B748E-848E-41B9-B4B1-F5E6D3C118F7}" = Document eSort Components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2002 Lacerte Tax" = 2002 Lacerte Tax
"2003 Lacerte Tax" = 2003 Lacerte Tax
"2004 Lacerte Tax" = 2004 Lacerte Tax
"2005 Lacerte Tax" = 2005 Lacerte Tax
"2006 Lacerte Tax" = 2006 Lacerte Tax
"2007 Lacerte Tax" = 2007 Lacerte Tax
"2008 Lacerte Tax" = 2008 Lacerte Tax
"2009 Lacerte Tax" = 2009 Lacerte Tax
"2010 Lacerte Tax" = 2010 Lacerte Tax
"2011 Lacerte Tax" = 2011 Lacerte Tax
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Application Manager for VAIO" = Application Manager for VAIO
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}" = Peachtree Accounting 2012
"Integration Services" = Sage Integration Services
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pervasive PSQL v10 SP2 Workgroup (32-bit)" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"PremElem90" = Adobe Premiere Elements 9
"Second Copy 8_is1" = Second Copy 8
"Software Operation Panel" = Software Operation Panel
"splashtop" = VAIO Quick Web Access
"Stamps.com" = Stamps.com
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"GoToMeeting" = GoToMeeting 4.8.0.723
"Smad" = SanctionedMedia

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 16 January 2012 - 04:32 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
Norton missed a lot of stuff. Everything from the first line under :OTL to the first O32 entry is malware. I expect we will also find a bad partition too.

Copy the text in the code box by highlighting and Ctrl + c 

:processes
killallprocesses

:OTL
[2012/01/10 00:48:57 | 000,006,998 | -HS- | C] () -- C:\Users\Bob\AppData\Local\767t3m7h5421
[2012/01/10 00:48:57 | 000,006,998 | -HS- | C] () -- C:\ProgramData\767t3m7h5421
[2011/12/09 17:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\C45Sl.com.b
[2011/12/09 17:40:08 | 000,000,112 | ---- | C] () -- C:\ProgramData\S6K34FU5.dat
[2011/12/09 17:28:39 | 000,005,896 | -HS- | C] () -- C:\Users\Bob\AppData\Local\nlxrgy8n4nqv0odc4cjr8n562o1a
[2011/12/09 17:28:39 | 000,005,896 | -HS- | C] () -- C:\ProgramData\nlxrgy8n4nqv0odc4cjr8n562o1a
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/09 17:50:15 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/09 17:50:15 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
O32 - AutoRun File - [2011/08/06 01:23:09 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/08/06 01:23:06 | 000,061,472 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/08/06 01:23:07 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 21:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c69eb960-dbfb-11e0-a173-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c69eb960-dbfb-11e0-a173-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2011/08/06 01:23:06 | 000,061,472 | R--- | M] ()

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Windows\Tasks\At*.job
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.


ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.




Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
carusoconan
Posted 16 January 2012 - 06:06 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
As I was getting ready to run ComboFix I got a dialogue box that said there is a newer version of ComboFix available and it asks whether I would like to update ComboFix? Should I answer "yes" or "no"
  • 0

#4
RKinner
Posted 16 January 2012 - 07:16 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
Yes we want the latest version
  • 0

#5
carusoconan
Posted 17 January 2012 - 12:46 AM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Once again, thank you for your assistance. Please note that Norton was turned off both while all tools were downloaded and when they were run. Per your request, I have run the various tools and the following logs are attached: ComboFix log, TDSSKiller log (first run), TDSSKiller log (second run), log from aswMBR.exe scan, log from Malwarebyes scan, and two logs from OTL. I have left eight blank lines of space between each of the log copies.





The following is the file produced from the ComboFix run:

ComboFix 12-01-16.02 - Bob 01/16/2012 17:27:20.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8173.5973 [GMT -7:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bob\AppData\Local\assembly\tmp
c:\users\Bob\g2mdlhlpx.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\dasetup.log
c:\windows\system32\java.exe
F:\install.exe
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))
.
.
2012-01-17 00:33 . 2012-01-17 00:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-16 23:18 . 2012-01-16 23:18 -------- d-----w- C:\_OTL
2012-01-11 14:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:24 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:24 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:24 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:24 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 14:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:17 . 2012-01-11 07:17 -------- d-----w- C:\NBRT
2012-01-10 17:50 . 2012-01-10 17:50 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-10 17:25 . 2012-01-10 17:25 3956064 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-01-10 15:36 . 2012-01-11 06:09 -------- d-----w- c:\users\Bob\AppData\Local\NPE
2012-01-10 07:48 . 2012-01-10 07:48 -------- d-----w- c:\users\Bob\AppData\Local\SanctionedMedia
2012-01-09 17:47 . 2007-10-24 19:29 1595488 ----a-w- c:\windows\SysWow64\TSDlgApi.dll
2012-01-09 17:47 . 2007-10-24 19:29 2827872 ----a-w- c:\windows\SysWow64\TSDBAp32.dll
2012-01-09 17:47 . 2007-10-24 19:29 89696 ----a-w- c:\windows\SysWow64\TSDB0132.dll
2012-01-09 17:47 . 2007-10-24 19:19 520760 ----a-w- c:\windows\SysWow64\Cfx32.ocx
2012-01-07 14:51 . 2012-01-07 14:51 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 14:51 . 2012-01-07 14:51 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 14:51 . 2012-01-07 14:51 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 14:51 . 2012-01-07 14:51 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 22:14 . 2012-01-04 22:14 -------- d-----w- c:\users\Bob\AppData\Roaming\Sage
2012-01-04 22:13 . 2012-01-04 22:13 -------- d-----w- c:\programdata\Aatrix Software
2012-01-04 22:12 . 2012-01-04 22:12 -------- d-----w- c:\programdata\Sage
2012-01-04 22:12 . 2011-10-25 13:52 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll
2012-01-04 22:12 . 2012-01-04 22:12 -------- d-----w- c:\windows\Crystal
2012-01-04 22:11 . 2012-01-04 22:11 -------- d-----w- c:\program files (x86)\Common Files\BIGenerator
2012-01-04 22:11 . 2012-01-04 22:11 -------- d-----w- c:\program files (x86)\Common Files\BIComponents
2012-01-04 22:10 . 2012-01-04 22:10 -------- d-----w- c:\program files (x86)\Business Objects
2012-01-04 22:08 . 2012-01-04 22:08 -------- d-----w- c:\programdata\Pervasive Software
2012-01-04 22:08 . 2012-01-04 22:08 -------- d-----w- c:\program files (x86)\Pervasive Software
2012-01-04 22:06 . 2012-01-04 22:06 -------- d-----w- C:\Sage
2012-01-04 22:06 . 2012-01-04 22:09 -------- d-----w- c:\program files (x86)\Sage
2012-01-04 22:03 . 2012-01-04 22:13 -------- d-----w- c:\program files (x86)\Common Files\Peach
2012-01-04 22:01 . 2001-01-01 07:00 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-01-04 22:01 . 2001-01-01 07:00 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-01-04 22:01 . 2001-01-01 07:00 1156600 ----a-w- c:\windows\SysWow64\MFC90.dll
2011-12-18 21:59 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\MP0GL00K~AdobePDFUI.dll~
2011-12-18 21:59 . 2009-08-20 06:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 22:31 . 2011-10-26 23:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 02:05 . 2011-12-10 02:05 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-05 22:24 . 2011-12-05 22:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 03:12 . 2011-12-05 03:12 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-05 03:12 . 2011-12-05 03:12 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-05 03:12 . 2011-12-05 03:12 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-05 03:12 . 2011-12-05 03:12 211040 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-05 03:12 . 2011-12-05 03:12 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2011-12-05 03:12 . 2011-12-05 03:12 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-05 03:12 . 2011-12-05 03:12 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-11-30 09:21 . 2011-12-10 01:10 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C90E30C-BE3C-4D4E-8AB7-123DCA0BCA14}\mpengine.dll
2011-11-24 04:52 . 2011-12-13 19:19 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-11-21 03:27 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-13 19:43 . 2011-09-24 02:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-13 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 19:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-04 01:16 . 2011-11-04 01:16 20480 ----a-w- c:\windows\SysWow64\cliconfg.728
2011-11-03 22:47 . 2011-12-14 09:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 23:43 . 2011-10-26 23:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-26 23:43 . 2011-10-26 23:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-26 23:43 . 2011-10-26 23:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 05:21 . 2011-12-13 19:19 43520 ----a-w- c:\windows\system32\M5AMRDR8~csrsrv.dll~
2011-10-26 05:21 . 2011-12-13 19:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:53 . 2011-10-25 13:53 94208 ----a-w- c:\windows\SysWow64\ZLibCom.dll
2011-10-25 13:53 . 2011-10-25 13:53 73728 ----a-w- c:\windows\SysWow64\psProxy.dll
2011-10-25 13:53 . 2011-10-25 13:53 630784 ----a-w- c:\windows\SysWow64\PAWSAX.dll
2011-10-25 13:53 . 2011-10-25 13:53 57328 ----a-w- c:\windows\SysWow64\OLE2CONV.DLL
2011-10-25 13:53 . 2011-10-25 13:53 5472 ----a-w- c:\windows\SysWow64\STDOLE.TLB
2011-10-25 13:53 . 2011-10-25 13:53 536048 ----a-w- c:\windows\SysWow64\OC25.DLL
2011-10-25 13:53 . 2011-10-25 13:53 51712 ----a-w- c:\windows\SysWow64\OLE2PROX.DLL
2011-10-25 13:53 . 2011-10-25 13:53 42688 ----a-w- c:\windows\SysWow64\IDLE.DLL
2011-10-25 13:53 . 2011-10-25 13:53 380928 ----a-w- c:\windows\SysWow64\pSOAP32.dll
2011-10-25 13:53 . 2011-10-25 13:53 28113 ----a-w- c:\windows\SysWow64\OLE2.REG
2011-10-25 13:53 . 2011-10-25 13:53 26112 ----a-w- c:\windows\SysWow64\Wavemix.dll
2011-10-25 13:53 . 2011-10-25 13:53 188416 ----a-w- c:\windows\SysWow64\pocketHTTP.dll
2011-10-25 13:53 . 2011-10-25 13:53 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-25 13:53 . 2011-10-25 13:53 167424 ----a-w- c:\windows\SysWow64\MSPDB50.DLL
2011-10-25 13:53 . 2011-10-25 13:53 167424 ----a-w- c:\windows\SysWow64\Awrtl30.dll
2011-10-25 13:53 . 2011-10-25 13:53 12976 ----a-w- c:\windows\SysWow64\SCP.DLL
2011-10-25 13:53 . 2011-10-25 13:53 111616 ----a-w- c:\windows\SysWow64\Ltih30tb.dll
2011-10-25 13:53 . 2011-10-25 13:53 111544 ----a-w- c:\windows\SysWow64\MSCAL.OCX
2011-10-25 13:53 . 2011-10-25 13:53 110676 ----a-w- c:\windows\SysWow64\psDime.dll
2011-10-23 01:00 . 2011-10-23 01:00 77824 ----a-w- c:\windows\SysWow64\KCL310.dll
2011-10-23 01:00 . 2011-10-23 01:00 16384 ----a-w- c:\windows\SysWow64\KDB310.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy"="c:\program files (x86)\Second Copy 8\SecCopy.exe" [2011-09-19 2996008]
"ANT Agent"="c:\program files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe" [2011-04-14 12036968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2007-10-24 2403936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2010-02-08 143360]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2011-03-25 139264]
"FTPWRENV"="c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe" [2007-10-17 45056]
"FiWIA Service Checker"="c:\windows\Twain_32\Fjscan32\FiWiaChecker.exe" [2009-10-21 86016]
"“FjISIS WIA Service Checker"="c:\windows\pixtran\fujitsu\FiWiaChecker.exe" [2009-10-21 86016]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-11-10 5954016]
"PeachtreePrefetcher.exe"="c:\program files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe" [2011-12-27 30024]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Error Recovery Guide.lnk - c:\windows\twain_32\fjscan32\ERG\FTErGuid.exe [2011-1-5 286720]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-10-20 303456]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Service Manager.norun [2011-11-3 2221]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe [2007-10-24 705024]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [2002-12-18 7520337]
R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files (x86)\Sage\Peachtree\SmartPostingService2012.exe [2011-12-27 43848]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [2002-12-18 311872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120113.002\IDSvia64.sys [2011-12-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-05 3450832]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-30 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-30 91296]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2011-07-20 36864]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2011-11-05 435528]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 ScVssService64;Second Copy VSS Service x64;c:\program files (x86)\Second Copy 8\ScVssService64.exe [2011-09-19 75048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 378472]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-10 138360]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\DRIVERS\NWLowRider.sys [x]
S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\DRIVERS\NWWakeFilterLR.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 22:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 22:44]
.
2012-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 22:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-30 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-30 657568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-11-10 403096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\ukm7lh98.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Smad - c:\users\Bob\AppData\Local\SanctionedMedia\Smad\Smad.exe
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-16 17:34:47
ComboFix-quarantined-files.txt 2012-01-17 00:34
.
Pre-Run: 898,543,222,784 bytes free
Post-Run: 898,498,867,200 bytes free
.
- - End Of File - - 1BDCE93EDBEAA240AD3E45879CC31F38








The following is the file from the first run of TDSSKiller:

18:04:23.0139 7744 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
18:04:23.0576 7744 ============================================================
18:04:23.0576 7744 Current date / time: 2012/01/16 18:04:23.0576
18:04:23.0592 7744 SystemInfo:
18:04:23.0592 7744
18:04:23.0592 7744 OS Version: 6.1.7601 ServicePack: 1.0
18:04:23.0592 7744 Product type: Workstation
18:04:23.0592 7744 ComputerName: VAIO
18:04:23.0592 7744 UserName: Bob
18:04:23.0592 7744 Windows directory: C:\Windows
18:04:23.0592 7744 System windows directory: C:\Windows
18:04:23.0592 7744 Running under WOW64
18:04:23.0592 7744 Processor architecture: Intel x64
18:04:23.0592 7744 Number of processors: 8
18:04:23.0592 7744 Page size: 0x1000
18:04:23.0592 7744 Boot type: Normal boot
18:04:23.0592 7744 ============================================================
18:04:23.0919 7744 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
18:04:23.0935 7744 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:27.0897 7744 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:31.0392 7744 Drive \Device\Harddisk3\DR3 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:31.0751 7744 Drive \Device\Harddisk4\DR4 - Size: 0x1E0C00000, SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:04:31.0875 7744 Initialize success
18:04:55.0322 2248 ============================================================
18:04:55.0322 2248 Scan started
18:04:55.0322 2248 Mode: Manual;
18:04:55.0322 2248 ============================================================
18:04:55.0806 2248 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:04:55.0806 2248 1394ohci - ok
18:04:55.0884 2248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:04:55.0884 2248 ACPI - ok
18:04:55.0915 2248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:04:55.0915 2248 AcpiPmi - ok
18:04:56.0009 2248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:04:56.0024 2248 adp94xx - ok
18:04:56.0071 2248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:04:56.0071 2248 adpahci - ok
18:04:56.0133 2248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:04:56.0133 2248 adpu320 - ok
18:04:56.0180 2248 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
18:04:56.0196 2248 afcdp - ok
18:04:56.0243 2248 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:04:56.0243 2248 AFD - ok
18:04:56.0289 2248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:04:56.0289 2248 agp440 - ok
18:04:56.0336 2248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:04:56.0352 2248 aliide - ok
18:04:56.0383 2248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:04:56.0383 2248 amdide - ok
18:04:56.0430 2248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:04:56.0430 2248 AmdK8 - ok
18:04:56.0461 2248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:04:56.0461 2248 AmdPPM - ok
18:04:56.0492 2248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:04:56.0492 2248 amdsata - ok
18:04:56.0523 2248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:04:56.0523 2248 amdsbs - ok
18:04:56.0570 2248 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:04:56.0570 2248 amdxata - ok
18:04:56.0601 2248 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:04:56.0601 2248 AppID - ok
18:04:56.0648 2248 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:04:56.0648 2248 arc - ok
18:04:56.0679 2248 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:04:56.0679 2248 arcsas - ok
18:04:56.0726 2248 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:04:56.0726 2248 ArcSoftKsUFilter - ok
18:04:56.0789 2248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:04:56.0789 2248 AsyncMac - ok
18:04:56.0835 2248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:04:56.0835 2248 atapi - ok
18:04:56.0867 2248 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
18:04:56.0867 2248 AthBTPort - ok
18:04:56.0960 2248 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
18:04:56.0976 2248 athr - ok
18:04:57.0023 2248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:04:57.0038 2248 b06bdrv - ok
18:04:57.0085 2248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:04:57.0085 2248 b57nd60a - ok
18:04:57.0132 2248 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:04:57.0132 2248 Beep - ok
18:04:57.0288 2248 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
18:04:57.0303 2248 BHDrvx64 - ok
18:04:57.0335 2248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:04:57.0335 2248 blbdrive - ok
18:04:57.0366 2248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:04:57.0366 2248 bowser - ok
18:04:57.0397 2248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:04:57.0397 2248 BrFiltLo - ok
18:04:57.0444 2248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:04:57.0444 2248 BrFiltUp - ok
18:04:57.0506 2248 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:04:57.0522 2248 BridgeMP - ok
18:04:57.0569 2248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:04:57.0584 2248 Brserid - ok
18:04:57.0615 2248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:04:57.0615 2248 BrSerWdm - ok
18:04:57.0647 2248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:04:57.0647 2248 BrUsbMdm - ok
18:04:57.0678 2248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:04:57.0678 2248 BrUsbSer - ok
18:04:57.0725 2248 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
18:04:57.0725 2248 BTATH_A2DP - ok
18:04:57.0756 2248 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
18:04:57.0771 2248 btath_avdt - ok
18:04:57.0803 2248 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys
18:04:57.0803 2248 BTATH_BUS - ok
18:04:57.0849 2248 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:04:57.0849 2248 BTATH_HCRP - ok
18:04:57.0881 2248 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:04:57.0881 2248 BTATH_LWFLT - ok
18:04:57.0927 2248 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys
18:04:57.0927 2248 BTATH_RCP - ok
18:04:57.0990 2248 BtFilter (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
18:04:57.0990 2248 BtFilter - ok
18:04:58.0021 2248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:04:58.0037 2248 BthEnum - ok
18:04:58.0083 2248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:04:58.0083 2248 BTHMODEM - ok
18:04:58.0115 2248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:04:58.0115 2248 BthPan - ok
18:04:58.0161 2248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:04:58.0177 2248 BTHPORT - ok
18:04:58.0208 2248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:04:58.0208 2248 BTHUSB - ok
18:04:58.0239 2248 catchme - ok
18:04:58.0349 2248 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys
18:04:58.0349 2248 ccSet_NIS - ok
18:04:58.0395 2248 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:04:58.0395 2248 cdfs - ok
18:04:58.0442 2248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:04:58.0442 2248 cdrom - ok
18:04:58.0489 2248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:04:58.0489 2248 circlass - ok
18:04:58.0536 2248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:04:58.0551 2248 CLFS - ok
18:04:58.0598 2248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:04:58.0598 2248 CmBatt - ok
18:04:58.0629 2248 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:04:58.0645 2248 cmdide - ok
18:04:58.0692 2248 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:04:58.0692 2248 CNG - ok
18:04:58.0723 2248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:04:58.0723 2248 Compbatt - ok
18:04:58.0754 2248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:04:58.0754 2248 CompositeBus - ok
18:04:58.0785 2248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:04:58.0801 2248 crcdisk - ok
18:04:58.0832 2248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:04:58.0848 2248 CSC - ok
18:04:58.0910 2248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:04:58.0910 2248 DfsC - ok
18:04:58.0941 2248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:04:58.0941 2248 discache - ok
18:04:58.0973 2248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:04:58.0973 2248 Disk - ok
18:04:59.0004 2248 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:04:59.0019 2248 dmvsc - ok
18:04:59.0066 2248 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:04:59.0066 2248 drmkaud - ok
18:04:59.0129 2248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:04:59.0144 2248 DXGKrnl - ok
18:04:59.0191 2248 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:04:59.0207 2248 e1yexpress - ok
18:04:59.0300 2248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:04:59.0331 2248 ebdrv - ok
18:04:59.0409 2248 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:04:59.0425 2248 eeCtrl - ok
18:04:59.0487 2248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:04:59.0487 2248 elxstor - ok
18:04:59.0550 2248 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:04:59.0550 2248 EraserUtilRebootDrv - ok
18:04:59.0581 2248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:04:59.0597 2248 ErrDev - ok
18:04:59.0643 2248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:04:59.0643 2248 exfat - ok
18:04:59.0690 2248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:04:59.0690 2248 fastfat - ok
18:04:59.0721 2248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:04:59.0721 2248 fdc - ok
18:04:59.0753 2248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:04:59.0768 2248 FileInfo - ok
18:04:59.0799 2248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:04:59.0799 2248 Filetrace - ok
18:04:59.0846 2248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:04:59.0846 2248 flpydisk - ok
18:04:59.0893 2248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:04:59.0893 2248 FltMgr - ok
18:04:59.0971 2248 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
18:04:59.0971 2248 fltsrv - ok
18:05:00.0033 2248 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:05:00.0033 2248 FsDepends - ok
18:05:00.0065 2248 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:05:00.0065 2248 Fs_Rec - ok
18:05:00.0111 2248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:05:00.0111 2248 fvevol - ok
18:05:00.0143 2248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:05:00.0158 2248 gagp30kx - ok
18:05:00.0189 2248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:05:00.0189 2248 hcw85cir - ok
18:05:00.0236 2248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:05:00.0236 2248 HdAudAddService - ok
18:05:00.0283 2248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:05:00.0283 2248 HDAudBus - ok
18:05:00.0330 2248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:05:00.0330 2248 HidBatt - ok
18:05:00.0361 2248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:05:00.0361 2248 HidBth - ok
18:05:00.0408 2248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:05:00.0408 2248 HidIr - ok
18:05:00.0455 2248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:05:00.0455 2248 HidUsb - ok
18:05:00.0486 2248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:05:00.0486 2248 HpSAMD - ok
18:05:00.0533 2248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:05:00.0548 2248 HTTP - ok
18:05:00.0579 2248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:05:00.0579 2248 hwpolicy - ok
18:05:00.0626 2248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:05:00.0626 2248 i8042prt - ok
18:05:00.0673 2248 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
18:05:00.0673 2248 iaStor - ok
18:05:00.0720 2248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:05:00.0720 2248 iaStorV - ok
18:05:00.0860 2248 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120113.002\IDSvia64.sys
18:05:00.0876 2248 IDSVia64 - ok
18:05:00.0923 2248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:05:00.0923 2248 iirsp - ok
18:05:00.0969 2248 InAspi32 - ok
18:05:01.0079 2248 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
18:05:01.0094 2248 IntcAzAudAddService - ok
18:05:01.0125 2248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:05:01.0125 2248 intelide - ok
18:05:01.0157 2248 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:05:01.0157 2248 intelppm - ok
18:05:01.0203 2248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:05:01.0219 2248 IpFilterDriver - ok
18:05:01.0250 2248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:05:01.0250 2248 IPMIDRV - ok
18:05:01.0281 2248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:05:01.0281 2248 IPNAT - ok
18:05:01.0328 2248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:05:01.0328 2248 IRENUM - ok
18:05:01.0344 2248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:05:01.0344 2248 isapnp - ok
18:05:01.0391 2248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:05:01.0406 2248 iScsiPrt - ok
18:05:01.0437 2248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:05:01.0437 2248 kbdclass - ok
18:05:01.0484 2248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:05:01.0484 2248 kbdhid - ok
18:05:01.0531 2248 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:05:01.0531 2248 KSecDD - ok
18:05:01.0562 2248 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:05:01.0562 2248 KSecPkg - ok
18:05:01.0593 2248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:05:01.0593 2248 ksthunk - ok
18:05:01.0656 2248 libusb0 (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
18:05:01.0656 2248 libusb0 - ok
18:05:01.0718 2248 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:05:01.0718 2248 lltdio - ok
18:05:01.0781 2248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:05:01.0781 2248 LSI_FC - ok
18:05:01.0812 2248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:05:01.0812 2248 LSI_SAS - ok
18:05:01.0827 2248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:05:01.0843 2248 LSI_SAS2 - ok
18:05:01.0874 2248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:05:01.0874 2248 LSI_SCSI - ok
18:05:01.0921 2248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:05:01.0921 2248 luafv - ok
18:05:01.0952 2248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:05:01.0968 2248 megasas - ok
18:05:01.0999 2248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:05:02.0015 2248 MegaSR - ok
18:05:02.0061 2248 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:05:02.0061 2248 MEIx64 - ok
18:05:02.0093 2248 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:05:02.0093 2248 Modem - ok
18:05:02.0155 2248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:05:02.0155 2248 monitor - ok
18:05:02.0202 2248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:05:02.0202 2248 mouclass - ok
18:05:02.0233 2248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:05:02.0233 2248 mouhid - ok
18:05:02.0264 2248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:05:02.0264 2248 mountmgr - ok
18:05:02.0295 2248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:05:02.0295 2248 mpio - ok
18:05:02.0327 2248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:05:02.0327 2248 mpsdrv - ok
18:05:02.0358 2248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:05:02.0358 2248 MRxDAV - ok
18:05:02.0389 2248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:05:02.0389 2248 mrxsmb - ok
18:05:02.0420 2248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:05:02.0420 2248 mrxsmb10 - ok
18:05:02.0451 2248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:05:02.0451 2248 mrxsmb20 - ok
18:05:02.0498 2248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:05:02.0498 2248 msahci - ok
18:05:02.0514 2248 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:05:02.0514 2248 msdsm - ok
18:05:02.0561 2248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:05:02.0576 2248 Msfs - ok
18:05:02.0607 2248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:05:02.0607 2248 mshidkmdf - ok
18:05:02.0654 2248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:05:02.0654 2248 msisadrv - ok
18:05:02.0701 2248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:05:02.0701 2248 MSKSSRV - ok
18:05:02.0732 2248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:05:02.0732 2248 MSPCLOCK - ok
18:05:02.0748 2248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:05:02.0748 2248 MSPQM - ok
18:05:02.0795 2248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:05:02.0795 2248 MsRPC - ok
18:05:02.0826 2248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:05:02.0826 2248 mssmbios - ok
18:05:02.0873 2248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:05:02.0873 2248 MSTEE - ok
18:05:02.0919 2248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:05:02.0919 2248 MTConfig - ok
18:05:02.0951 2248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:05:02.0951 2248 Mup - ok
18:05:03.0013 2248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:05:03.0013 2248 NativeWifiP - ok
18:05:03.0153 2248 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\ENG64.SYS
18:05:03.0153 2248 NAVENG - ok
