Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit.Win32.Necurs.gen


  • Please log in to reply

#1
BlazeHeatnix

BlazeHeatnix

    Member

  • Member
  • PipPip
  • 39 posts
Got on my laptop the other day only to find that as soon as I turned it on, "Windows 8 Security" starts scanning and tells me about all these infections it found and how it wants me to register; I should also note that there are several typos located in the message that appears stating what kind of harm can be caused if I don't register. Obviously this is fake/part of the virus. Another symptom I have is the Google redirect. I've had this problem in the past and thought it may have been the same thing, so I followed the guide provided by geekstogo, located here: http://www.geekstogo...ogle-redirects/
I have run all programs and TDSSKiller found a file called: Rootkit.Win32.Necurs.gen
Default action is to delete/cure it, so that's what I did; then TDSSKiller wanted to reboot to finish the cure process. Fine. Upon reboot, the same exact symptoms appear. I ran TDSSKiller again and it found the same file; appears that it is incapable of removing the file, so I am at a loss, thus why I am posting this thread. Any help would be greatly appreciated. My laptop is running on Windows 7 64-bit. I don't have a recovery disc. I'll be gone for the weekend so it may take me until Monday afternoon to reply with logs. Also, while I was typing this out, I left my laptop on, only for it to blue screen..decided to shut it down and leave it until I have instructions to follow. Thank you.

Edit: Ran OTL Quick Scan and it froze after a message appeared saying: Access violation at address 00000000. Read of address 00000000. Pop-up message from Windows 8 Security stated: Application has been attacked with virus! Win 8 Security System detect "OTL by OldTimer - Version 3.2.59.0" corrupted by "Exploit.CplLnk.Gen." Should also add that there is a file running in Task Manager by the name of: f42d0bc46a1897c5.exe. When I attempt to terminate it, it tells me access is denied.

Edited by BlazeHeatnix, 30 August 2012 - 09:05 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking. Login with your usual login.

Now try to run OTL. I would prefer that you do a custom scan:

You should probably delete your old OTL and download a new.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
BlazeHeatnix

BlazeHeatnix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL Log

OTL logfile created on: 9/3/12 10:33:43 PM - Run 2
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Norton\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.82% Memory free
5.49 Gb Paging File | 4.72 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 13.78 Gb Free Space | 10.07% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Norton | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/03 22:00:40 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/29 23:31:25 | 000,090,584 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\d9b771ee34184683.sys -- (d9b771ee34184683)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/07/20 22:16:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/13 01:09:27 | 000,326,792 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/29 23:31:25 | 000,090,584 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\d9b771ee34184683.sys -- (d9b771ee34184683)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/27 17:27:07 | 000,828,912 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...84z185t48m2x232
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...84z185t48m2x232
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7ACAW_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.6.9
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Norton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norton\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norton\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/24 18:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/05/11 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Extensions
[2010/05/11 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/26 23:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions
[2010/03/26 07:42:35 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/06/24 21:44:47 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/04/27 18:42:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/04 16:26:58 | 000,000,000 | ---D | M] (zblack) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/12/26 15:23:59 | 000,000,000 | ---D | M] (RulerDark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
[2012/07/30 22:37:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/05/29 12:20:57 | 000,000,000 | ---D | M] (In The Dark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010/02/22 22:52:54 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/12/26 15:24:00 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/03/21 19:01:05 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2012/08/29 22:53:30 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/07 10:43:12 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/12/26 15:24:01 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/02/04 09:09:14 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/06/24 21:44:30 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/12/26 15:24:01 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2011/11/24 23:37:16 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\autofillForms@blueimp.net
[2010/01/04 16:26:49 | 000,000,000 | ---D | M] (Devious Green) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\devious_green@firefox.theme
[2011/04/07 13:19:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\engine@conduit.com
[2009/12/26 15:23:57 | 000,000,000 | ---D | M] (Cold Night) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\martin@hoerandl.com
[2009/12/26 15:23:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\moveplayer@movenetworks.com
[2010/02/22 22:53:00 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\noia2_option@kk.noia
[2009/12/26 15:23:58 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\NPDyyno@dyyno.com
[2011/03/03 17:07:55 | 000,000,000 | ---D | M] (Save Session) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\savesession@noasobi.net
[2011/09/25 16:53:06 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\youtube2mp3@mondayx.de
[2010/06/24 21:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/05/29 12:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/02/04 09:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/04 09:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/06/24 21:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/01/29 18:18:49 | 000,002,172 | ---- | M] () -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\searchplugins\bing.xml
[2011/11/27 00:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/01 02:16:45 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/11/27 00:23:45 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 22:17:24 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 22:54:44 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/07/20 22:16:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/21 00:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/27 21:29:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 21:29:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\gears.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Norton\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Norton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: SmoothScroll = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Image Center Tool = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfapdkemjcgjelakikfoammdodblgjai\1.5_0\
CHR - Extension: Gmail = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/29 22:07:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [f42d0bc46a1897c5.exe] C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe (Auzentech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: win8sec.com ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Seagate Dashboard - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: 06035582.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 06035582.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: 06035582.sys - Driver
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 06035582.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/09/03 22:15:07 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe
[2012/08/30 21:39:03 | 000,000,000 | ---D | C] -- C:\Users\Norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win 8 Security System
[2012/08/29 23:31:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/29 23:18:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/29 22:14:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/29 22:11:03 | 000,000,000 | ---D | C] -- C:\Users\Norton\Desktop\GooredFix Backups
[2012/08/29 22:04:19 | 000,000,000 | ---D | C] -- C:\Users\Norton\Desktop\erunt
[2012/08/29 22:04:11 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Norton\Desktop\TDSSKiller.exe
[2012/08/29 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Norton\Desktop\tdsskiller
[2012/08/29 22:02:36 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTM.exe
[2012/08/29 22:02:36 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Norton\Desktop\GooredFix.exe
[2012/08/29 16:26:14 | 000,617,472 | ---- | C] (Auzentech) -- C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe

========== Files - Modified Within 30 Days ==========

[2012/09/03 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 22:31:32 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/03 22:15:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 22:15:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 22:15:43 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000UA.job
[2012/09/03 22:00:40 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe
[2012/08/30 21:45:37 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 21:45:37 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 21:45:37 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/30 21:39:06 | 000,001,746 | ---- | M] () -- C:\Users\Norton\Desktop\Buy Win 8 Security System.lnk
[2012/08/30 20:34:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/29 23:31:25 | 000,090,584 | ---- | M] () -- C:\Windows\SysNative\drivers\d9b771ee34184683.sys
[2012/08/29 23:12:13 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000Core.job
[2012/08/29 22:07:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/29 21:55:34 | 002,193,184 | ---- | M] () -- C:\Users\Norton\Desktop\tdsskiller.zip
[2012/08/29 21:55:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Norton\Desktop\GooredFix.exe
[2012/08/29 21:51:30 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTM.exe
[2012/08/29 21:51:26 | 000,513,320 | ---- | M] () -- C:\Users\Norton\Desktop\erunt.zip
[2012/08/29 21:20:23 | 004,740,381 | R--- | M] (Swearware) -- C:\Users\Norton\Desktop\ComboFix.exe
[2012/08/29 16:56:10 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/29 16:22:47 | 000,617,472 | ---- | M] (Auzentech) -- C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe
[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Norton\Desktop\TDSSKiller.exe
[2012/08/21 23:32:48 | 000,002,460 | ---- | M] () -- C:\Users\Norton\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/08/29 23:31:25 | 000,090,584 | ---- | C] () -- C:\Windows\SysNative\drivers\d9b771ee34184683.sys
[2012/08/29 22:02:36 | 002,193,184 | ---- | C] () -- C:\Users\Norton\Desktop\tdsskiller.zip
[2012/08/29 22:02:36 | 000,513,320 | ---- | C] () -- C:\Users\Norton\Desktop\erunt.zip
[2012/08/29 16:56:10 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/29 16:29:26 | 000,001,746 | ---- | C] () -- C:\Users\Norton\Desktop\Buy Win 8 Security System.lnk
[2012/05/02 21:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/09 01:17:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/09 01:17:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/09 01:17:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/09 01:17:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/09 01:17:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/21 21:26:55 | 000,191,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/17 01:04:11 | 000,747,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/18 21:57:33 | 000,007,597 | ---- | C] () -- C:\Users\Norton\AppData\Local\Resmon.ResmonCfg
[2009/12/29 07:35:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK1655GSX ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 12889013760
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 137.00GB
Starting Offset: 12995942400
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/01/01 02:30:57 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\.purple
[2010/03/02 08:38:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\acccore
[2009/12/25 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Acer
[2012/04/11 23:04:54 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Adobe
[2010/04/05 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\AnvSoft
[2011/10/13 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Apple Computer
[2009/12/25 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\ATI
[2011/06/06 23:13:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Audacity
[2012/04/11 23:44:29 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\CyberLink
[2010/05/10 21:50:59 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\DAEMON Tools Lite
[2010/03/21 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\DAEMON Tools Pro
[2010/06/11 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Datel
[2010/06/20 07:49:14 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\dvdcss
[2010/06/07 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Facebook
[2010/06/11 19:40:11 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\GameTuts
[2012/01/24 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Garmin
[2009/12/25 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Google
[2009/12/25 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Identities
[2011/02/16 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Intelli-studio
[2009/12/25 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Leadertech
[2009/12/25 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Macromedia
[2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Media Center Programs
[2011/01/17 01:04:10 | 000,000,000 | --SD | M] -- C:\Users\Norton\AppData\Roaming\Microsoft
[2009/12/25 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Mozilla
[2010/10/17 07:34:13 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\NCH Software
[2010/06/27 21:18:48 | 000,000,000 | RH-D | M] -- C:\Users\Norton\AppData\Roaming\SecuROM
[2009/12/25 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\SoftDMA
[2010/01/06 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\TeamViewer
[2010/05/11 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Thunderbird
[2010/01/01 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\U3
[2012/04/30 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\uTorrent
[2012/07/24 22:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\vlc
[2010/01/01 01:48:18 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\WinRAR
[2012/06/23 13:36:47 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Xfire
[2010/05/28 03:01:27 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\mswsock.dll
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/03/25 22:16:08 | 000,025,608 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\DKbFltr.sys

< End of report >








Extras Log

OTL Extras logfile created on: 9/3/12 10:33:43 PM - Run 2
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Norton\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