18:05:03.0231 2248 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\EX64.SYS
18:05:03.0231 2248 NAVEX15 - ok
18:05:03.0325 2248 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:05:03.0325 2248 NDIS - ok
18:05:03.0372 2248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:05:03.0372 2248 NdisCap - ok
18:05:03.0419 2248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:05:03.0434 2248 NdisTapi - ok
18:05:03.0481 2248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:05:03.0481 2248 Ndisuio - ok
18:05:03.0512 2248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:05:03.0512 2248 NdisWan - ok
18:05:03.0543 2248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:05:03.0559 2248 NDProxy - ok
18:05:03.0575 2248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:05:03.0575 2248 NetBIOS - ok
18:05:03.0621 2248 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:05:03.0621 2248 NetBT - ok
18:05:03.0699 2248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:05:03.0699 2248 nfrd960 - ok
18:05:03.0762 2248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:05:03.0762 2248 Npfs - ok
18:05:03.0793 2248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:05:03.0793 2248 nsiproxy - ok
18:05:03.0855 2248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:05:03.0871 2248 Ntfs - ok
18:05:03.0902 2248 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:05:03.0902 2248 Null - ok
18:05:03.0965 2248 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:05:03.0965 2248 nusb3hub - ok
18:05:03.0996 2248 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:05:03.0996 2248 nusb3xhc - ok
18:05:04.0058 2248 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
18:05:04.0058 2248 NVHDA - ok
18:05:04.0292 2248 nvlddmkm (7ab357fadc2046424d7168d12375f7ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:05:04.0339 2248 nvlddmkm - ok
18:05:04.0386 2248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:05:04.0386 2248 nvraid - ok
18:05:04.0417 2248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:05:04.0433 2248 nvstor - ok
18:05:04.0464 2248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:05:04.0479 2248 nv_agp - ok
18:05:04.0511 2248 NWLowRider (062682c906dbb3e653994105c359a273) C:\Windows\system32\DRIVERS\NWLowRider.sys
18:05:04.0511 2248 NWLowRider - ok
18:05:04.0573 2248 NWWakeFilterLR (daafeacb4f13a301988e390d25c2c7a7) C:\Windows\system32\DRIVERS\NWWakeFilterLR.sys
18:05:04.0573 2248 NWWakeFilterLR - ok
18:05:04.0635 2248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:05:04.0635 2248 ohci1394 - ok
18:05:04.0682 2248 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:05:04.0682 2248 Parport - ok
18:05:04.0713 2248 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:05:04.0713 2248 partmgr - ok
18:05:04.0745 2248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:05:04.0745 2248 pci - ok
18:05:04.0776 2248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:05:04.0776 2248 pciide - ok
18:05:04.0807 2248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:05:04.0807 2248 pcmcia - ok
18:05:04.0838 2248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:05:04.0838 2248 pcw - ok
18:05:04.0885 2248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:05:04.0885 2248 PEAUTH - ok
18:05:04.0947 2248 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:05:04.0947 2248 Point64 - ok
18:05:04.0994 2248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:05:04.0994 2248 PptpMiniport - ok
18:05:05.0041 2248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:05:05.0041 2248 Processor - ok
18:05:05.0088 2248 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:05:05.0103 2248 Psched - ok
18:05:05.0150 2248 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:05:05.0150 2248 PxHlpa64 - ok
18:05:05.0213 2248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:05:05.0228 2248 ql2300 - ok
18:05:05.0275 2248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:05:05.0275 2248 ql40xx - ok
18:05:05.0306 2248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:05:05.0322 2248 QWAVEdrv - ok
18:05:05.0369 2248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:05:05.0369 2248 RasAcd - ok
18:05:05.0415 2248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:05:05.0415 2248 RasAgileVpn - ok
18:05:05.0447 2248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:05:05.0447 2248 Rasl2tp - ok
18:05:05.0478 2248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:05:05.0478 2248 RasPppoe - ok
18:05:05.0509 2248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:05:05.0509 2248 RasSstp - ok
18:05:05.0556 2248 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:05:05.0556 2248 rdbss - ok
18:05:05.0587 2248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:05:05.0587 2248 rdpbus - ok
18:05:05.0618 2248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:05:05.0618 2248 RDPCDD - ok
18:05:05.0665 2248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:05:05.0665 2248 RDPDR - ok
18:05:05.0696 2248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:05:05.0696 2248 RDPENCDD - ok
18:05:05.0712 2248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:05:05.0712 2248 RDPREFMP - ok
18:05:05.0743 2248 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:05:05.0743 2248 RDPWD - ok
18:05:05.0774 2248 rdyboost (a115f49bea840a5f049bc6310f35f776) C:\Windows\system32\drivers\rdyboost.sys
18:05:05.0774 2248 rdyboost - ok
18:05:05.0821 2248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:05:05.0821 2248 RFCOMM - ok
18:05:05.0852 2248 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
18:05:05.0852 2248 rimspci - ok
18:05:05.0883 2248 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
18:05:05.0883 2248 risdsnpe - ok
18:05:05.0915 2248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:05:05.0915 2248 rspndr - ok
18:05:05.0961 2248 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:05:05.0961 2248 RTL8167 - ok
18:05:06.0008 2248 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:05:06.0008 2248 s3cap - ok
18:05:06.0055 2248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:05:06.0071 2248 sbp2port - ok
18:05:06.0117 2248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:05:06.0117 2248 scfilter - ok
18:05:06.0180 2248 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:05:06.0180 2248 sdbus - ok
18:05:06.0227 2248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:05:06.0227 2248 secdrv - ok
18:05:06.0273 2248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:05:06.0273 2248 Serenum - ok
18:05:06.0320 2248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:05:06.0320 2248 Serial - ok
18:05:06.0351 2248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:05:06.0351 2248 sermouse - ok
18:05:06.0414 2248 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
18:05:06.0414 2248 SFEP - ok
18:05:06.0445 2248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:05:06.0461 2248 sffdisk - ok
18:05:06.0492 2248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:05:06.0492 2248 sffp_mmc - ok
18:05:06.0539 2248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:05:06.0539 2248 sffp_sd - ok
18:05:06.0570 2248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:05:06.0570 2248 sfloppy - ok
18:05:06.0617 2248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:05:06.0617 2248 SiSRaid2 - ok
18:05:06.0648 2248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:05:06.0663 2248 SiSRaid4 - ok
18:05:06.0710 2248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:05:06.0710 2248 Smb - ok
18:05:06.0788 2248 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
18:05:06.0788 2248 SMR210 - ok
18:05:06.0851 2248 snapman (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
18:05:06.0866 2248 snapman - ok
18:05:06.0897 2248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:05:06.0913 2248 spldr - ok
18:05:07.0022 2248 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS
18:05:07.0038 2248 SRTSP - ok
18:05:07.0069 2248 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS
18:05:07.0069 2248 SRTSPX - ok
18:05:07.0131 2248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:05:07.0131 2248 srv - ok
18:05:07.0194 2248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:05:07.0194 2248 srv2 - ok
18:05:07.0225 2248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:05:07.0225 2248 srvnet - ok
18:05:07.0272 2248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:05:07.0272 2248 stexstor - ok
18:05:07.0319 2248 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:05:07.0319 2248 storflt - ok
18:05:07.0365 2248 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:05:07.0365 2248 storvsc - ok
18:05:07.0412 2248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:05:07.0412 2248 swenum - ok
18:05:07.0459 2248 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS
18:05:07.0459 2248 SymDS - ok
18:05:07.0506 2248 SymEFA (d89a88ad71e12f963b1f436a0e91dcbf) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS
18:05:07.0521 2248 SymEFA - ok
18:05:07.0568 2248 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:05:07.0568 2248 SymEvent - ok
18:05:07.0615 2248 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS
18:05:07.0631 2248 SymIRON - ok
18:05:07.0662 2248 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS
18:05:07.0677 2248 SymNetS - ok
18:05:07.0771 2248 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:05:07.0787 2248 Tcpip - ok
18:05:07.0865 2248 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:05:07.0880 2248 TCPIP6 - ok
18:05:07.0911 2248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:05:07.0911 2248 tcpipreg - ok
18:05:07.0943 2248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:05:07.0943 2248 TDPIPE - ok
18:05:08.0021 2248 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
18:05:08.0036 2248 tdrpman - ok
18:05:08.0067 2248 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:05:08.0067 2248 TDTCP - ok
18:05:08.0099 2248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:05:08.0099 2248 tdx - ok
18:05:08.0130 2248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:05:08.0130 2248 TermDD - ok
18:05:08.0192 2248 timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
18:05:08.0192 2248 timounter - ok
18:05:08.0255 2248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:05:08.0255 2248 tssecsrv - ok
18:05:08.0301 2248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:05:08.0301 2248 TsUsbFlt - ok
18:05:08.0333 2248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:05:08.0333 2248 TsUsbGD - ok
18:05:08.0379 2248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:05:08.0379 2248 tunnel - ok
18:05:08.0411 2248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:05:08.0411 2248 uagp35 - ok
18:05:08.0442 2248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:05:08.0457 2248 udfs - ok
18:05:08.0473 2248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:05:08.0489 2248 uliagpkx - ok
18:05:08.0535 2248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:05:08.0535 2248 umbus - ok
18:05:08.0567 2248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:05:08.0582 2248 UmPass - ok
18:05:08.0629 2248 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:05:08.0629 2248 usbaudio - ok
18:05:08.0676 2248 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:05:08.0676 2248 usbccgp - ok
18:05:08.0723 2248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:05:08.0723 2248 usbcir - ok
18:05:08.0754 2248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:05:08.0754 2248 usbehci - ok
18:05:08.0801 2248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:05:08.0801 2248 usbhub - ok
18:05:08.0847 2248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:05:08.0847 2248 usbohci - ok
18:05:08.0879 2248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:05:08.0879 2248 usbprint - ok
18:05:08.0925 2248 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:05:08.0925 2248 usbscan - ok
18:05:08.0957 2248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:05:08.0957 2248 USBSTOR - ok
18:05:08.0988 2248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:05:08.0988 2248 usbuhci - ok
18:05:09.0035 2248 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:05:09.0035 2248 usbvideo - ok
18:05:09.0128 2248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:05:09.0128 2248 vdrvroot - ok
18:05:09.0159 2248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:05:09.0159 2248 vga - ok
18:05:09.0206 2248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:05:09.0206 2248 VgaSave - ok
18:05:09.0237 2248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:05:09.0237 2248 vhdmp - ok
18:05:09.0269 2248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:05:09.0269 2248 viaide - ok
18:05:09.0315 2248 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
18:05:09.0315 2248 vididr - ok
18:05:09.0378 2248 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
18:05:09.0378 2248 vidsflt61 - ok
18:05:09.0409 2248 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:05:09.0409 2248 vmbus - ok
18:05:09.0440 2248 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:05:09.0440 2248 VMBusHID - ok
18:05:09.0487 2248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:05:09.0487 2248 volmgr - ok
18:05:09.0549 2248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:05:09.0549 2248 volmgrx - ok
18:05:09.0596 2248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:05:09.0596 2248 volsnap - ok
18:05:09.0627 2248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:05:09.0643 2248 vsmraid - ok
18:05:09.0705 2248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:05:09.0705 2248 vwifibus - ok
18:05:09.0752 2248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:05:09.0752 2248 vwififlt - ok
18:05:09.0783 2248 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:05:09.0799 2248 vwifimp - ok
18:05:09.0830 2248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:05:09.0846 2248 WacomPen - ok
18:05:09.0877 2248 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:09.0877 2248 WANARP - ok
18:05:09.0893 2248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:05:09.0893 2248 Wanarpv6 - ok
18:05:09.0939 2248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:05:09.0939 2248 Wd - ok
18:05:09.0986 2248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:05:10.0002 2248 Wdf01000 - ok
18:05:10.0049 2248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:05:10.0049 2248 WfpLwf - ok
18:05:10.0080 2248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:05:10.0080 2248 WIMMount - ok
18:05:10.0127 2248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:05:10.0127 2248 WmiAcpi - ok
18:05:10.0173 2248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:05:10.0173 2248 ws2ifsl - ok
18:05:10.0205 2248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:05:10.0205 2248 WudfPf - ok
18:05:10.0251 2248 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:05:10.0251 2248 WUDFRd - ok
18:05:10.0314 2248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:05:10.0361 2248 \Device\Harddisk0\DR0 - ok
18:05:10.0376 2248 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:05:10.0376 2248 \Device\Harddisk1\DR1 - ok
18:05:10.0392 2248 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk2\DR2
18:05:10.0392 2248 \Device\Harddisk2\DR2 - ok
18:05:10.0392 2248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
18:05:11.0234 2248 \Device\Harddisk3\DR3 - ok
18:05:11.0234 2248 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk4\DR4
18:05:11.0250 2248 \Device\Harddisk4\DR4 - ok
18:05:11.0250 2248 Boot (0x1200) (bc884b42ca6d7d4a70b9ae62078e72bb) \Device\Harddisk0\DR0\Partition0
18:05:11.0250 2248 \Device\Harddisk0\DR0\Partition0 - ok
18:05:11.0250 2248 Boot (0x1200) (8a21170c6eb870980c3bab8e450fe7cd) \Device\Harddisk0\DR0\Partition1
18:05:11.0250 2248 \Device\Harddisk0\DR0\Partition1 - ok
18:05:11.0250 2248 Boot (0x1200) (a12cbb8403b06abe1385a43f069256ff) \Device\Harddisk1\DR1\Partition0
18:05:11.0265 2248 \Device\Harddisk1\DR1\Partition0 - ok
18:05:11.0609 2248 Boot (0x1200) (fc327a6e861169fb37420fd4317974b0) \Device\Harddisk2\DR2\Partition0
18:05:11.0624 2248 \Device\Harddisk2\DR2\Partition0 - ok
18:05:11.0624 2248 Boot (0x1200) (649b31b3e4bd73224eaedfee189c3db1) \Device\Harddisk3\DR3\Partition0
18:05:11.0624 2248 \Device\Harddisk3\DR3\Partition0 - ok
18:05:11.0640 2248 Boot (0x1200) (ce988baca7031dc063a7b4f3fa815182) \Device\Harddisk4\DR4\Partition0
18:05:11.0640 2248 \Device\Harddisk4\DR4\Partition0 - ok
18:05:11.0640 2248 ============================================================
18:05:11.0640 2248 Scan finished
18:05:11.0640 2248 ============================================================
18:05:11.0655 5152 Detected object count: 0
18:05:11.0655 5152 Actual detected object count: 0
18:05:42.0450 5896 Deinitialize success