2.75 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 70.82% Memory free
5.49 Gb Paging File | 4.72 Gb Available in Paging File | 85.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 13.78 Gb Free Space | 10.07% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Norton | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D7BDC7-A6BE-48FF-BAF3-E27D9B5482D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D0C6C73-2DA6-4FB7-AE27-C8891AAD5A1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D125EBE-6207-4D8F-A72F-1D03550CA4CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{178E019D-4A45-4B0E-87D7-99E61DA08B26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18BFAC29-E489-4016-8AA1-91315CA6FECA}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AD26269-1361-4EEB-B31A-5794A3C549A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CD42813-A30A-4100-8549-A9FC839396ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B3DC024-F217-4896-A82A-63A72CA1EDB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D0A238B-6BFA-4AC0-A05E-AA7C0BCBCD04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DE8D303-0E76-4064-B6B1-9411FF070500}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{389BA9E7-E3F2-4A76-86AA-61FD60B978B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{48F45001-ACF7-4B53-91D9-11828BEA98F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{550E59BB-65AC-41CE-93C9-5EFC435DCB0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5ADC3ECB-D8BC-4332-BCE2-CE4BA5EE4EDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5CE387DB-D24A-4DAF-B7BC-5430E52AD9DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{61E3489B-7F28-49CB-8487-C6D2DE41E48A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7089C9E4-A834-44BA-8899-73F9EDCF3F04}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7512809C-E754-4260-A7CB-A84DF1017EDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B62B883-BBBA-438A-957B-4884913E8004}" = rport=138 | protocol=17 | dir=out | app=system |
"{9AC52706-EA55-4066-9F15-F6C4F722F411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F139F1F-0239-4110-83E0-F7BED49E09AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8922F1D-41F1-49C7-B586-73EF0C4A5665}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA353877-A8EF-432A-97BC-15A411BE5852}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4DA1C3-209A-42C0-933C-EE8E2F5425C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AB34A471-2368-4989-9483-C2DD854E2DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0ED07EB-C5B4-4238-BA76-8472474FFC88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2808C3C-DFA6-4BAA-978A-3F55CD5383A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5863EF2-14B5-4C52-9EAF-A80C7F0336A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9BCAFEF-BA2F-46D1-8092-61FBAF40E239}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D84296DF-5C1B-400E-B2DB-EB85472FDB88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF7EBAFA-DAA9-4E91-A239-82FFC64393EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E883E970-7875-485C-90EA-710B912B2A0B}" = lport=137 | protocol=17 | dir=in | app=system |
"{EFD1FD1F-BA2C-403C-855C-321B48C9330A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F300D67E-6559-4FB5-BB91-A1F5C04C0AC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC48EB2D-C839-4AEB-BD8E-DE69FDF243DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF4CC24A-53E4-4D0E-AE34-605EF38F72D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01525C05-AD11-4D36-8784-D5737F44D207}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{08C725BD-2CB6-466F-B866-128E5DA9241C}" = protocol=6 | dir=in | app=c:\users\norton\appdata\local\tversity\media server\mediaserver.exe |
"{15DF60B4-3F8C-4A95-BC8D-BD1C7E4C1593}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1806D13C-1D52-4871-A8A3-98D5151E3F3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{238C67ED-FA48-436E-8A9A-5C75E55E2C13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{25E4B0D6-DD80-419C-B0DE-FE0253AB65C4}" = protocol=6 | dir=out | app=system |
"{2976E300-F7C0-48F7-A792-61D6A9CE3A17}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2DCD67CB-9AD0-4982-A502-FF1E160558FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DD1F47B-C7E6-4B98-919D-B682DF472C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2EBE566A-3E75-4EFF-913D-E988AE7F455E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{32C6B422-21CA-4BDE-BF1B-263FE888AAEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3331BA97-C664-41EB-B75B-8ED0F71D453C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{393F48A2-D596-46C3-9D0A-0AF21AD0CBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3B446CDF-A1B0-496E-8310-DF3331CD407C}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{410A2DAB-3C1F-4AC6-BBB1-82436D9A65CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{433BD7EC-56FA-471C-9AA6-CCEF9A682A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4470A6B5-41E4-4BF5-A399-4366122A6587}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45B1B5D8-CB4A-4820-8FBE-2D254FDCA907}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{462A8063-B9AA-4246-96BE-A1083B3D9DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4C5BAF55-2016-4580-ABB4-6580A4A8A9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4FCFA81A-8532-453A-9680-BF142BD0DA65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FDACAD0-84E6-4236-920E-32305ABAACFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{57DFAD4F-2605-4A7A-AAA3-2D3BA09ADF17}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58373C43-F517-4479-B10A-81A3B6D11F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xblazeheatnix\counter-strike source\hl2.exe |
"{6065F562-CD0F-4E0F-A9EC-075CCF57DBC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D83F23D-FD7C-46F6-B27E-A9014CD2903F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E5A1C64-61FB-45DD-B7F3-6055F20B3794}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83A3728A-EC70-43E0-89B3-5008E0452F69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8AB7301E-694E-4EF5-94EF-E9247EFCEA8B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8BA5D26C-DA7A-4576-9F81-58FFDFBE9ACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C04FE99-1680-4816-BC99-D4622A6378D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8F1DF2E4-42F8-4D5F-A8F8-12C1D655774E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8FE70CD5-A34F-43EE-A462-96FCADA4D01D}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{A2FF2D7F-9885-472C-B9D5-ADF785D94C32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AA862931-6BA5-4387-A1B2-47A745B9EB27}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B1AF0EC9-083A-4FF7-A34D-5139F511ADF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B90AEF0F-71D3-49DB-AA9A-48B2C296E8DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC1FB5C8-C202-4280-B24D-3B4406C4BE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C21A4C89-6CC5-4AED-8A72-33E070019DCA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C6ABEDDA-EAA4-4979-B860-2F30E3A7FF33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8260C7E-0A04-41FD-8D04-048CFAD42124}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xblazeheatnix\counter-strike source\hl2.exe |
"{D43605CE-A029-4F4D-9AB7-E591CFE09B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D82B7933-347B-4A37-B050-41431F0CB870}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA7DF5C3-9F59-4011-81C7-79CA5064F5EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE6AB035-FF9D-4382-945A-4B04543E8CD1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E2CFB740-71C2-417B-806D-534530E52C86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E61B4D61-FEE7-4076-94A4-2383DF4DF441}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EA5537BD-24FC-456F-8B8E-B6551F96C1F2}" = protocol=17 | dir=in | app=c:\users\norton\appdata\local\tversity\media server\mediaserver.exe |
"{ED7EC96C-859F-4BF9-9F9F-61EE1B8340D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC16C741-2FE7-4D47-A5DD-FF62CC99B7D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFE0B838-A1BD-432A-8299-0CC3C53C3BE6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1D55D7AB-9A5D-4236-9995-6C08554FFDBB}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{1FF40689-46A2-4702-BEBA-39EFC57847EE}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{22A0A125-CAC1-411B-9295-012DFB2B2890}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3A967051-EDA9-4148-B8EA-F257DAED347E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{4683CBE8-1B2A-45B4-B6C6-A7D187214EF6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5B31FE1E-9BAF-44E3-8125-AFC903CF2059}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8454127D-E6E0-4F34-A050-40741B4BC071}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"TCP Query User{94854C5E-83DF-45D4-AC9A-CDB71ADA00E7}C:\program files (x86)\mozilla firefox\crashreporter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\crashreporter.exe |
"TCP Query User{9F876C01-54DA-4395-ABB5-DC49AC40EE33}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C166A3E3-C19D-40AA-B930-E48418540992}C:\program files (x86)\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\winword.exe |
"TCP Query User{C8684B61-96AC-4B9E-98F4-5282D40BD0F2}C:\program files (x86)\apple software update\softwareupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"TCP Query User{E2616776-EBF4-4F66-9DBE-976C1A69F36B}C:\users\norton\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\norton\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E7AB053C-F740-4D77-8B97-2166066F936F}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"TCP Query User{F4505C1C-D9AD-4C9D-8A38-57B5CFA0EA1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{01C4B8A6-9D31-407D-8E3B-C7771DF11598}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1BFC53AB-0A63-47DD-B16F-EC448D2619DA}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{396D0C35-50F0-4581-96FD-5EC74B244748}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"UDP Query User{5160B3DC-5854-418F-A76F-B615A073FDBB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{52F425BD-009E-4D26-A46D-5F02124A5B81}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{535585C3-E115-4870-B218-3C2E3A361C38}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{61F44F5C-C28C-43B0-88B5-64995BD3E9BA}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{78317477-F1B8-412C-9ED5-75738D2A6DCA}C:\program files (x86)\apple software update\softwareupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"UDP Query User{B602FFDE-15F7-4FCF-9B4A-334FC8C9A216}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"UDP Query User{BA90976D-D6D7-4072-AEFA-3E3B0D4C833B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{BD276DC7-6C46-4880-97E0-25F2EB8610CE}C:\program files (x86)\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\winword.exe |
"UDP Query User{C3B3CE41-274A-4BC6-B0BC-80305CDC0EF7}C:\program files (x86)\mozilla firefox\crashreporter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\crashreporter.exe |
"UDP Query User{D6FAE6F3-9831-4E57-B6DA-BD6AF465E30C}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{DDBCFC9B-BEBB-4D76-B548-B2D28FF6C8BE}C:\users\norton\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\norton\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.4
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GridVista" = Acer GridVista
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8c
"SimCity 3000" = SimCity 3000
"Slay_is1" = Slay 5.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft" = StarCraft
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/18/11 10:35:23 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 10:35:23 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 10:47:24 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 10:47:24 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 11:25:27 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: MEDIAM~1.EXE, version: 3.2.0.1294, time
stamp: 0x2a425e19 Faulting module name: d_iPhone.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000486b Faulting process id:
0x370 Faulting application start time: 0x01cbcfe4a0e9d69b Faulting application path:
C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE Faulting module path: C:\PROGRA~2\MEDIAM~1\Plugins\d_iPhone.dll
Report
Id: e49a7271-3bd7-11e0-8e52-002622656dad

Error - 2/18/11 11:25:38 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 11:25:38 PM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 2/18/11 11:28:38 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: MEDIAM~1.EXE, version: 3.2.0.1294, time
stamp: 0x2a425e19 Faulting module name: d_iPhone.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000486b Faulting process id:
0x9d4 Faulting application start time: 0x01cbcfe5139c2caa Faulting application path:
C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE Faulting module path: C:\PROGRA~2\MEDIAM~1\Plugins\d_iPhone.dll
Report
Id: 56a402e8-3bd8-11e0-8e52-002622656dad

Error - 2/18/11 11:34:15 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: MEDIAM~1.EXE, version: 3.2.0.1294, time
stamp: 0x2a425e19 Faulting module name: d_iPhone.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000486b Faulting process id:
0xeb4 Faulting application start time: 0x01cbcfe5ddb46125 Faulting application path:
C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE Faulting module path: C:\PROGRA~2\MEDIAM~1\Plugins\d_iPhone.dll
Report
Id: 1fe0531a-3bd9-11e0-8e52-002622656dad

Error - 2/18/11 11:35:18 PM | Computer Name = Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: MEDIAM~1.EXE, version: 3.2.0.1294, time
stamp: 0x2a425e19 Faulting module name: d_iPhone.dll, version: 0.0.0.0, time stamp:
0x2a425e19 Exception code: 0xc0000005 Fault offset: 0x0000486b Faulting process id:
0x8c0 Faulting application start time: 0x01cbcfe603a352b6 Faulting application path:
C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE Faulting module path: C:\PROGRA~2\MEDIAM~1\Plugins\d_iPhone.dll
Report
Id: 45407013-3bd9-11e0-8e52-002622656dad

[ Media Center Events ]
Error - 12/29/09 8:35:58 AM | Computer Name = Norton-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =

Error - 12/30/09 5:02:29 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 3:02:19 AM - Error connecting to the internet. 3:02:19 AM - Unable
to contact server..