The following is the file from the second run of TDSSKiller (i.e, after clicking on Change Parameters and then checking the two items under additional options):

18:05:50.0190 6412 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
18:05:50.0548 6412 ============================================================
18:05:50.0548 6412 Current date / time: 2012/01/16 18:05:50.0548
18:05:50.0548 6412 SystemInfo:
18:05:50.0548 6412
18:05:50.0548 6412 OS Version: 6.1.7601 ServicePack: 1.0
18:05:50.0548 6412 Product type: Workstation
18:05:50.0548 6412 ComputerName: VAIO
18:05:50.0548 6412 UserName: Bob
18:05:50.0548 6412 Windows directory: C:\Windows
18:05:50.0548 6412 System windows directory: C:\Windows
18:05:50.0548 6412 Running under WOW64
18:05:50.0548 6412 Processor architecture: Intel x64
18:05:50.0548 6412 Number of processors: 8
18:05:50.0548 6412 Page size: 0x1000
18:05:50.0548 6412 Boot type: Normal boot
18:05:50.0548 6412 ============================================================
18:05:50.0845 6412 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
18:05:50.0860 6412 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000, SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:05:50.0860 6412 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:05:50.0860 6412 Drive \Device\Harddisk3\DR3 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:05:50.0860 6412 Drive \Device\Harddisk4\DR4 - Size: 0x1E0C00000, SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:05:51.0219 6412 Initialize success
18:06:09.0487 6500 ============================================================
18:06:09.0487 6500 Scan started
18:06:09.0487 6500 Mode: Manual; SigCheck; TDLFS;
18:06:09.0487 6500 ============================================================
18:06:09.0783 6500 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:06:09.0846 6500 1394ohci - ok
18:06:09.0939 6500 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:06:09.0955 6500 ACPI - ok
18:06:09.0986 6500 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:06:10.0017 6500 AcpiPmi - ok
18:06:10.0126 6500 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:06:10.0158 6500 adp94xx - ok
18:06:10.0189 6500 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:06:10.0204 6500 adpahci - ok
18:06:10.0236 6500 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:06:10.0236 6500 adpu320 - ok
18:06:10.0298 6500 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys
18:06:10.0314 6500 afcdp - ok
18:06:10.0360 6500 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:06:10.0407 6500 AFD - ok
18:06:10.0454 6500 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:06:10.0454 6500 agp440 - ok
18:06:10.0501 6500 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:06:10.0532 6500 aliide - ok
18:06:10.0563 6500 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:06:10.0579 6500 amdide - ok
18:06:10.0610 6500 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:06:10.0641 6500 AmdK8 - ok
18:06:10.0657 6500 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:06:10.0672 6500 AmdPPM - ok
18:06:10.0704 6500 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:06:10.0719 6500 amdsata - ok
18:06:10.0750 6500 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:06:10.0766 6500 amdsbs - ok
18:06:10.0797 6500 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:06:10.0813 6500 amdxata - ok
18:06:10.0860 6500 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:06:10.0938 6500 AppID - ok
18:06:10.0969 6500 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:06:10.0984 6500 arc - ok
18:06:11.0016 6500 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:06:11.0016 6500 arcsas - ok
18:06:11.0078 6500 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
18:06:11.0094 6500 ArcSoftKsUFilter - ok
18:06:11.0156 6500 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:11.0187 6500 AsyncMac - ok
18:06:11.0234 6500 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:06:11.0250 6500 atapi - ok
18:06:11.0281 6500 AthBTPort (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
18:06:11.0312 6500 AthBTPort - ok
18:06:11.0390 6500 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
18:06:11.0437 6500 athr - ok
18:06:11.0530 6500 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:06:11.0577 6500 b06bdrv - ok
18:06:11.0640 6500 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:06:11.0671 6500 b57nd60a - ok
18:06:11.0702 6500 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:06:11.0749 6500 Beep - ok
18:06:11.0905 6500 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
18:06:11.0936 6500 BHDrvx64 - ok
18:06:11.0967 6500 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:06:11.0983 6500 blbdrive - ok
18:06:12.0030 6500 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:06:12.0076 6500 bowser - ok
18:06:12.0123 6500 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:06:12.0139 6500 BrFiltLo - ok
18:06:12.0186 6500 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:06:12.0217 6500 BrFiltUp - ok
18:06:12.0279 6500 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:06:12.0342 6500 BridgeMP - ok
18:06:12.0388 6500 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:06:12.0404 6500 Brserid - ok
18:06:12.0451 6500 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:06:12.0498 6500 BrSerWdm - ok
18:06:12.0544 6500 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:06:12.0560 6500 BrUsbMdm - ok
18:06:12.0607 6500 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:06:12.0638 6500 BrUsbSer - ok
18:06:12.0685 6500 BTATH_A2DP (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
18:06:12.0700 6500 BTATH_A2DP - ok
18:06:12.0732 6500 btath_avdt (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
18:06:12.0747 6500 btath_avdt - ok
18:06:12.0794 6500 BTATH_BUS (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\DRIVERS\btath_bus.sys
18:06:12.0794 6500 BTATH_BUS - ok
18:06:12.0841 6500 BTATH_HCRP (a441b800e04cf8443faf519207563abb) C:\Windows\system32\DRIVERS\btath_hcrp.sys
18:06:12.0856 6500 BTATH_HCRP - ok
18:06:12.0888 6500 BTATH_LWFLT (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
18:06:12.0903 6500 BTATH_LWFLT - ok
18:06:12.0934 6500 BTATH_RCP (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\DRIVERS\btath_rcp.sys
18:06:12.0950 6500 BTATH_RCP - ok
18:06:13.0012 6500 BtFilter (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
18:06:13.0044 6500 BtFilter - ok
18:06:13.0075 6500 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:06:13.0106 6500 BthEnum - ok
18:06:13.0137 6500 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:06:13.0168 6500 BTHMODEM - ok
18:06:13.0200 6500 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:06:13.0246 6500 BthPan - ok
18:06:13.0293 6500 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:06:13.0356 6500 BTHPORT - ok
18:06:13.0402 6500 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:06:13.0434 6500 BTHUSB - ok
18:06:13.0449 6500 catchme - ok
18:06:13.0558 6500 ccSet_NIS (a8ad33c9dd88c810cac00acc7f4329fb) C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys
18:06:13.0574 6500 ccSet_NIS - ok
18:06:13.0605 6500 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:06:13.0668 6500 cdfs - ok
18:06:13.0699 6500 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:06:13.0714 6500 cdrom - ok
18:06:13.0746 6500 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:06:13.0777 6500 circlass - ok
18:06:13.0839 6500 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:06:13.0855 6500 CLFS - ok
18:06:13.0902 6500 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
18:06:13.0933 6500 CmBatt - ok
18:06:13.0980 6500 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:06:13.0995 6500 cmdide - ok
18:06:14.0026 6500 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:06:14.0058 6500 CNG - ok
18:06:14.0089 6500 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
18:06:14.0089 6500 Compbatt - ok
18:06:14.0120 6500 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:06:14.0167 6500 CompositeBus - ok
18:06:14.0214 6500 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:06:14.0214 6500 crcdisk - ok
18:06:14.0260 6500 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:06:14.0276 6500 CSC - ok
18:06:14.0307 6500 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:06:14.0338 6500 DfsC - ok
18:06:14.0370 6500 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:06:14.0432 6500 discache - ok
18:06:14.0479 6500 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:06:14.0494 6500 Disk - ok
18:06:14.0526 6500 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
18:06:14.0557 6500 dmvsc - ok
18:06:14.0619 6500 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:06:14.0666 6500 drmkaud - ok
18:06:14.0744 6500 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:06:14.0775 6500 DXGKrnl - ok
18:06:14.0822 6500 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
18:06:14.0853 6500 e1yexpress - ok
18:06:14.0931 6500 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:06:14.0978 6500 ebdrv - ok
18:06:15.0072 6500 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:06:15.0103 6500 eeCtrl - ok
18:06:15.0150 6500 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:06:15.0165 6500 elxstor - ok
18:06:15.0243 6500 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:06:15.0243 6500 EraserUtilRebootDrv - ok
18:06:15.0274 6500 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:06:15.0306 6500 ErrDev - ok
18:06:15.0368 6500 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:06:15.0415 6500 exfat - ok
18:06:15.0446 6500 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:06:15.0508 6500 fastfat - ok
18:06:15.0540 6500 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:06:15.0555 6500 fdc - ok
18:06:15.0586 6500 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:06:15.0602 6500 FileInfo - ok
18:06:15.0618 6500 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:06:15.0664 6500 Filetrace - ok
18:06:15.0711 6500 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:06:15.0742 6500 flpydisk - ok
18:06:15.0774 6500 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:06:15.0789 6500 FltMgr - ok
18:06:15.0852 6500 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys
18:06:15.0883 6500 fltsrv - ok
18:06:15.0914 6500 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:06:15.0930 6500 FsDepends - ok
18:06:15.0961 6500 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:06:15.0976 6500 Fs_Rec - ok
18:06:16.0008 6500 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:06:16.0023 6500 fvevol - ok
18:06:16.0054 6500 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:06:16.0054 6500 gagp30kx - ok
18:06:16.0086 6500 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:06:16.0086 6500 hcw85cir - ok
18:06:16.0117 6500 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:06:16.0148 6500 HdAudAddService - ok
18:06:16.0179 6500 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:06:16.0195 6500 HDAudBus - ok
18:06:16.0226 6500 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:06:16.0273 6500 HidBatt - ok
18:06:16.0288 6500 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:06:16.0335 6500 HidBth - ok
18:06:16.0366 6500 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:06:16.0413 6500 HidIr - ok
18:06:16.0460 6500 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:06:16.0507 6500 HidUsb - ok
18:06:16.0538 6500 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:06:16.0554 6500 HpSAMD - ok
18:06:16.0600 6500 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:06:16.0678 6500 HTTP - ok
18:06:16.0710 6500 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:06:16.0725 6500 hwpolicy - ok
18:06:16.0772 6500 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:06:16.0788 6500 i8042prt - ok
18:06:16.0819 6500 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
18:06:16.0850 6500 iaStor - ok
18:06:16.0881 6500 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:06:16.0897 6500 iaStorV - ok
18:06:17.0053 6500 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120113.002\IDSvia64.sys
18:06:17.0068 6500 IDSVia64 - ok
18:06:17.0100 6500 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:06:17.0115 6500 iirsp - ok
18:06:17.0162 6500 InAspi32 - ok
18:06:17.0256 6500 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
18:06:17.0287 6500 IntcAzAudAddService - ok
18:06:17.0318 6500 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:06:17.0318 6500 intelide - ok
18:06:17.0349 6500 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:06:17.0380 6500 intelppm - ok
18:06:17.0443 6500 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:06:17.0521 6500 IpFilterDriver - ok
18:06:17.0536 6500 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:06:17.0583 6500 IPMIDRV - ok
18:06:17.0630 6500 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:06:17.0692 6500 IPNAT - ok
18:06:17.0724 6500 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:06:17.0770 6500 IRENUM - ok
18:06:17.0786 6500 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:06:17.0802 6500 isapnp - ok
18:06:17.0848 6500 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:06:17.0864 6500 iScsiPrt - ok
18:06:17.0895 6500 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:06:17.0911 6500 kbdclass - ok
18:06:17.0942 6500 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:06:17.0973 6500 kbdhid - ok
18:06:18.0020 6500 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:06:18.0020 6500 KSecDD - ok
18:06:18.0051 6500 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:06:18.0067 6500 KSecPkg - ok
18:06:18.0098 6500 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:06:18.0145 6500 ksthunk - ok
18:06:18.0192 6500 libusb0 (02538e602280c07438c94489dcbe77d5) C:\Windows\system32\DRIVERS\libusb0.sys
18:06:18.0207 6500 libusb0 - ok
18:06:18.0270 6500 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:06:18.0316 6500 lltdio - ok
18:06:18.0379 6500 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:06:18.0394 6500 LSI_FC - ok
18:06:18.0410 6500 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:06:18.0426 6500 LSI_SAS - ok
18:06:18.0457 6500 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:06:18.0457 6500 LSI_SAS2 - ok
18:06:18.0488 6500 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:06:18.0504 6500 LSI_SCSI - ok
18:06:18.0519 6500 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:06:18.0582 6500 luafv - ok
18:06:18.0613 6500 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:06:18.0628 6500 megasas - ok
18:06:18.0660 6500 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:06:18.0691 6500 MegaSR - ok
18:06:18.0738 6500 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
18:06:18.0753 6500 MEIx64 - ok
18:06:18.0784 6500 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:06:18.0862 6500 Modem - ok
18:06:18.0909 6500 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:06:18.0972 6500 monitor - ok
18:06:19.0018 6500 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:06:19.0034 6500 mouclass - ok
18:06:19.0081 6500 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:06:19.0112 6500 mouhid - ok
18:06:19.0159 6500 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:06:19.0190 6500 mountmgr - ok
18:06:19.0206 6500 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:06:19.0221 6500 mpio - ok
18:06:19.0237 6500 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:06:19.0284 6500 mpsdrv - ok
18:06:19.0315 6500 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:06:19.0330 6500 MRxDAV - ok
18:06:19.0377 6500 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:06:19.0424 6500 mrxsmb - ok
18:06:19.0455 6500 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:06:19.0471 6500 mrxsmb10 - ok
18:06:19.0486 6500 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:06:19.0518 6500 mrxsmb20 - ok
18:06:19.0549 6500 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:06:19.0564 6500 msahci - ok
18:06:19.0580 6500 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:06:19.0580 6500 msdsm - ok
18:06:19.0627 6500 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:06:19.0705 6500 Msfs - ok
18:06:19.0752 6500 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:06:19.0798 6500 mshidkmdf - ok
18:06:19.0830 6500 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:06:19.0830 6500 msisadrv - ok
18:06:19.0876 6500 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:06:19.0939 6500 MSKSSRV - ok
18:06:19.0954 6500 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:06:19.0986 6500 MSPCLOCK - ok
18:06:20.0017 6500 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:06:20.0079 6500 MSPQM - ok
18:06:20.0126 6500 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:06:20.0157 6500 MsRPC - ok
18:06:20.0188 6500 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:06:20.0204 6500 mssmbios - ok
18:06:20.0251 6500 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:06:20.0313 6500 MSTEE - ok
18:06:20.0360 6500 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:06:20.0407 6500 MTConfig - ok
18:06:20.0454 6500 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:06:20.0485 6500 Mup - ok
18:06:20.0532 6500 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:06:20.0578 6500 NativeWifiP - ok