Error - 12/30/09 6:07:22 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 4:07:21 AM - Error connecting to the internet. 4:07:21 AM - Unable
to contact server..

Error - 1/1/10 9:16:28 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 7:16:21 AM - Error connecting to the internet. 7:16:21 AM - Unable
to contact server..

Error - 1/1/10 11:06:12 PM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 9:06:05 PM - Error connecting to the internet. 9:06:05 PM - Unable
to contact server..

Error - 1/2/10 2:33:22 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 12:32:57 AM - Error connecting to the internet. 12:32:57 AM - Unable
to contact server..

Error - 1/2/10 6:04:14 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 4:04:12 AM - Error connecting to the internet. 4:04:12 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/15/11 5:05:46 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/3/12 11:34:20 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:34:20 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:34:20 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:20 PM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.135.81.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x80070424 Error
description: The specified service does not exist as an installed service.

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 9/3/12 11:43:21 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [f42d0bc46a1897c5.exe] C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe (Auzentech)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
[2012/08/30 21:39:03 | 000,000,000 | ---D | C] -- C:\Users\Norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win 8 Security System
[2012/08/30 21:39:06 | 000,001,746 | ---- | M] () -- C:\Users\Norton\Desktop\Buy Win 8 Security System.lnk
[2012/08/29 23:31:25 | 000,090,584 | ---- | M] () -- C:\Windows\SysNative\drivers\d9b771ee34184683.sys
[2012/08/29 16:22:47 | 000,617,472 | ---- | M] (Auzentech) -- C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe

:files
sc config d9b771ee34184683 start= disabled /c
sc delete d9b771ee34184683 /c
C:\Windows\SysNative\drivers\d9b771ee34184683.sys
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09032012-some number.log.



Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#5
BlazeHeatnix

BlazeHeatnix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL Logs

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\f42d0bc46a1897c5.exe scheduled to be deleted on reboot.
C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Norton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Win 8 Security System folder moved successfully.
C:\Users\Norton\Desktop\Buy Win 8 Security System.lnk moved successfully.
File move failed. C:\Windows\SysNative\drivers\d9b771ee34184683.sys scheduled to be moved on reboot.
File C:\Users\Norton\AppData\Local\f42d0bc46a1897c5.exe not found.
========== FILES ==========
< sc config d9b771ee34184683 start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Norton\Desktop\cmd.bat deleted successfully.
C:\Users\Norton\Desktop\cmd.txt deleted successfully.
< sc delete d9b771ee34184683 /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Norton\Desktop\cmd.bat deleted successfully.
C:\Users\Norton\Desktop\cmd.txt deleted successfully.
File move failed. C:\Windows\SysNative\drivers\d9b771ee34184683.sys scheduled to be moved on reboot.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90566282-8F22-CC85-6006-A1DD3FD9EAD6}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Norton
->Flash cache emptied: 4158625 bytes

User: Public

Total Flash Files Cleaned = 4.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Norton
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.60.0 log created on 09042012_234615


2nd OTL Log

OTL logfile created on: 9/5/12 1:33:58 AM - Run 3
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Norton\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.20% Memory free
5.49 Gb Paging File | 4.26 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 13.52 Gb Free Space | 9.88% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Norton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/03 22:00:40 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe
PRC - [2009/07/27 19:50:32 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/07/20 22:16:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/13 01:09:27 | 000,326,792 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/27 17:27:07 | 000,828,912 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/13 10:47:38 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/04 03:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...84z185t48m2x232
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...84z185t48m2x232
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...&rlz=1I7ACAW_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.3
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.6.9
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..extensions.enabledItems: {50931610-3d8e-11dd-ae16-0800200c9a66}:1.0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Norton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Norton\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Norton\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 22:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/29 22:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/24 18:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/05/11 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Extensions
[2010/05/11 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/26 23:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions
[2010/03/26 07:42:35 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/06/24 21:44:47 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/04/27 18:42:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/04 16:26:58 | 000,000,000 | ---D | M] (zblack) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
[2009/12/26 15:23:59 | 000,000,000 | ---D | M] (RulerDark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
[2012/07/30 22:37:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2010/05/29 12:20:57 | 000,000,000 | ---D | M] (In The Dark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}
[2010/02/22 22:52:54 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/12/26 15:24:00 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2010/03/21 19:01:05 | 000,000,000 | ---D | M] (Black Stratini) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{b41cb5f0-2e52-11de-8c30-0800200c9a66}
[2012/08/29 22:53:30 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/07/07 10:43:12 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/12/26 15:24:01 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/02/04 09:09:14 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/06/24 21:44:30 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2009/12/26 15:24:01 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2011/11/24 23:37:16 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\autofillForms@blueimp.net
[2010/01/04 16:26:49 | 000,000,000 | ---D | M] (Devious Green) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\devious_green@firefox.theme
[2011/04/07 13:19:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\engine@conduit.com
[2009/12/26 15:23:57 | 000,000,000 | ---D | M] (Cold Night) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\martin@hoerandl.com
[2009/12/26 15:23:57 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\moveplayer@movenetworks.com
[2010/02/22 22:53:00 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\noia2_option@kk.noia
[2009/12/26 15:23:58 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\NPDyyno@dyyno.com
[2011/03/03 17:07:55 | 000,000,000 | ---D | M] (Save Session) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\savesession@noasobi.net
[2011/09/25 16:53:06 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\youtube2mp3@mondayx.de
[2010/06/24 21:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/05/29 12:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{86FA6F53-95FE-7A69-D8C3-E1454281F8B6}\chrome\mozapps\extensions
[2010/02/04 09:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/04 09:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2010/06/24 21:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2010/01/29 18:18:49 | 000,002,172 | ---- | M] () -- C:\Users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\searchplugins\bing.xml
[2011/11/27 00:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/01 02:16:45 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/11/27 00:23:45 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/07/21 22:17:24 | 000,702,524 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/02/11 22:54:44 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\NORTON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X8EU7LVY.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/07/20 22:16:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/21 00:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/27 21:29:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/27 21:29:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Norton\AppData\Local\Google\Chrome\Application\21.0.1180.83\gears.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Norton\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Norton\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: SmoothScroll = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.3_0\
CHR - Extension: Google Search = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Image Center Tool = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfapdkemjcgjelakikfoammdodblgjai\1.5_0\
CHR - Extension: Gmail = C:\Users\Norton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/29 22:07:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: win8sec.com ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Seagate Dashboard - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:64bit: 47673817.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 47673817.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: 47673817.sys - Driver
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: 47673817.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/05 00:56:55 | 000,000,000 | ---D | C] -- C:\Users\Norton\AppData\Roaming\Malwarebytes
[2012/09/05 00:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/05 00:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/05 00:56:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 00:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/05 00:39:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/05 00:30:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/04 23:46:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/04 23:45:16 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Norton\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/04 23:45:16 | 004,743,490 | R--- | C] (Swearware) -- C:\Users\Norton\Desktop\ComboFix.exe
[2012/09/04 23:45:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Norton\Desktop\aswMBR.exe
[2012/09/04 23:45:16 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Norton\Desktop\tdsskiller.exe
[2012/09/04 23:45:16 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe
[2012/09/04 23:44:36 | 000,000,000 | ---D | C] -- C:\Users\Norton\Desktop\Virus Removal
[2012/08/29 22:14:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2012/09/05 01:35:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 01:35:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/05 01:28:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/05 01:28:07 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 00:56:45 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/05 00:44:15 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/04 22:30:56 | 000,061,440 | ---- | M] ( ) -- C:\Users\Norton\Desktop\VEW.exe
[2012/09/04 22:30:42 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Norton\Desktop\mbam-setup-1.62.0.1300.exe
[2012/09/04 22:30:00 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Norton\Desktop\tdsskiller.exe
[2012/09/04 22:29:42 | 004,743,490 | R--- | M] (Swearware) -- C:\Users\Norton\Desktop\ComboFix.exe
[2012/09/04 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Norton\Desktop\aswMBR.exe
[2012/09/03 22:15:43 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000UA.job
[2012/09/03 22:00:40 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\Norton\Desktop\OTL.exe
[2012/08/30 21:45:37 | 000,733,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/30 21:45:37 | 000,629,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/30 21:45:37 | 000,108,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/29 23:12:13 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000Core.job
[2012/08/29 22:07:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/29 16:56:10 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/21 23:32:48 | 000,002,460 | ---- | M] () -- C:\Users\Norton\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/09/05 00:56:45 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/04 23:45:16 | 000,061,440 | ---- | C] ( ) -- C:\Users\Norton\Desktop\VEW.exe
[2012/08/29 16:56:10 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/05/02 21:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/09 01:17:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/09 01:17:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/09 01:17:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/09 01:17:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/09 01:17:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/21 21:26:55 | 000,191,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/01/17 01:04:11 | 000,747,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/18 21:57:33 | 000,007,597 | ---- | C] () -- C:\Users\Norton\AppData\Local\Resmon.ResmonCfg
[2009/12/29 07:35:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA MK1655GSX ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 12889013760
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 137.00GB
Starting Offset: 12995942400
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/01/01 02:30:57 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\.purple
[2010/03/02 08:38:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\acccore
[2009/12/25 17:52:35 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Acer
[2012/04/11 23:04:54 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Adobe
[2010/04/05 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\AnvSoft
[2011/10/13 22:07:52 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Apple Computer
[2009/12/25 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\ATI
[2011/06/06 23:13:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Audacity
[2012/04/11 23:44:29 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/12/25 17:57:25 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\CyberLink
[2010/05/10 21:50:59 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\DAEMON Tools Lite
[2010/03/21 16:51:16 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\DAEMON Tools Pro
[2010/06/11 19:25:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Datel
[2010/06/20 07:49:14 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\dvdcss
[2010/06/07 22:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Facebook
[2010/06/11 19:40:11 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\GameTuts
[2012/01/24 23:42:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Garmin
[2009/12/25 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Google
[2009/12/25 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Identities
[2011/02/16 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Intelli-studio
[2009/12/25 17:52:31 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Leadertech
[2009/12/25 17:52:24 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Macromedia
[2012/09/05 00:56:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Malwarebytes
[2009/07/14 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Media Center Programs
[2011/01/17 01:04:10 | 000,000,000 | --SD | M] -- C:\Users\Norton\AppData\Roaming\Microsoft
[2009/12/25 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Mozilla
[2010/10/17 07:34:13 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\NCH Software
[2010/06/27 21:18:48 | 000,000,000 | RH-D | M] -- C:\Users\Norton\AppData\Roaming\SecuROM
[2009/12/25 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\SoftDMA
[2010/01/06 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\TeamViewer
[2010/05/11 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Thunderbird
[2010/01/01 22:17:48 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\U3
[2012/04/30 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\uTorrent
[2012/07/24 22:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\vlc
[2010/01/01 01:48:18 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\WinRAR
[2012/06/23 13:36:47 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Xfire
[2010/05/28 03:01:27 | 000,000,000 | ---D | M] -- C:\Users\Norton\AppData\Roaming\Yahoo!

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\mswsock.dll
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\System Volume Information\SystemRestore\FRStaging\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Norton\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/05 17:35:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 22:15:24 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 22:16:01 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\NORTON\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/17 17:28:57 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/06/05 17:35:41 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/06/05 17:35:50 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


OTL Extras Log

OTL Extras logfile created on: 9/5/12 1:33:58 AM - Run 3
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\Norton\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yy