18:06:20.0703 6500 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\ENG64.SYS
18:06:20.0719 6500 NAVENG - ok
18:06:20.0781 6500 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\EX64.SYS
18:06:20.0812 6500 NAVEX15 - ok
18:06:20.0906 6500 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:06:20.0937 6500 NDIS - ok
18:06:20.0968 6500 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:06:21.0031 6500 NdisCap - ok
18:06:21.0062 6500 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:06:21.0124 6500 NdisTapi - ok
18:06:21.0171 6500 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:06:21.0234 6500 Ndisuio - ok
18:06:21.0280 6500 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:06:21.0343 6500 NdisWan - ok
18:06:21.0390 6500 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:06:21.0452 6500 NDProxy - ok
18:06:21.0468 6500 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:06:21.0514 6500 NetBIOS - ok
18:06:21.0561 6500 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:06:21.0639 6500 NetBT - ok
18:06:21.0702 6500 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:06:21.0702 6500 nfrd960 - ok
18:06:21.0748 6500 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:06:21.0795 6500 Npfs - ok
18:06:21.0826 6500 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:06:21.0904 6500 nsiproxy - ok
18:06:21.0967 6500 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:06:21.0998 6500 Ntfs - ok
18:06:22.0029 6500 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:06:22.0045 6500 Null - ok
18:06:22.0076 6500 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:06:22.0092 6500 nusb3hub - ok
18:06:22.0107 6500 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:06:22.0138 6500 nusb3xhc - ok
18:06:22.0185 6500 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
18:06:22.0216 6500 NVHDA - ok
18:06:22.0419 6500 nvlddmkm (7ab357fadc2046424d7168d12375f7ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:06:22.0560 6500 nvlddmkm - ok
18:06:22.0606 6500 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:06:22.0622 6500 nvraid - ok
18:06:22.0669 6500 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:06:22.0684 6500 nvstor - ok
18:06:22.0731 6500 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:06:22.0747 6500 nv_agp - ok
18:06:22.0778 6500 NWLowRider (062682c906dbb3e653994105c359a273) C:\Windows\system32\DRIVERS\NWLowRider.sys
18:06:22.0778 6500 NWLowRider - ok
18:06:22.0825 6500 NWWakeFilterLR (daafeacb4f13a301988e390d25c2c7a7) C:\Windows\system32\DRIVERS\NWWakeFilterLR.sys
18:06:22.0840 6500 NWWakeFilterLR - ok
18:06:22.0903 6500 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:06:22.0950 6500 ohci1394 - ok
18:06:23.0012 6500 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
18:06:23.0059 6500 Parport - ok
18:06:23.0106 6500 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:06:23.0121 6500 partmgr - ok
18:06:23.0152 6500 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:06:23.0168 6500 pci - ok
18:06:23.0199 6500 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:06:23.0199 6500 pciide - ok
18:06:23.0230 6500 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
18:06:23.0246 6500 pcmcia - ok
18:06:23.0277 6500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:06:23.0293 6500 pcw - ok
18:06:23.0340 6500 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:06:23.0402 6500 PEAUTH - ok
18:06:23.0449 6500 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
18:06:23.0464 6500 Point64 - ok
18:06:23.0511 6500 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:06:23.0574 6500 PptpMiniport - ok
18:06:23.0620 6500 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:06:23.0652 6500 Processor - ok
18:06:23.0698 6500 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:06:23.0761 6500 Psched - ok
18:06:23.0823 6500 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:06:23.0839 6500 PxHlpa64 - ok
18:06:23.0917 6500 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:06:23.0964 6500 ql2300 - ok
18:06:23.0995 6500 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:06:23.0995 6500 ql40xx - ok
18:06:24.0026 6500 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:06:24.0057 6500 QWAVEdrv - ok
18:06:24.0120 6500 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:06:24.0182 6500 RasAcd - ok
18:06:24.0213 6500 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:06:24.0260 6500 RasAgileVpn - ok
18:06:24.0291 6500 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:06:24.0338 6500 Rasl2tp - ok
18:06:24.0385 6500 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:06:24.0432 6500 RasPppoe - ok
18:06:24.0463 6500 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:06:24.0494 6500 RasSstp - ok
18:06:24.0541 6500 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:06:24.0556 6500 rdbss - ok
18:06:24.0588 6500 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:06:24.0603 6500 rdpbus - ok
18:06:24.0634 6500 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:06:24.0712 6500 RDPCDD - ok
18:06:24.0744 6500 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:06:24.0775 6500 RDPDR - ok
18:06:24.0790 6500 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:06:24.0822 6500 RDPENCDD - ok
18:06:24.0853 6500 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:06:24.0884 6500 RDPREFMP - ok
18:06:24.0900 6500 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:06:24.0931 6500 RDPWD - ok
18:06:24.0978 6500 rdyboost (a115f49bea840a5f049bc6310f35f776) C:\Windows\system32\drivers\rdyboost.sys
18:06:24.0993 6500 rdyboost - ok
18:06:25.0056 6500 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:06:25.0087 6500 RFCOMM - ok
18:06:25.0118 6500 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
18:06:25.0134 6500 rimspci - ok
18:06:25.0165 6500 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
18:06:25.0165 6500 risdsnpe - ok
18:06:25.0196 6500 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:06:25.0227 6500 rspndr - ok
18:06:25.0258 6500 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:06:25.0274 6500 RTL8167 - ok
18:06:25.0305 6500 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:06:25.0321 6500 s3cap - ok
18:06:25.0368 6500 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:06:25.0383 6500 sbp2port - ok
18:06:25.0430 6500 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:06:25.0492 6500 scfilter - ok
18:06:25.0555 6500 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:06:25.0602 6500 sdbus - ok
18:06:25.0648 6500 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:06:25.0726 6500 secdrv - ok
18:06:25.0789 6500 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
18:06:25.0836 6500 Serenum - ok
18:06:25.0867 6500 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
18:06:25.0914 6500 Serial - ok
18:06:25.0929 6500 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:06:25.0945 6500 sermouse - ok
18:06:25.0992 6500 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
18:06:26.0023 6500 SFEP - ok
18:06:26.0054 6500 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:06:26.0116 6500 sffdisk - ok
18:06:26.0148 6500 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:06:26.0194 6500 sffp_mmc - ok
18:06:26.0226 6500 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:06:26.0241 6500 sffp_sd - ok
18:06:26.0272 6500 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:06:26.0319 6500 sfloppy - ok
18:06:26.0366 6500 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:06:26.0382 6500 SiSRaid2 - ok
18:06:26.0413 6500 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:06:26.0428 6500 SiSRaid4 - ok
18:06:26.0475 6500 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:06:26.0538 6500 Smb - ok
18:06:26.0600 6500 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
18:06:26.0616 6500 SMR210 - ok
18:06:26.0662 6500 snapman (bbfb94699c8c265a6af5fd51bde26dfc) C:\Windows\system32\DRIVERS\snapman.sys
18:06:26.0678 6500 snapman - ok
18:06:26.0709 6500 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:06:26.0709 6500 spldr - ok
18:06:26.0818 6500 SRTSP (1321a6c3c92bbd3f3bbe1292cff8e91a) C:\Windows\System32\Drivers\NISx64\1302000.00A\SRTSP64.SYS
18:06:26.0834 6500 SRTSP - ok
18:06:26.0865 6500 SRTSPX (bd129c22c3b8c2e584227269dfa77b09) C:\Windows\system32\drivers\NISx64\1302000.00A\SRTSPX64.SYS
18:06:26.0865 6500 SRTSPX - ok
18:06:26.0896 6500 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:06:26.0928 6500 srv - ok
18:06:26.0959 6500 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:06:26.0990 6500 srv2 - ok
18:06:27.0021 6500 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:06:27.0037 6500 srvnet - ok
18:06:27.0068 6500 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:06:27.0084 6500 stexstor - ok
18:06:27.0146 6500 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:06:27.0162 6500 storflt - ok
18:06:27.0208 6500 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:06:27.0208 6500 storvsc - ok
18:06:27.0240 6500 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:06:27.0240 6500 swenum - ok
18:06:27.0349 6500 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS
18:06:27.0380 6500 SymDS - ok
18:06:27.0442 6500 SymEFA (d89a88ad71e12f963b1f436a0e91dcbf) C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS
18:06:27.0474 6500 SymEFA - ok
18:06:27.0520 6500 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:06:27.0520 6500 SymEvent - ok
18:06:27.0583 6500 SymIRON (dd70da422460fded831d211df151d560) C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS
18:06:27.0598 6500 SymIRON - ok
18:06:27.0645 6500 SymNetS (bce4eb2eef05e388959b46fd21388c2d) C:\Windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS
18:06:27.0661 6500 SymNetS - ok
18:06:27.0723 6500 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:06:27.0739 6500 Tcpip - ok
18:06:27.0801 6500 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:06:27.0817 6500 TCPIP6 - ok
18:06:27.0848 6500 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:06:27.0895 6500 tcpipreg - ok
18:06:27.0926 6500 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:06:28.0004 6500 TDPIPE - ok
18:06:28.0066 6500 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys
18:06:28.0098 6500 tdrpman - ok
18:06:28.0129 6500 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:06:28.0160 6500 TDTCP - ok
18:06:28.0176 6500 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:06:28.0207 6500 tdx - ok
18:06:28.0254 6500 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:06:28.0254 6500 TermDD - ok
18:06:28.0300 6500 timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys
18:06:28.0316 6500 timounter - ok
18:06:28.0378 6500 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:06:28.0410 6500 tssecsrv - ok
18:06:28.0441 6500 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:06:28.0472 6500 TsUsbFlt - ok
18:06:28.0503 6500 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:06:28.0550 6500 TsUsbGD - ok
18:06:28.0612 6500 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:06:28.0659 6500 tunnel - ok
18:06:28.0690 6500 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:06:28.0706 6500 uagp35 - ok
18:06:28.0722 6500 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:06:28.0753 6500 udfs - ok
18:06:28.0800 6500 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:06:28.0815 6500 uliagpkx - ok
18:06:28.0846 6500 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:06:28.0893 6500 umbus - ok
18:06:28.0940 6500 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:06:28.0971 6500 UmPass - ok
18:06:29.0034 6500 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:06:29.0065 6500 usbaudio - ok
18:06:29.0112 6500 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:06:29.0158 6500 usbccgp - ok
18:06:29.0221 6500 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:06:29.0236 6500 usbcir - ok
18:06:29.0268 6500 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:06:29.0283 6500 usbehci - ok
18:06:29.0330 6500 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:06:29.0361 6500 usbhub - ok
18:06:29.0392 6500 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:06:29.0408 6500 usbohci - ok
18:06:29.0439 6500 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
18:06:29.0455 6500 usbprint - ok
18:06:29.0486 6500 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:06:29.0517 6500 usbscan - ok
18:06:29.0548 6500 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:06:29.0595 6500 USBSTOR - ok
18:06:29.0626 6500 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:06:29.0658 6500 usbuhci - ok
18:06:29.0704 6500 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:06:29.0767 6500 usbvideo - ok
18:06:29.0829 6500 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:06:29.0860 6500 vdrvroot - ok
18:06:29.0892 6500 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:06:29.0907 6500 vga - ok
18:06:29.0938 6500 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:06:29.0985 6500 VgaSave - ok
18:06:30.0001 6500 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:06:30.0016 6500 vhdmp - ok
18:06:30.0048 6500 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:06:30.0048 6500 viaide - ok
18:06:30.0094 6500 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys
18:06:30.0110 6500 vididr - ok
18:06:30.0157 6500 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys
18:06:30.0157 6500 vidsflt61 - ok
18:06:30.0188 6500 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:06:30.0188 6500 vmbus - ok
18:06:30.0204 6500 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:06:30.0235 6500 VMBusHID - ok
18:06:30.0282 6500 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:06:30.0297 6500 volmgr - ok
18:06:30.0344 6500 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:06:30.0360 6500 volmgrx - ok
18:06:30.0391 6500 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:06:30.0406 6500 volsnap - ok
18:06:30.0438 6500 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:06:30.0438 6500 vsmraid - ok
18:06:30.0500 6500 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:06:30.0531 6500 vwifibus - ok
18:06:30.0562 6500 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:06:30.0609 6500 vwififlt - ok
18:06:30.0640 6500 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:06:30.0656 6500 vwifimp - ok
18:06:30.0703 6500 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:06:30.0765 6500 WacomPen - ok
18:06:30.0812 6500 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:30.0859 6500 WANARP - ok
18:06:30.0859 6500 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:06:30.0890 6500 Wanarpv6 - ok
18:06:30.0921 6500 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:06:30.0937 6500 Wd - ok
18:06:30.0984 6500 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:06:30.0999 6500 Wdf01000 - ok
18:06:31.0046 6500 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:06:31.0077 6500 WfpLwf - ok
18:06:31.0093 6500 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:06:31.0108 6500 WIMMount - ok
18:06:31.0140 6500 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:06:31.0155 6500 WmiAcpi - ok
18:06:31.0202 6500 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:06:31.0249 6500 ws2ifsl - ok
18:06:31.0296 6500 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:06:31.0342 6500 WudfPf - ok
18:06:31.0389 6500 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:06:31.0452 6500 WUDFRd - ok
18:06:31.0483 6500 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:06:31.0686 6500 \Device\Harddisk0\DR0 - ok
18:06:31.0686 6500 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:10:32.0051 6500 \Device\Harddisk1\DR1 - ok
18:10:32.0051 6500 MBR (0x1B8) (8464d19686910a2e5d0e5c28c70a95ab) \Device\Harddisk2\DR2
18:10:32.0488 6500 \Device\Harddisk2\DR2 - ok
18:10:32.0488 6500 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
18:10:33.0611 6500 \Device\Harddisk3\DR3 - ok
18:10:33.0626 6500 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk4\DR4
18:10:33.0782 6500 \Device\Harddisk4\DR4 - ok
18:10:33.0798 6500 Boot (0x1200) (bc884b42ca6d7d4a70b9ae62078e72bb) \Device\Harddisk0\DR0\Partition0
18:10:33.0798 6500 \Device\Harddisk0\DR0\Partition0 - ok
18:10:33.0814 6500 Boot (0x1200) (8a21170c6eb870980c3bab8e450fe7cd) \Device\Harddisk0\DR0\Partition1
18:10:33.0814 6500 \Device\Harddisk0\DR0\Partition1 - ok
18:10:33.0814 6500 Boot (0x1200) (a12cbb8403b06abe1385a43f069256ff) \Device\Harddisk1\DR1\Partition0
18:10:33.0829 6500 \Device\Harddisk1\DR1\Partition0 - ok
18:10:33.0829 6500 Boot (0x1200) (fc327a6e861169fb37420fd4317974b0) \Device\Harddisk2\DR2\Partition0
18:10:33.0829 6500 \Device\Harddisk2\DR2\Partition0 - ok
18:10:33.0829 6500 Boot (0x1200) (649b31b3e4bd73224eaedfee189c3db1) \Device\Harddisk3\DR3\Partition0
18:10:33.0829 6500 \Device\Harddisk3\DR3\Partition0 - ok
18:10:33.0845 6500 Boot (0x1200) (ce988baca7031dc063a7b4f3fa815182) \Device\Harddisk4\DR4\Partition0
18:10:33.0845 6500 \Device\Harddisk4\DR4\Partition0 - ok
18:10:33.0845 6500 ============================================================
18:10:33.0845 6500 Scan finished
18:10:33.0845 6500 ============================================================
18:10:33.0860 7840 Detected object count: 0
18:10:33.0860 7840 Actual detected object count: 0