2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.20% Memory free
5.49 Gb Paging File | 4.26 Gb Available in Paging File | 77.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 13.52 Gb Free Space | 9.88% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Norton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~1.EXE" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D7BDC7-A6BE-48FF-BAF3-E27D9B5482D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0D0C6C73-2DA6-4FB7-AE27-C8891AAD5A1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D125EBE-6207-4D8F-A72F-1D03550CA4CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{178E019D-4A45-4B0E-87D7-99E61DA08B26}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18BFAC29-E489-4016-8AA1-91315CA6FECA}" = lport=445 | protocol=6 | dir=in | app=system |
"{1AD26269-1361-4EEB-B31A-5794A3C549A4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CD42813-A30A-4100-8549-A9FC839396ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B3DC024-F217-4896-A82A-63A72CA1EDB3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D0A238B-6BFA-4AC0-A05E-AA7C0BCBCD04}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DE8D303-0E76-4064-B6B1-9411FF070500}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{389BA9E7-E3F2-4A76-86AA-61FD60B978B7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{48F45001-ACF7-4B53-91D9-11828BEA98F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{550E59BB-65AC-41CE-93C9-5EFC435DCB0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{5ADC3ECB-D8BC-4332-BCE2-CE4BA5EE4EDF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5CE387DB-D24A-4DAF-B7BC-5430E52AD9DE}" = lport=139 | protocol=6 | dir=in | app=system |
"{61E3489B-7F28-49CB-8487-C6D2DE41E48A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7089C9E4-A834-44BA-8899-73F9EDCF3F04}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{7512809C-E754-4260-A7CB-A84DF1017EDC}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B62B883-BBBA-438A-957B-4884913E8004}" = rport=138 | protocol=17 | dir=out | app=system |
"{9AC52706-EA55-4066-9F15-F6C4F722F411}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F139F1F-0239-4110-83E0-F7BED49E09AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8922F1D-41F1-49C7-B586-73EF0C4A5665}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA353877-A8EF-432A-97BC-15A411BE5852}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA4DA1C3-209A-42C0-933C-EE8E2F5425C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AB34A471-2368-4989-9483-C2DD854E2DF4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0ED07EB-C5B4-4238-BA76-8472474FFC88}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2808C3C-DFA6-4BAA-978A-3F55CD5383A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{C5863EF2-14B5-4C52-9EAF-A80C7F0336A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9BCAFEF-BA2F-46D1-8092-61FBAF40E239}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D84296DF-5C1B-400E-B2DB-EB85472FDB88}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF7EBAFA-DAA9-4E91-A239-82FFC64393EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E883E970-7875-485C-90EA-710B912B2A0B}" = lport=137 | protocol=17 | dir=in | app=system |
"{EFD1FD1F-BA2C-403C-855C-321B48C9330A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F300D67E-6559-4FB5-BB91-A1F5C04C0AC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC48EB2D-C839-4AEB-BD8E-DE69FDF243DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF4CC24A-53E4-4D0E-AE34-605EF38F72D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01525C05-AD11-4D36-8784-D5737F44D207}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{08C725BD-2CB6-466F-B866-128E5DA9241C}" = protocol=6 | dir=in | app=c:\users\norton\appdata\local\tversity\media server\mediaserver.exe |
"{15DF60B4-3F8C-4A95-BC8D-BD1C7E4C1593}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{1806D13C-1D52-4871-A8A3-98D5151E3F3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{238C67ED-FA48-436E-8A9A-5C75E55E2C13}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{25E4B0D6-DD80-419C-B0DE-FE0253AB65C4}" = protocol=6 | dir=out | app=system |
"{2976E300-F7C0-48F7-A792-61D6A9CE3A17}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2DCD67CB-9AD0-4982-A502-FF1E160558FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2DD1F47B-C7E6-4B98-919D-B682DF472C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2EBE566A-3E75-4EFF-913D-E988AE7F455E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{32C6B422-21CA-4BDE-BF1B-263FE888AAEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3331BA97-C664-41EB-B75B-8ED0F71D453C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{393F48A2-D596-46C3-9D0A-0AF21AD0CBDC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{3B446CDF-A1B0-496E-8310-DF3331CD407C}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{410A2DAB-3C1F-4AC6-BBB1-82436D9A65CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{433BD7EC-56FA-471C-9AA6-CCEF9A682A4D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4470A6B5-41E4-4BF5-A399-4366122A6587}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45B1B5D8-CB4A-4820-8FBE-2D254FDCA907}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{462A8063-B9AA-4246-96BE-A1083B3D9DAE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4C5BAF55-2016-4580-ABB4-6580A4A8A9E2}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4FCFA81A-8532-453A-9680-BF142BD0DA65}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FDACAD0-84E6-4236-920E-32305ABAACFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{57DFAD4F-2605-4A7A-AAA3-2D3BA09ADF17}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{58373C43-F517-4479-B10A-81A3B6D11F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xblazeheatnix\counter-strike source\hl2.exe |
"{6065F562-CD0F-4E0F-A9EC-075CCF57DBC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D83F23D-FD7C-46F6-B27E-A9014CD2903F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E5A1C64-61FB-45DD-B7F3-6055F20B3794}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{83A3728A-EC70-43E0-89B3-5008E0452F69}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8AB7301E-694E-4EF5-94EF-E9247EFCEA8B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8BA5D26C-DA7A-4576-9F81-58FFDFBE9ACC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C04FE99-1680-4816-BC99-D4622A6378D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8F1DF2E4-42F8-4D5F-A8F8-12C1D655774E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8FE70CD5-A34F-43EE-A462-96FCADA4D01D}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{A2FF2D7F-9885-472C-B9D5-ADF785D94C32}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A919EA10-A450-4CA9-A5E6-8DE50526BF26}" = protocol=58 | dir=in | app=system |
"{AA862931-6BA5-4387-A1B2-47A745B9EB27}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{B1AF0EC9-083A-4FF7-A34D-5139F511ADF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B90AEF0F-71D3-49DB-AA9A-48B2C296E8DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC1FB5C8-C202-4280-B24D-3B4406C4BE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C21A4C89-6CC5-4AED-8A72-33E070019DCA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C6ABEDDA-EAA4-4979-B860-2F30E3A7FF33}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8260C7E-0A04-41FD-8D04-048CFAD42124}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xblazeheatnix\counter-strike source\hl2.exe |
"{D43605CE-A029-4F4D-9AB7-E591CFE09B10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D82B7933-347B-4A37-B050-41431F0CB870}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA7DF5C3-9F59-4011-81C7-79CA5064F5EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE6AB035-FF9D-4382-945A-4B04543E8CD1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E2CFB740-71C2-417B-806D-534530E52C86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E61B4D61-FEE7-4076-94A4-2383DF4DF441}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EA5537BD-24FC-456F-8B8E-B6551F96C1F2}" = protocol=17 | dir=in | app=c:\users\norton\appdata\local\tversity\media server\mediaserver.exe |
"{ED7EC96C-859F-4BF9-9F9F-61EE1B8340D0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EF360427-9F4F-4C57-AABD-C8D84552133E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{FC16C741-2FE7-4D47-A5DD-FF62CC99B7D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFE0B838-A1BD-432A-8299-0CC3C53C3BE6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{1D55D7AB-9A5D-4236-9995-6C08554FFDBB}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{1FF40689-46A2-4702-BEBA-39EFC57847EE}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{22A0A125-CAC1-411B-9295-012DFB2B2890}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3A967051-EDA9-4148-B8EA-F257DAED347E}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{4683CBE8-1B2A-45B4-B6C6-A7D187214EF6}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{5B31FE1E-9BAF-44E3-8125-AFC903CF2059}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{8454127D-E6E0-4F34-A050-40741B4BC071}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"TCP Query User{94854C5E-83DF-45D4-AC9A-CDB71ADA00E7}C:\program files (x86)\mozilla firefox\crashreporter.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\crashreporter.exe |
"TCP Query User{9F876C01-54DA-4395-ABB5-DC49AC40EE33}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C166A3E3-C19D-40AA-B930-E48418540992}C:\program files (x86)\microsoft office\office12\winword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\winword.exe |
"TCP Query User{C8684B61-96AC-4B9E-98F4-5282D40BD0F2}C:\program files (x86)\apple software update\softwareupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"TCP Query User{E2616776-EBF4-4F66-9DBE-976C1A69F36B}C:\users\norton\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\norton\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{E7AB053C-F740-4D77-8B97-2166066F936F}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"TCP Query User{F4505C1C-D9AD-4C9D-8A38-57B5CFA0EA1A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{01C4B8A6-9D31-407D-8E3B-C7771DF11598}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1BFC53AB-0A63-47DD-B16F-EC448D2619DA}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{396D0C35-50F0-4581-96FD-5EC74B244748}C:\program files (x86)\tensons\download accelerator manager\mgrabber.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tensons\download accelerator manager\mgrabber.exe |
"UDP Query User{5160B3DC-5854-418F-A76F-B615A073FDBB}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{52F425BD-009E-4D26-A46D-5F02124A5B81}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{535585C3-E115-4870-B218-3C2E3A361C38}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{61F44F5C-C28C-43B0-88B5-64995BD3E9BA}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{78317477-F1B8-412C-9ED5-75738D2A6DCA}C:\program files (x86)\apple software update\softwareupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\apple software update\softwareupdate.exe |
"UDP Query User{B602FFDE-15F7-4FCF-9B4A-334FC8C9A216}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe |
"UDP Query User{BA90976D-D6D7-4072-AEFA-3E3B0D4C833B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{BD276DC7-6C46-4880-97E0-25F2EB8610CE}C:\program files (x86)\microsoft office\office12\winword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\winword.exe |
"UDP Query User{C3B3CE41-274A-4BC6-B0BC-80305CDC0EF7}C:\program files (x86)\mozilla firefox\crashreporter.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\crashreporter.exe |
"UDP Query User{D6FAE6F3-9831-4E57-B6DA-BD6AF465E30C}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{DDBCFC9B-BEBB-4D76-B548-B2D28FF6C8BE}C:\users\norton\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\norton\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.4
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GridVista" = Acer GridVista
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.15)" = Mozilla Thunderbird (3.1.15)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8c
"SimCity 3000" = SimCity 3000
"Slay_is1" = Slay 5.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft" = StarCraft
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/5/12 2:37:25 AM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: TraverseDir : Unable to FindFirstFile. System
Error: Access is denied. .