As relates to aswMBR tool, please note that upon starting the tool there was a dialogue box that noted "this application can use the Avast! Free Antivirus for scanning and that it was recommended to download it for better detection results", and it then asked whether I wanted to download the latest Avast! virus definitions - I clicked "No" on that option, and then ran the scan. The following is the file from the aswMBR.exe scan (please note that upon completion of the scan the Fix button was not enabled):

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 19:30:37
-----------------------------
19:30:37.311 OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:37.311 Number of processors: 8 586 0x2A07
19:30:37.311 ComputerName: VAIO UserName: Bob
19:30:38.933 Initialize success
19:31:46.365 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:31:46.365 Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 3
19:31:46.396 Disk 0 MBR read successfully
19:31:46.396 Disk 0 MBR scan
19:31:46.396 Disk 0 Windows 7 default MBR code
19:31:46.411 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14076 MB offset 2048
19:31:46.427 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28829696
19:31:46.443 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939691 MB offset 29034496
19:31:46.443 Service scanning
19:31:47.472 Modules scanning
19:31:47.472 Scan finished successfully
19:32:41.344 Disk 0 MBR has been saved successfully to "C:\Users\Bob\Desktop\MBR.dat"
19:32:41.344 The log file has been saved successfully to "C:\Users\Bob\Desktop\aswMBR.txt"








The following is the log from the MalwareBytes scan (at the completion of the quick scan it noted that the scan completed successfully and that no malicious items were detected):

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bob :: VAIO [administrator]

1/16/2012 7:38:32 PM
mbam-log-2012-01-16 (19-38-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183791
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)








After running all of the above, I then ran OTL again and it produced two logs. The following is the OTL log:

OTL logfile created on: 1/16/2012 7:46:10 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.29% Memory free
15.96 Gb Paging File | 13.06 Gb Available in Paging File | 81.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.67 Gb Total Space | 837.10 Gb Free Space | 91.22% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 233.95 Gb Free Space | 78.50% Space Free | Partition Type: FAT32
Drive F: | 931.51 Gb Total Space | 366.14 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 26.69 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive I: | 7.50 Gb Total Space | 7.44 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: VAIO | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/16 13:02:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2011/12/04 20:12:48 | 003,450,832 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2011/11/10 06:47:06 | 000,403,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/11/10 06:46:00 | 005,954,016 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/11/05 08:47:17 | 000,435,528 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2011/09/19 10:36:20 | 002,996,008 | ---- | M] (Centered Systems) -- C:\Program Files (x86)\Second Copy 8\SecCopy.exe
PRC - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/29 15:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/08/13 19:14:16 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/04/26 12:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/04/26 12:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/04/14 08:22:08 | 012,036,968 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe
PRC - [2011/03/25 14:41:14 | 000,139,264 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\fjscan32\FjtwMkup.exe
PRC - [2011/03/20 15:00:50 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/14 14:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 14:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/05 16:22:02 | 000,286,720 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/02/08 15:04:00 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
PRC - [2009/10/21 14:58:56 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FiWiaChecker.exe
PRC - [2009/09/16 19:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/31 15:13:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011/12/31 15:13:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/11/03 18:52:28 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/10/14 08:21:10 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\7c86a11e96b7e798d5db164c22ea0268\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2011/10/14 08:21:03 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\9d9e419b7157083a5a246768b29dd92f\System.Data.Linq.ni.dll
MOD - [2011/10/14 08:21:03 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\88f32d62a8df469e8b9f12a8d3093627\System.Xml.Linq.ni.dll
MOD - [2011/10/14 08:20:41 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\55b239388c36e25bb9af84a8827df8c2\System.AddIn.ni.dll
MOD - [2011/10/14 08:20:41 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\32d21563937263ee3ae9eecfa59fdc3d\System.AddIn.Contract.ni.dll
MOD - [2011/10/14 08:19:31 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/14 08:19:28 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\76692f411b404f1db0c95d81dd537c37\System.Runtime.Serialization.ni.dll
MOD - [2011/10/14 08:19:11 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/10/14 08:19:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/10/14 08:17:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 08:17:22 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\dfe859829abd7f108aa5d82382251690\System.EnterpriseServices.ni.dll
MOD - [2011/10/14 08:17:21 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d667bbe4bd8cd45c7cb1e6cc045fc603\System.Data.ni.dll
MOD - [2011/10/14 08:17:21 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f5659a792c1f6832d9a45c1509d03497\System.Transactions.ni.dll
MOD - [2011/10/14 08:17:15 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 08:17:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 08:17:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 08:17:01 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011/10/14 08:17:01 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/14 08:17:00 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 08:16:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 08:16:52 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\ccba14fc93de40f4f53d401f07b9bcb8\System.Security.ni.dll
MOD - [2011/10/14 08:16:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 08:16:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 08:16:48 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 08:16:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/17 11:46:04 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/06/17 11:46:02 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2011/06/17 11:46:02 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/02/14 17:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/12/27 12:25:02 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2012.exe -- (Peachtree SmartPosting 2012)
SRV - [2011/12/04 20:12:48 | 003,450,832 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/11/10 06:49:36 | 005,890,144 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2011/11/10 06:48:54 | 001,124,096 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/11/05 08:47:17 | 000,435,528 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/09/19 10:36:26 | 000,075,048 | ---- | M] (Centered Systems) [Auto | Running] -- C:\Program Files (x86)\Second Copy 8\ScVssService64.exe -- (ScVssService64)
SRV - [2011/09/10 15:55:47 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/13 19:14:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2011/08/10 13:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/20 15:42:02 | 000,036,864 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/04/26 12:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/20 15:00:50 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/14 14:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 14:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/16 18:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/10/24 12:20:04 | 000,705,024 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2006/11/09 16:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/10 10:50:05 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/12/09 19:05:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/04 20:12:50 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/12/04 20:12:45 | 001,285,216 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/12/04 20:12:43 | 000,986,208 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/12/04 20:12:40 | 000,211,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2011/12/04 20:12:39 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61) Acronis Disk Storage Filter (61)
DRV:64bit: - [2011/12/04 20:12:38 | 000,310,368 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/12/04 20:12:37 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2011/09/26 17:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/08/08 16:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 19:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 19:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/26 00:30:21 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/07/25 19:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 19:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 19:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/05/13 20:35:22 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/30 00:12:04 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 14:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/12 19:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/12 13:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider)
DRV:64bit: - [2011/02/12 13:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR)
DRV:64bit: - [2011/02/10 03:33:26 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/02/10 00:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011/02/10 00:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2012/01/16 09:12:42 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\ex64.sys -- (NAVEX15)
DRV - [2012/01/16 09:12:42 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120116.002\eng64.sys -- (NAVENG)
DRV - [2012/01/10 09:05:37 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/01/10 09:05:37 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/09 16:53:28 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120113.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 19:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/06/15 23:56:28 | 000,008,704 | R--- | M] (Initio Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\InAspi32.sys -- (InAspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ww2.cox.com/m...rizona/home.cox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ww2.cox.com/m...izona/home.cox"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/10 16:33:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/09/10 16:33:10 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bob\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2011/12/09 19:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/01/16 16:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 07:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/18 15:08:06 | 000,000,000 | ---D | M]

[2011/09/16 18:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2011/12/10 10:11:42 | 000,002,470 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\ukm7lh98.default\searchplugins\safesearch.xml
[2011/09/16 18:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/16 16:21:23 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2011/12/09 19:28:02 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/01/07 07:51:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/05 14:39:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/16 17:33:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [“FjISIS WIA Service Checker] C:\Windows\PIXTRAN\fujitsu\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FiWIA Service Checker] C:\Windows\twain_32\fjscan32\FiWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Second Copy] C:\Program Files (x86)\Second Copy 8\SecCopy.exe (Centered Systems)
O4 - HKCU..\Run: [TSTimer] C:\Program Files (x86)\Timeslips\TSTimer.exe (Sage Software SB, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02ED773F-21D8-4891-AD0F-9FC253DF9FC2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AE682A3-EFE8-4FEF-99C6-352B4DC1D09F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/25 01:17:59 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 19:37:37 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Malwarebytes
[2012/01/16 19:37:10 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/16 19:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 19:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 19:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 17:57:11 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/16 17:54:08 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/01/16 17:53:25 | 001,974,064 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2012/01/16 17:34:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/16 17:25:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/16 17:25:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/16 17:25:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/16 16:58:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/16 16:58:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/16 16:50:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 16:47:23 | 004,385,658 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\ComboFix.exe
[2012/01/16 16:23:31 | 000,000,000 | R--D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/01/16 16:18:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/16 13:02:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/01/11 07:24:23 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 07:24:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 07:24:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 07:24:23 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 07:24:22 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 07:24:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 07:24:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 00:17:49 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/10 18:01:50 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Virus
[2012/01/10 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Norton Virus Problem
[2012/01/10 10:50:05 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/10 10:25:35 | 003,956,064 | ---- | C] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2012/01/10 08:36:50 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\NPE
[2012/01/10 08:20:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/01/10 00:48:52 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\SanctionedMedia
[2012/01/09 10:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Timeslips
[2012/01/09 10:47:14 | 002,827,872 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDBAp32.dll
[2012/01/09 10:47:14 | 001,595,488 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDlgApi.dll
[2012/01/09 10:47:14 | 000,520,760 | ---- | C] (Software FX, Inc.) -- C:\Windows\SysWow64\Cfx32.ocx
[2012/01/09 10:47:14 | 000,089,696 | ---- | C] (Sage Software SB, Inc.) -- C:\Windows\SysWow64\TSDB0132.dll
[2012/01/08 20:01:23 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\PO Receipts
[2012/01/04 16:49:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\2011 Organizers
[2012/01/04 15:20:48 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Accounting Tools
[2012/01/04 15:14:14 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Sage
[2012/01/04 15:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peachtree Accounting 2012
[2012/01/04 15:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Aatrix Software
[2012/01/04 15:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sage
[2012/01/04 15:12:56 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf300.dll
[2012/01/04 15:12:14 | 000,000,000 | ---D | C] -- C:\Windows\Crystal
[2012/01/04 15:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIComponentsDotNet
[2012/01/04 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIGenerator
[2012/01/04 15:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BIComponents
[2012/01/04 15:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Objects
[2012/01/04 15:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Pervasive Software
[2012/01/04 15:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pervasive Software
[2012/01/04 15:06:49 | 000,000,000 | ---D | C] -- C:\Sage
[2012/01/04 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sage
[2012/01/04 15:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Peach
[2012/01/04 15:01:57 | 001,156,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC90.dll
[2012/01/04 15:01:57 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll
[2012/01/04 15:01:57 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll
[2011/12/29 12:13:15 | 025,855,352 | ---- | C] (Stamps.com, Inc. ) -- C:\Users\Bob\Desktop\Stamps.com 9.0.exe
[2011/12/18 14:59:53 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\MP0GL00K~AdobePDFUI.dll~
[2011/12/18 14:59:53 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2011/10/22 17:25:39 | 000,212,992 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.ComctlLib.dll
[2011/10/22 17:25:39 | 000,114,688 | ---- | C] ( ) -- C:\Windows\SysWow64\AxInterop.ComctlLib.dll

========== Files - Modified Within 30 Days ==========

[2012/01/16 19:37:10 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 18:49:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000UA.job
[2012/01/16 17:57:12 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/16 17:54:14 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Bob\Desktop\aswMBR.exe
[2012/01/16 17:53:25 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2012/01/16 17:33:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/16 16:47:27 | 004,385,658 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\ComboFix.exe
[2012/01/16 16:27:52 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:27:52 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 16:25:50 | 000,821,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/16 16:25:50 | 000,688,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/16 16:25:50 | 000,133,918 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/16 16:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 16:19:59 | 2132,725,759 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 15:49:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000Core.job
[2012/01/16 15:31:31 | 000,213,574 | ---- | M] () -- C:\Users\Bob\Desktop\Form 1099-MISC Instructions.pdf
[2012/01/16 13:02:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2012/01/14 09:43:04 | 000,129,195 | ---- | M] () -- C:\test.xml
[2012/01/13 11:38:19 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\2011 Lacerte Tax.LNK
[2012/01/11 13:26:21 | 003,384,159 | ---- | M] () -- C:\Users\Bob\Desktop\LPC 2011 Estimated K-1s.pdf
[2012/01/10 10:59:45 | 000,000,769 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\SMRBackup210.dat
[2012/01/10 10:50:05 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR210.SYS
[2012/01/10 10:30:03 | 000,445,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/01/10 10:27:14 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2012/01/10 10:25:38 | 000,005,709 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.nam
[2012/01/10 10:25:35 | 003,956,064 | ---- | M] (Acronis) -- C:\Windows\SysNative\AutoPartNt.exe
[2012/01/10 09:54:42 | 1399,290,021 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/09 19:15:03 | 000,000,091 | ---- | M] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2012/01/09 18:54:05 | 003,970,008 | ---- | M] () -- C:\Users\Bob\Desktop\LPC Holding - 2011-12-15 backup conversion to 2012 Peachtree.ptb
[2012/01/09 12:47:03 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\NEG2BDIC~7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0~
[2012/01/09 12:47:03 | 000,021,216 | -H-- | M] () -- C:\Windows\SysNative\HIKPQ5UJ~7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0~
[2012/01/09 10:47:53 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Timeslips by Sage.lnk
[2012/01/09 10:47:31 | 000,000,078 | ---- | M] () -- C:\Windows\TSREMOTE.INI
[2012/01/06 17:27:03 | 002,602,771 | ---- | M] () -- C:\Users\Bob\Desktop\2012-01-06 #3.pdf
[2012/01/04 19:11:22 | 003,970,761 | ---- | M] () -- C:\Users\Bob\Desktop\LPC Holding Corporation-12_15_11 unadju-010412 (2009 Peachtree).ptb
[2012/01/04 15:19:26 | 000,063,158 | ---- | M] () -- C:\Windows\PeachWLog.XML
[2012/01/04 15:08:50 | 000,000,519 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2012/01/04 15:07:44 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/04 12:36:35 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\2010 Lacerte Tax.LNK
[2012/01/04 11:01:53 | 000,117,901 | ---- | M] () -- C:\Users\Bob\Desktop\Drywall.pdf
[2012/01/04 10:37:03 | 000,000,416 | ---- | M] () -- C:\Windows\TIMESLIP.INI
[2012/01/03 18:24:59 | 000,563,712 | ---- | M] () -- C:\Users\Bob\Desktop\Schmitt 2003AZ.pdf
[2012/01/02 16:30:22 | 000,133,069 | ---- | M] () -- C:\Users\Bob\Desktop\Start-Up Costs.pdf
[2011/12/31 15:12:49 | 000,813,716 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/29 12:13:15 | 025,855,352 | ---- | M] (Stamps.com, Inc. ) -- C:\Users\Bob\Desktop\Stamps.com 9.0.exe