Error - 9/5/12 2:39:47 AM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/5/12 2:39:55 AM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/5/12 2:43:14 AM | Computer Name = Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 12/29/09 8:35:58 AM | Computer Name = Norton-PC | Source = Microsoft-Windows-Media Center Extender | ID = 538
Description =

Error - 12/30/09 5:02:29 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 3:02:19 AM - Error connecting to the internet. 3:02:19 AM - Unable
to contact server..

Error - 12/30/09 6:07:22 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 4:07:21 AM - Error connecting to the internet. 4:07:21 AM - Unable
to contact server..

Error - 1/1/10 9:16:28 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 7:16:21 AM - Error connecting to the internet. 7:16:21 AM - Unable
to contact server..

Error - 1/1/10 11:06:12 PM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 9:06:05 PM - Error connecting to the internet. 9:06:05 PM - Unable
to contact server..

Error - 1/2/10 2:33:22 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 12:32:57 AM - Error connecting to the internet. 12:32:57 AM - Unable
to contact server..

Error - 1/2/10 6:04:14 AM | Computer Name = Norton-PC | Source = MCUpdate | ID = 0
Description = 4:04:12 AM - Error connecting to the internet. 4:04:12 AM - Unable
to contact server..

[ OSession Events ]
Error - 3/15/11 5:05:46 PM | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/5/12 2:27:58 AM | Computer Name = Laptop | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 9/5/12 2:28:13 AM | Computer Name = Laptop | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 9/5/12 2:28:13 AM | Computer Name = Laptop | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 9/5/12 2:28:37 AM | Computer Name = Laptop | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 9/5/12 2:28:49 AM | Computer Name = Laptop | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >






aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-04 23:51:35
-----------------------------
23:51:35.998 OS Version: Windows x64 6.1.7601 Service Pack 1
23:51:35.998 Number of processors: 1 586 0x7C02
23:51:36.014 ComputerName: LAPTOP UserName: Norton
23:51:36.700 Initialze error C0000001 - driver not loaded
23:52:42.969 AVAST engine defs: 12090401
23:53:06.977 Service scanning
23:53:15.277 Service d9b771ee34184683 C:\Windows\System32\Drivers\d9b771ee34184683.sys **HIDDEN**
23:53:51.032 Modules scanning
23:53:51.796 AVAST engine scan C:\Windows
23:53:56.086 AVAST engine scan C:\Windows\system32
23:57:53.737 AVAST engine scan C:\Windows\system32\drivers
23:58:12.067 AVAST engine scan C:\Users\Norton
00:10:32.788 AVAST engine scan C:\ProgramData
00:13:09.381 Scan finished successfully
00:15:04.462 The log file has been saved successfully to "C:\Users\Norton\Desktop\aswMBR.txt"



ComboFix Log

ComboFix 12-09-04.03 - Norton d 09/05/12 0:18.4.1 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1747 [GMT -5:00]
Running from: c:\users\Norton\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 05:25 . 2012-09-05 05:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-05 05:25 . 2012-09-05 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 04:46 . 2012-09-05 04:46 -------- d-----w- C:\_OTL
2012-09-05 03:47 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCAF14D3-3602-4ECF-A59F-827456B2A6DF}\gapaengine.dll
2012-09-05 03:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A280E5D-98B7-43F4-B38E-0EFAF171300C}\mpengine.dll
2012-08-30 04:31 . 2012-08-30 04:31 90584 ----a-w- c:\windows\system32\drivers\d9b771ee34184683.sys
2012-08-30 03:14 . 2012-08-30 04:29 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 08:26 . 2011-10-05 03:52 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 01:52 . !HASH: COULD NOT OPEN FILE !!!!! . 24128 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 2009-07-14 00:10 . !HASH: COULD NOT OPEN FILE !!!!! . 23040 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 2009-07-14 01:48 . !HASH: COULD NOT OPEN FILE !!!!! . 50768 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 2010-11-20 13:33 . !HASH: COULD NOT OPEN FILE !!!!! . 951680 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 2010-11-20 13:33 . !HASH: COULD NOT OPEN FILE !!!!! . 1659776 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 2009-07-13 23:19 . !HASH: COULD NOT OPEN FILE !!!!! . 6144 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 2011-06-21 06:34 . !HASH: COULD NOT OPEN FILE !!!!! . 1923968 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-11-20 09:21 . !HASH: COULD NOT OPEN FILE !!!!! . 119296 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . DFB0E9F902FDAB7CD2E180E4072D45DD . 3902336 . . [6.1.7600.16841] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\ERDNT\cache86\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-06-23 . 638A384E9968036D42BDBDE499A1C8B8 . 3911552 . . [6.1.7600.20994] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntoskrnl.exe
[7] 2011-04-09 . 0F4A148499CC6FA5D84A0F1587869051 . 3911552 . . [6.1.7600.20941] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[7] 2011-04-09 . D9FD1D6337F15AAF2012C69909615DB5 . 3901824 . . [6.1.7600.16792] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[7] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[7] 2010-10-27 . 776201760B5692F10DDA3BE85B54F213 . 3901824 . . [6.1.7600.16695] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntoskrnl.exe
[7] 2010-10-27 . C6169F5FDC8399E0C6C0729AB6EF2EF8 . 3911552 . . [6.1.7600.20826] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntoskrnl.exe
[7] 2010-06-19 . D5662CD1F9B85936561A07ADC400ACF4 . 3909512 . . [6.1.7600.20738] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntoskrnl.exe
[7] 2010-06-19 . 8218E74A67942120BF8EE30661EDF83F . 3899784 . . [6.1.7600.16617] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntoskrnl.exe
[7] 2010-02-27 . DD2ED3246F5F4E4B07F385A9520C3C7C . 3899280 . . [6.1.7600.16539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntoskrnl.exe
[7] 2010-02-27 . 466FD46F58768E56F7B841681014EFF1 . 3899784 . . [6.1.7600.20655] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntoskrnl.exe
[7] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
[-] 2011-06-23 05:43 . !HASH: COULD NOT OPEN FILE !!!!! . 5561216 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-08-30_02.33.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 02:41 . 2009-03-26 03:16 25608 c:\windows\SysWOW64\drivers\DKbFltr.sys
+ 2009-08-22 02:34 . 2012-09-04 03:13 57430 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-04 04:01 45602 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 23:24 . 2012-09-04 04:01 17806 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2504362823-1664360736-3732123707-1000_UserData.bin
+ 2009-07-13 23:38 . 2009-07-13 23:38 15360 c:\windows\system32\vga.dll
+ 2009-07-14 00:16 . 2009-07-14 00:16 17408 c:\windows\system32\tsddd.dll
+ 2009-07-14 00:16 . 2009-07-14 01:32 32256 c:\windows\system32\RDPREFDD.dll
+ 2009-07-13 23:19 . 2009-07-14 01:45 57424 c:\windows\system32\PSHED.DLL
+ 2009-07-13 23:19 . 2009-07-14 01:41 36864 c:\windows\system32\pcwum.dll
+ 2009-07-13 23:22 . 2009-07-14 01:48 32832 c:\windows\system32\mcupdate_AuthenticAMD.dll
+ 2011-06-05 21:35 . 2011-02-05 17:10 20352 c:\windows\system32\kdusb.dll
+ 2011-06-05 21:35 . 2011-02-05 17:10 17792 c:\windows\system32\kdcom.dll
+ 2011-06-05 21:35 . 2011-02-05 17:10 19328 c:\windows\system32\kd1394.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 10240 c:\windows\system32\kbdnecat.dll
+ 2009-07-13 23:37 . 2009-07-14 01:41 12288 c:\windows\system32\KBDKOR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:41 12800 c:\windows\system32\KBDJPN.DLL
+ 2009-07-13 23:38 . 2009-07-13 23:38 14848 c:\windows\system32\framebuf.dll
+ 2009-07-13 23:37 . 2009-07-14 01:27 34816 c:\windows\system32\f3ahvoas.dll
+ 2009-07-14 00:10 . 2009-07-14 00:10 21504 c:\windows\system32\drivers\ws2ifsl.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 16464 c:\windows\system32\drivers\wmilib.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 14336 c:\windows\system32\drivers\wmiacpi.sys
+ 2011-10-02 21:13 . 2010-11-20 10:43 41984 c:\windows\system32\drivers\winusb.sys
+ 2009-07-13 23:29 . 2009-07-14 01:45 22096 c:\windows\system32\drivers\wimmount.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 12800 c:\windows\system32\drivers\wfplwf.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 42064 c:\windows\system32\drivers\WdfLdr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 21056 c:\windows\system32\drivers\wd.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37 42496 c:\windows\system32\drivers\watchdog.sys
+ 2011-10-02 21:13 . 2010-11-20 10:52 88576 c:\windows\system32\drivers\wanarp.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02 27776 c:\windows\system32\drivers\wacompen.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 17920 c:\windows\system32\drivers\vwifimp.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 59904 c:\windows\system32\drivers\vwififlt.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 24576 c:\windows\system32\drivers\vwifibus.sys
+ 2011-10-02 21:13 . 2010-11-20 13:34 71552 c:\windows\system32\drivers\volmgr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 17488 c:\windows\system32\drivers\viaide.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 29184 c:\windows\system32\drivers\vgapnp.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 29184 c:\windows\system32\drivers\vga.sys
+ 2009-07-14 00:01 . 2009-07-14 01:45 36432 c:\windows\system32\drivers\vdrvroot.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 30720 c:\windows\system32\drivers\usbuhci.sys
+ 2011-10-02 21:13 . 2010-11-20 10:44 91648 c:\windows\system32\drivers\USBSTOR.SYS
+ 2011-10-02 21:11 . 2010-11-20 11:37 31744 c:\windows\system32\drivers\usbrpm.sys
+ 2009-07-14 00:38 . 2009-07-14 00:38 25088 c:\windows\system32\drivers\usbprint.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 25600 c:\windows\system32\drivers\usbohci.sys
+ 2009-10-10 23:40 . 2009-04-03 13:39 34872 c:\windows\system32\drivers\usbfilter.sys
+ 2011-10-02 21:13 . 2010-11-20 10:43 52224 c:\windows\system32\drivers\usbehci.sys
+ 2011-10-02 21:12 . 2010-11-20 10:44 98816 c:\windows\system32\drivers\usbccgp.sys
+ 2011-10-02 21:11 . 2010-11-20 10:44 32896 c:\windows\system32\drivers\USBCAMD2.sys
+ 2012-04-25 17:11 . 2012-04-25 17:11 52736 c:\windows\system32\drivers\usbaapl64.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\drivers\usb8023.sys
+ 2011-10-02 21:12 . 2010-11-20 10:44 48640 c:\windows\system32\drivers\umbus.sys
+ 2009-07-13 23:38 . 2009-07-14 01:45 64592 c:\windows\system32\drivers\ULIAGPKX.SYS
+ 2009-07-13 23:38 . 2009-07-14 01:45 64080 c:\windows\system32\drivers\UAGP35.SYS
+ 2011-10-02 21:15 . 2010-11-20 11:07 59392 c:\windows\system32\drivers\TsUsbFlt.sys
+ 2011-10-02 21:12 . 2010-11-20 11:04 39424 c:\windows\system32\drivers\tssecsrv.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 63360 c:\windows\system32\drivers\termdd.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 23552 c:\windows\system32\drivers\tdtcp.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 15872 c:\windows\system32\drivers\tdpipe.sys
+ 2011-10-02 21:11 . 2010-11-20 09:22 26624 c:\windows\system32\drivers\tdi.sys
+ 2011-10-02 21:12 . 2010-11-20 10:51 45056 c:\windows\system32\drivers\tcpipreg.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 29184 c:\windows\system32\drivers\tape.sys
+ 2009-07-14 00:00 . 2009-07-14 01:45 12496 c:\windows\system32\drivers\swenum.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 68864 c:\windows\system32\drivers\stream.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 24656 c:\windows\system32\drivers\stexstor.sys
+ 2009-07-13 20:27 . 2009-07-14 01:45 19008 c:\windows\system32\drivers\spldr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 20992 c:\windows\system32\drivers\smclib.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 93184 c:\windows\system32\drivers\smb.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 80464 c:\windows\system32\drivers\sisraid4.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45 43584 c:\windows\system32\drivers\sisraid2.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 16896 c:\windows\system32\drivers\sfloppy.sys
+ 2011-10-02 21:11 . 2010-11-20 10:34 14336 c:\windows\system32\drivers\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 13824 c:\windows\system32\drivers\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 14336 c:\windows\system32\drivers\sffdisk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 26624 c:\windows\system32\drivers\sermouse.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 94208 c:\windows\system32\drivers\serial.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 23552 c:\windows\system32\drivers\serenum.sys
+ 2009-07-14 02:36 . 2009-06-10 20:37 23040 c:\windows\system32\drivers\secdrv.sys
+ 2011-10-02 21:11 . 2010-11-20 10:09 29696 c:\windows\system32\drivers\scfilter.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 76800 c:\windows\system32\drivers\rspndr.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 11264 c:\windows\system32\drivers\rootmdm.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 41472 c:\windows\system32\drivers\RNDISMP.sys
+ 2009-07-14 00:17 . 2009-07-14 00:17 24064 c:\windows\system32\drivers\rdpbus.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 83968 c:\windows\system32\drivers\rassstp.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 92672 c:\windows\system32\drivers\raspppoe.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 14848 c:\windows\system32\drivers\rasacd.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 46592 c:\windows\system32\drivers\qwavedrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 60416 c:\windows\system32\drivers\processr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 50768 c:\windows\system32\drivers\pcw.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 48720 c:\windows\system32\drivers\pciidex.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45 12352 c:\windows\system32\drivers\pciide.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 75136 c:\windows\system32\drivers\partmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 97280 c:\windows\system32\drivers\parport.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 72832 c:\windows\system32\drivers\ohci1394.sys
+ 2009-05-09 07:14 . 2009-05-09 07:14 15752 c:\windows\system32\drivers\nuidfltr.sys
+ 2009-07-13 23:21 . 2009-07-13 23:21 24576 c:\windows\system32\drivers\nsiproxy.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 44032 c:\windows\system32\drivers\npfs.sys
+ 2011-04-27 20:25 . 2011-04-27 20:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 51264 c:\windows\system32\drivers\nfrd960.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 44544 c:\windows\system32\drivers\netbios.sys
+ 2011-10-02 21:12 . 2010