========== Files Created - No Company Name ==========

[2012/01/16 19:37:10 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 17:25:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/16 17:25:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/16 17:25:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/16 17:25:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/16 17:25:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/16 15:29:48 | 000,213,574 | ---- | C] () -- C:\Users\Bob\Desktop\Form 1099-MISC Instructions.pdf
[2012/01/11 13:18:02 | 003,384,159 | ---- | C] () -- C:\Users\Bob\Desktop\LPC 2011 Estimated K-1s.pdf
[2012/01/10 10:50:20 | 000,000,769 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\SMRBackup210.dat
[2012/01/10 10:25:38 | 000,005,709 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.nam
[2012/01/10 10:25:35 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2012/01/10 08:20:04 | 1399,290,021 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/09 19:15:03 | 000,000,091 | ---- | C] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2012/01/09 18:54:01 | 003,970,008 | ---- | C] () -- C:\Users\Bob\Desktop\LPC Holding - 2011-12-15 backup conversion to 2012 Peachtree.ptb
[2012/01/09 10:47:53 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Timeslips by Sage.lnk
[2012/01/06 23:08:51 | 003,970,761 | ---- | C] () -- C:\Users\Bob\Desktop\LPC Holding Corporation-12_15_11 unadju-010412 (2009 Peachtree).ptb
[2012/01/06 17:26:59 | 002,602,771 | ---- | C] () -- C:\Users\Bob\Desktop\2012-01-06 #3.pdf
[2012/01/04 15:08:50 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/04 15:07:24 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012/01/04 15:01:57 | 000,063,158 | ---- | C] () -- C:\Windows\PeachWLog.XML
[2012/01/04 11:00:24 | 000,117,901 | ---- | C] () -- C:\Users\Bob\Desktop\Drywall.pdf
[2012/01/03 18:24:59 | 000,563,712 | ---- | C] () -- C:\Users\Bob\Desktop\Schmitt 2003AZ.pdf
[2012/01/02 16:12:10 | 000,133,069 | ---- | C] () -- C:\Users\Bob\Desktop\Start-Up Costs.pdf
[2011/11/08 17:36:11 | 000,000,416 | ---- | C] () -- C:\Windows\TIMESLIP.INI
[2011/11/03 19:35:32 | 000,000,114 | ---- | C] () -- C:\Windows\LTBUI06.INI
[2011/11/03 19:35:30 | 000,000,205 | ---- | C] () -- C:\Windows\WTAXSYNC.INI
[2011/11/03 19:30:56 | 000,003,693 | ---- | C] () -- C:\Windows\setups06.ini
[2011/11/03 19:29:37 | 000,000,262 | ---- | C] () -- C:\Windows\W06Tax.ini
[2011/11/03 19:17:10 | 000,002,874 | ---- | C] () -- C:\Windows\setups05.ini
[2011/11/03 19:05:47 | 000,000,205 | ---- | C] () -- C:\Windows\W05Tax.ini
[2011/11/03 18:39:43 | 000,000,047 | ---- | C] () -- C:\Windows\W04UPDAT.INI
[2011/11/03 18:39:42 | 000,000,045 | ---- | C] () -- C:\Windows\W04Tax.INI
[2011/11/03 18:09:35 | 000,000,045 | ---- | C] () -- C:\Windows\W03Tax.INI
[2011/11/03 18:09:34 | 000,000,047 | ---- | C] () -- C:\Windows\W03UPDAT.INI
[2011/11/03 18:04:36 | 000,002,893 | ---- | C] () -- C:\Windows\setups03.ini
[2011/11/03 17:44:53 | 000,000,029 | ---- | C] () -- C:\Windows\lacerte.ini
[2011/11/03 17:44:45 | 000,000,047 | ---- | C] () -- C:\Windows\W02UPDAT.INI
[2011/11/03 17:44:45 | 000,000,047 | ---- | C] () -- C:\Windows\W02Comgr.INI
[2011/11/03 17:44:44 | 000,000,419 | ---- | C] () -- C:\Windows\W02Tax.INI
[2011/11/03 17:40:29 | 000,002,628 | ---- | C] () -- C:\Windows\setups02.ini
[2011/10/26 16:00:42 | 000,000,078 | ---- | C] () -- C:\Windows\TSREMOTE.INI
[2011/10/26 16:00:39 | 000,244,984 | ---- | C] () -- C:\Windows\SysWow64\tutil32.dll
[2011/10/26 15:59:14 | 000,705,024 | ---- | C] () -- C:\Windows\SysWow64\TSSchBkpService.exe
[2011/10/22 18:07:13 | 000,098,304 | R--- | C] () -- C:\Windows\SysWow64\fjstdp64.exe
[2011/10/22 18:07:13 | 000,001,850 | R--- | C] () -- C:\Windows\SysWow64\FJOEMINF.ini
[2011/10/22 18:07:13 | 000,001,026 | R--- | C] () -- C:\Windows\SysWow64\copyres.ini
[2011/10/22 17:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\setscan.ini
[2011/10/22 17:41:03 | 000,020,480 | R--- | C] () -- C:\Windows\SysWow64\WnASPI32.dll
[2011/10/22 17:40:15 | 000,000,529 | ---- | C] () -- C:\Windows\kofax200.ini
[2011/10/22 17:25:39 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
[2011/10/22 17:25:39 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
[2011/10/22 17:25:39 | 000,000,353 | ---- | C] () -- C:\Windows\SysWow64\regasm.exe.config
[2011/10/22 16:54:21 | 000,000,712 | ---- | C] () -- C:\Windows\FJTWSTI.INI
[2011/10/12 15:14:49 | 000,000,017 | ---- | C] () -- C:\Users\Bob\AppData\Local\resmon.resmoncfg
[2011/10/04 12:15:19 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
[2011/09/10 16:22:54 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011/09/10 15:29:23 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/10 16:03:27 | 000,813,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/03/21 05:28:50 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\mmc.exe.config
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
[2005/09/09 07:57:56 | 000,131,072 | R--- | C] () -- C:\Windows\SysWow64\fsipdcbw.dll
[2005/09/09 07:57:44 | 000,000,197 | ---- | C] () -- C:\Windows\SysWow64\FjDeskew.ini
[1999/02/05 17:29:10 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\Avaspi32.dll
[1997/10/31 02:54:44 | 000,060,928 | ---- | C] () -- C:\Windows\SysWow64\DiIQDBNT.dll
[1997/06/02 18:08:34 | 000,060,712 | ---- | C] () -- C:\Windows\SysWow64\BUICISIS.DLL
[1994/09/30 15:34:54 | 000,011,934 | ---- | C] () -- C:\Windows\SysWow64\PIXPNR.DLL
[1994/09/30 15:34:52 | 000,012,126 | ---- | C] () -- C:\Windows\SysWow64\PIXPCZ.DLL

< End of report >








The following is the Extras log from OTL:

OTL Extras logfile created on: 1/16/2012 7:46:10 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.61 Gb Available Physical Memory | 70.29% Memory free
15.96 Gb Paging File | 13.06 Gb Available in Paging File | 81.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.67 Gb Total Space | 837.10 Gb Free Space | 91.22% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 233.95 Gb Free Space | 78.50% Space Free | Partition Type: FAT32
Drive F: | 931.51 Gb Total Space | 366.14 Gb Free Space | 39.31% Space Free | Partition Type: NTFS
Drive H: | 74.53 Gb Total Space | 26.69 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive I: | 7.50 Gb Total Space | 7.44 Gb Free Space | 99.29% Space Free | Partition Type: FAT32

Computer Name: VAIO | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.80
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.80
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.80
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F752405-EA36-4E8E-9644-0D8CB0387DA5}" = ArcSoft Family Paint
"{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F8695CD-ED3F-4F22-9EFF-E710E0D98C2F}" = Error Recovery Guide for fi-5120C/fi-5220C
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2186F2E0-7023-453B-B604-0F13C72AFF37}" = Acronis True Image Home 2012
"{2186F2E0-7023-453B-B604-0F13C72AFF37}Visible" = Acronis True Image Home 2012
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}" = LightScribe System Software
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B07E034-8AC7-4960-83A2-98EC96750CD6}" = ISIS Driver Bundle Installer for fi-Series Scanners
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55584E16-4D70-44EE-93DD-F144E8B7D4B7}" = QuickBooks Product Listing Service
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows V09L21
"{5A33AFE3-5E09-4A15-B772-4110FF8A572B}" = Kofax VRS Component Fujitsu fi-5120C
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6623AA80-69BE-4D39-852B-329DDE843FB5}" = Software Operation Panel
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A35E74B-68AD-4054-B93A-FEB7B687114C}" = Kofax VirtualReScan 4.10
"{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}" = Intuit Runtime Components 6.0.16
"{6E68C42C-C3F7-4BF1-B971-B91782DDA434}" = Timeslips by Sage 2008
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{7FEE267E-003F-43B0-95D2-534D4213D4BA}" = Lacerte Runtime Components
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{83721450-E604-4C37-ABEB-CE7F18C587C8}" = LightScribe Template Labeler
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6564CE-1738-417C-8178-BBB7651D972B}" = Garmin Training Center
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_947" = Adobe Acrobat 9.4.7 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{AEFF1CC5-2774-4EAE-A19F-8A86F2E9EFDB}" = ScandAll 21
"{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}" = Peachtree Accounting 2012
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA1EF4A7-AB67-492B-9C7D-4AEE43F5A3C6}" = Peachtree Signature Ready Forms
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{D5E1BC1D-5955-44D2-A5F2-6BFCA659DDA1}" = Kofax TWAIN Data Source
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE27B805-6833-4B20-9B62-D3EF2660791A}" = ArcSoft WebCam Message Board
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (LACERTEDB)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F5248E24-F52C-4FD1-B76F-102460BAFD6B}" = VAIO Help and Support
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"{FB8B748E-848E-41B9-B4B1-F5E6D3C118F7}" = Document eSort Components
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"2002 Lacerte Tax" = 2002 Lacerte Tax
"2003 Lacerte Tax" = 2003 Lacerte Tax
"2004 Lacerte Tax" = 2004 Lacerte Tax
"2005 Lacerte Tax" = 2005 Lacerte Tax
"2006 Lacerte Tax" = 2006 Lacerte Tax
"2007 Lacerte Tax" = 2007 Lacerte Tax
"2008 Lacerte Tax" = 2008 Lacerte Tax
"2009 Lacerte Tax" = 2009 Lacerte Tax
"2010 Lacerte Tax" = 2010 Lacerte Tax
"2011 Lacerte Tax" = 2011 Lacerte Tax
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Application Manager for VAIO" = Application Manager for VAIO
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}" = Peachtree Accounting 2012
"Integration Services" = Sage Integration Services
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pervasive PSQL v10 SP2 Workgroup (32-bit)" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"PremElem90" = Adobe Premiere Elements 9
"Second Copy 8_is1" = Second Copy 8
"Software Operation Panel" = Software Operation Panel
"splashtop" = VAIO Quick Web Access
"Stamps.com" = Stamps.com
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#6
RKinner
Posted 17 January 2012 - 01:42 AM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 22
Java™ 6 Update 22 (64-bit)

Get the latest Java at:
http://www.java.com/en/

(To get the latest 64-bit version you must visit java.com using your 64 bit IE.)

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar, McAfee Security Scan, or other foistware.



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix. It should reboot if not reboot it manually.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
carusoconan
Posted 17 January 2012 - 01:49 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I cleared the Java cache and then removed the Java 6 Update 22 and Java 6 Update 22 (64-bit) versions that you noted and found no other versions under any of the various names you mentioned. I copied and pasted the additional language you provided into OTL, hit the Run Fix button and then rebooted the system. I ran the sfc /scannow command and after it ran it noted that "Windows Resource Protection did not find any integrity violations". The two logs you requested from Event Viewer Tool follow.




The following is the log from the Event Viewer Tool run with System checked under the "select log to query" option:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2012 12:27:55 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:32:02 PM
Type: Error Category: 0
Event: 8032 Source: BROWSER
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{5AE682A3-EFE8-4FEF-99C6-352B4DC1D09F}. The backup browser is stopping.

Log: 'System' Date/Time: 17/01/2012 5:59:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The InAspi32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 17/01/2012 5:59:39 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\InAspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 17/01/2012 6:23:55 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\CONANCPA on the network \Device\NetBT_Tcpip_{5AE682A3-EFE8-4FEF-99C6-352B4DC1D09F}. Browser master: \\CONANCPA Network: \Device\NetBT_Tcpip_{5AE682A3-EFE8-4FEF-99C6-352B4DC1D09F} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 17/01/2012 5:58:46 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.







The following is the log from the Event Viewer Tool run with Application checked under the "select log to query" option:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 17/01/2012 12:30:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 17/01/2012 6:01:05 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
RKinner
Posted 17 January 2012 - 02:00 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
InAspi32.sys part of Kofax VirtualReScan 4.10 does not appear to be compatible with your system:

\??\C:\Windows\SysWow64\drivers\InAspi32.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Other than that nothing to worry about so I think we are done unless you have other problems.




You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#9
carusoconan
Posted 17 January 2012 - 06:24 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The Kofax program is a scanner application that seems to be working fine; I checked with the vendor when I bought the computer about 4 months ago and they indicated they no longer supported the version that I had. It didn't work with the TWAIN driver that was supplied with the program (which is perhaps the one you mention as being blocked) but it does work with the ISIS driver. As such, unless you believe it poses some type of hazard/problem I would prefer to continue with it as a new version of the program which is Windows 7 certified is about $1,000.

A question I do have involves Norton. I did another scan with Norton and it is still showing the presence of the threat labeled Trojan.Zeroaccess.B and that the infected file is c:/windows/system32/consrv.dll, and that it requires manual removal. Is this some type of false positive? Should I try reinstalling Norton and then running the scan again?
  • 0

#10
RKinner
Posted 17 January 2012 - 07:24 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
Kofax program can stay. Just afraid it might slow down the boot a bit.

Norton sometimes has a hard time forgetting about a threat even after it is gone.

Copy the next line:

mkdir /windows/system32/consrv.dll

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then paste and the copied line should appear. Hit Enter. This tries to create a folder of the same name. If you don't get an error (the malware file is gone) then you need to uninstall Norton and reinstall. If you get an error then run Combofix again and post the log.
  • 0

Advertisements

#11
carusoconan
Posted 17 January 2012 - 08:36 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When the command prompt opens it is in the C:\Windows\system32 directory. When I paste in the line you provided and before I can hit enter, it immediately says "The syntax of the command is incorrect". Is this the error you were referring to?
  • 0

#12
RKinner
Posted 17 January 2012 - 08:47 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
No if you are already in c:\Windows\System32 then we just need:

mkdir consrv.dll
  • 0

#13
carusoconan
Posted 17 January 2012 - 09:00 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When I paste mkdir consrv.dll and hit enter the system replies that "A subdirectory or file consrv.dll already exists". I apologize but I don't know if this means if there is an error or not.
  • 0

#14
RKinner
Posted 17 January 2012 - 09:08 PM

RKinner

    Malware Expert

  • Expert
  • 20,647 posts
  • MVP
That is the error that indicates we need to run Combofix one more time.
  • 0

#15
carusoconan
Posted 17 January 2012 - 10:04 PM

carusoconan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The following is the ComboFix log:


ComboFix 12-01-17.02 - Bob 01/17/2012 20:51:54.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8173.5448 [GMT -7:00]
Running from: c:\users\Bob\Desktop\ComboFixe.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))
.
.
2012-01-18 03:55 . 2012-01-18 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-17 17:47 . 2012-01-17 17:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-17 17:46 . 2012-01-17 17:46 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-01-17 17:46 . 2012-01-17 17:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-01-17 17:46 . 2012-01-17 17:46 -------- d-----w- c:\program files (x86)\Java
2012-01-17 02:37 . 2012-01-17 02:37 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2012-01-17 02:37 . 2012-01-17 02:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-17 02:37 . 2012-01-17 02:37 -------- d-----w- c:\programdata\Malwarebytes
2012-01-17 02:37 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-16 23:58 . 2012-01-17 00:34 -------- d-----w- C:\ComboFix
2012-01-16 23:18 . 2012-01-16 23:18 -------- d-----w- C:\_OTL
2012-01-11 14:24 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:24 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:24 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:24 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:24 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 14:24 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:17 . 2012-01-11 07:17 -------- d-----w- C:\NBRT
2012-01-10 17:50 . 2012-01-10 17:50 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2012-01-10 17:25 . 2012-01-10 17:25 3956064 ----a-w- c:\windows\system32\AutoPartNt.exe
2012-01-10 15:36 . 2012-01-11 06:09 -------- d-----w- c:\users\Bob\AppData\Local\NPE
2012-01-10 07:48 . 2012-01-10 07:48 -------- d-----w- c:\users\Bob\AppData\Local\SanctionedMedia
2012-01-09 17:47 . 2007-10-24 19:29 1595488 ----a-w- c:\windows\SysWow64\TSDlgApi.dll
2012-01-09 17:47 . 2007-10-24 19:29 2827872 ----a-w- c:\windows\SysWow64\TSDBAp32.dll
2012-01-09 17:47 . 2007-10-24 19:29 89696 ----a-w- c:\windows\SysWow64\TSDB0132.dll
2012-01-09 17:47 . 2007-10-24 19:19 520760 ----a-w- c:\windows\SysWow64\Cfx32.ocx
2012-01-07 14:51 . 2012-01-07 14:51 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-07 14:51 . 2012-01-07 14:51 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-07 14:51 . 2012-01-07 14:51 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-07 14:51 . 2012-01-07 14:51 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-04 22:14 . 2012-01-04 22:14 -------- d-----w- c:\users\Bob\AppData\Roaming\Sage
2012-01-04 22:13 . 2012-01-04 22:13 -------- d-----w- c:\programdata\Aatrix Software
2012-01-04 22:12 . 2012-01-04 22:12 -------- d-----w- c:\programdata\Sage
2012-01-04 22:12 . 2011-10-25 13:52 3833856 ----a-w- c:\windows\SysWow64\cdintf300.dll
2012-01-04 22:12 . 2012-01-04 22:12 -------- d-----w- c:\windows\Crystal
2012-01-04 22:11 . 2012-01-04 22:11 -------- d-----w- c:\program files (x86)\Common Files\BIGenerator
2012-01-04 22:11 . 2012-01-04 22:11 -------- d-----w- c:\program files (x86)\Common Files\BIComponents
2012-01-04 22:10 . 2012-01-04 22:10 -------- d-----w- c:\program files (x86)\Business Objects
2012-01-04 22:08 . 2012-01-04 22:08 -------- d-----w- c:\programdata\Pervasive Software
2012-01-04 22:08 . 2012-01-04 22:08 -------- d-----w- c:\program files (x86)\Pervasive Software
2012-01-04 22:06 . 2012-01-04 22:06 -------- d-----w- C:\Sage
2012-01-04 22:06 . 2012-01-04 22:09 -------- d-----w- c:\program files (x86)\Sage
2012-01-04 22:03 . 2012-01-04 22:13 -------- d-----w- c:\program files (x86)\Common Files\Peach
2012-01-04 22:01 . 2001-01-01 07:00 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-01-04 22:01 . 2001-01-01 07:00 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-01-04 22:01 . 2001-01-01 07:00 1156600 ----a-w- c:\windows\SysWow64\MFC90.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 22:31 . 2011-10-26 23:43 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 02:05 . 2011-12-10 02:05 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-05 22:24 . 2011-12-05 22:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-05 03:12 . 2011-12-05 03:12 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2011-12-05 03:12 . 2011-12-05 03:12 1285216 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2011-12-05 03:12 . 2011-12-05 03:12 986208 ----a-w- c:\windows\system32\drivers\timntr.sys
2011-12-05 03:12 . 2011-12-05 03:12 211040 ----a-w- c:\windows\system32\drivers\vididr.sys
2011-12-05 03:12 . 2011-12-05 03:12 142944 ----a-w- c:\windows\system32\drivers\vsflt61.sys
2011-12-05 03:12 . 2011-12-05 03:12 310368 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-05 03:12 . 2011-12-05 03:12 133728 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2011-11-30 09:21 . 2011-12-10 01:10 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C90E30C-BE3C-4D4E-8AB7-123DCA0BCA14}\mpengine.dll
2011-11-24 04:52 . 2011-12-13 19:19 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 21:29 . 2010-11-21 03:27 270720 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-13 19:43 . 2011-09-24 02:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:32 . 2011-12-13 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-13 19:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:17 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:17 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-04 01:16 . 2011-11-04 01:16 20480 ----a-w- c:\windows\SysWow64\cliconfg.728
2011-11-03 22:47 . 2011-12-14 09:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:17 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:17 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 23:43 . 2011-10-26 23:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-26 23:43 . 2011-10-26 23:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-26 23:43 . 2011-10-26 23:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 05:21 . 2011-12-13 19:19 43520 ----a-w- c:\windows\system32\M5AMRDR8~csrsrv.dll~
2011-10-26 05:21 . 2011-12-13 19:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:53 . 2011-10-25 13:53 94208 ----a-w- c:\windows\SysWow64\ZLibCom.dll
2011-10-25 13:53 . 2011-10-25 13:53 73728 ----a-w- c:\windows\SysWow64\psProxy.dll
2011-10-25 13:53 . 2011-10-25 13:53 630784 ----a-w- c:\windows\SysWow64\PAWSAX.dll
2011-10-25 13:53 . 2011-10-25 13:53 57328 ----a-w- c:\windows\SysWow64\OLE2CONV.DLL
2011-10-25 13:53 . 2011-10-25 13:53 5472 ----a-w- c:\windows\SysWow64\STDOLE.TLB
2011-10-25 13:53 . 2011-10-25 13:53 536048 ----a-w- c:\windows\SysWow64\OC25.DLL
2011-10-25 13:53 . 2011-10-25 13:53 51712 ----a-w- c:\windows\SysWow64\OLE2PROX.DLL
2011-10-25 13:53 . 2011-10-25 13:53 42688 ----a-w- c:\windows\SysWow64\IDLE.DLL
2011-10-25 13:53 . 2011-10-25 13:53 380928 ----a-w- c:\windows\SysWow64\pSOAP32.dll
2011-10-25 13:53 . 2011-10-25 13:53 28113 ----a-w- c:\windows\SysWow64\OLE2.REG
2011-10-25 13:53 . 2011-10-25 13:53 26112 ----a-w- c:\windows\SysWow64\Wavemix.dll
2011-10-25 13:53 . 2011-10-25 13:53 188416 ----a-w- c:\windows\SysWow64\pocketHTTP.dll
2011-10-25 13:53 . 2011-10-25 13:53 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-10-25 13:53 . 2011-10-25 13:53 167424 ----a-w- c:\windows\SysWow64\MSPDB50.DLL
2011-10-25 13:53 . 2011-10-25 13:53 167424 ----a-w- c:\windows\SysWow64\Awrtl30.dll
2011-10-25 13:53 . 2011-10-25 13:53 12976 ----a-w- c:\windows\SysWow64\SCP.DLL
2011-10-25 13:53 . 2011-10-25 13:53 111616 ----a-w- c:\windows\SysWow64\Ltih30tb.dll
2011-10-25 13:53 . 2011-10-25 13:53 111544 ----a-w- c:\windows\SysWow64\MSCAL.OCX
2011-10-25 13:53 . 2011-10-25 13:53 110676 ----a-w- c:\windows\SysWow64\psDime.dll
2011-10-23 01:00 . 2011-10-23 01:00 77824 ----a-w- c:\windows\SysWow64\KCL310.dll
2011-10-23 01:00 . 2011-10-23 01:00 16384 ----a-w- c:\windows\SysWow64\KDB310.dll
.
.
((((((((((((((((((((((((((((( [email protected]_00.33.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-01-17 18:01 52332 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 18:01 39464 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-17 03:07 . 2012-01-17 18:01 15440 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4080961410-44987213-562876926-1000_UserData.bin
+ 2012-01-17 02:37 . 2011-12-10 22:24 23152 c:\windows\system64\drivers\mbam.sys
+ 2011-09-10 22:31 . 2012-01-17 18:19 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-10 22:31 . 2012-01-16 23:40 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-10 22:31 . 2012-01-17 18:19 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-10 22:31 . 2012-01-16 23:40 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 18:19 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 23:40 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-01-17 18:01 52332 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-17 18:01 39464 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-17 03:07 . 2012-01-17 18:01 15440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4080961410-44987213-562876926-1000_UserData.bin
- 2011-09-10 22:31 . 2012-01-16 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-10 22:31 . 2012-01-17 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-10 22:31 . 2012-01-16 23:40 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-10 22:31 . 2012-01-17 18:19 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-17 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-16 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-14 06:50 . 2012-01-17 07:02 3070 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2011-11-14 06:50 . 2012-01-16 23:19 3070 c:\windows\system64\wdi\ERCQueuedResolutions.dat
- 2011-11-14 06:50 . 2012-01-16 23:19 3070 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-14 06:50 . 2012-01-17 07:02 3070 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-17 17:59 . 2012-01-17 17:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-16 23:20 . 2012-01-16 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-17 17:59 . 2012-01-17 17:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-16 23:20 . 2012-01-16 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-17 17:46 . 2012-01-17 17:46 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-01-17 17:46 . 2012-01-17 17:46 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-01-17 17:46 . 2012-01-17 17:46 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-01-16 23:25 688544 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 18:03 688544 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-17 18:03 133918 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-01-16 23:25 133918 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-17 18:03 688544 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-16 23:25 688544 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-16 23:25 133918 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-17 18:03 133918 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-16 23:19 412572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-17 17:58 412572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-17 17:47 . 2012-01-17 17:47 207360 c:\windows\Installer\4986db.msi
- 2011-09-10 23:14 . 2012-01-16 23:19 1777656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-10 23:14 . 2012-01-17 17:58 1777656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-09-18 07:30 . 2012-01-10 18:49 5543340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4080961410-44987213-562876926-1000-4096.dat
+ 2011-09-18 07:30 . 2012-01-17 17:58 5543340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4080961410-44987213-562876926-1000-4096.dat
+ 2011-09-17 03:04 . 2012-01-17 17:58 21822360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4080961410-44987213-562876926-1000-8192.dat
+ 2012-01-17 17:46 . 2012-01-17 17:46 12905472 c:\windows\Installer\4986d3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Second Copy"="c:\program files (x86)\Second Copy 8\SecCopy.exe" [2011-09-19 2996008]
"ANT Agent"="c:\program files (x86)\Garmin\Training Center\ANT_Agent\ANT Agent.exe" [2011-04-14 12036968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2007-10-24 2403936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2010-02-08 143360]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2011-03-25 139264]
"FTPWRENV"="c:\windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe" [2007-10-17 45056]
"FiWIA Service Checker"="c:\windows\Twain_32\Fjscan32\FiWiaChecker.exe" [2009-10-21 86016]
"“FjISIS WIA Service Checker"="c:\windows\pixtran\fujitsu\FiWiaChecker.exe" [2009-10-21 86016]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-11-10 5954016]
"PeachtreePrefetcher.exe"="c:\program files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe" [2011-12-27 30024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Error Recovery Guide.lnk - c:\windows\twain_32\fjscan32\ERG\FTErGuid.exe [2011-1-5 286720]
Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe [2011-10-20 303456]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
Service Manager.norun [2011-11-3 2221]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe [2007-10-24 705024]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
R3 MSSQL$LACERTEDB;MSSQL$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlservr.exe [2002-12-18 7520337]
R3 Peachtree SmartPosting 2012;Peachtree SmartPosting 2012;c:\program files (x86)\Sage\Peachtree\SmartPostingService2012.exe [2011-12-27 43848]
R3 SQLAgent$LACERTEDB;SQLAgent$LACERTEDB;c:\program files (x86)\Microsoft SQL Server\MSSQL$LACERTEDB\Binn\sqlagent.EXE [2002-12-18 311872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SMR210;Symantec SMR Utility Service 2.1.0;c:\windows\System32\drivers\SMR210.SYS [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120117.002\IDSvia64.sys [2011-12-09 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-05 3450832]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-30 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-30 91296]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2011-07-20 36864]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe [2011-11-05 435528]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 ScVssService64;Second Copy VSS Service x64;c:\program files (x86)\Second Copy 8\ScVssService64.exe [2011-09-19 75048]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 378472]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-10 138360]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\DRIVERS\NWLowRider.sys [x]
S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\DRIVERS\NWWakeFilterLR.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 22:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000Core.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 22:44]
.
2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080961410-44987213-562876926-1000UA.job
- c:\users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 22:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-30 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-30 657568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-11-10 403096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ww2.cox.com/myconnection/arizona/home.cox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\ukm7lh98.default\
FF - prefs.js: browser.startup.homepage - hxxp://ww2.cox.com/myconnection/arizona/home.cox
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-17 20:57:08
ComboFix-quarantined-files.txt 2012-01-18 03:57
ComboFix2.txt 2012-01-17 00:34
.
Pre-Run: 895,774,629,888 bytes free
Post-Run: 895,344,726,016 bytes free
.
- - End Of File - - 6D4B310BDAD67CA8FFBAF2D40AA850EB
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP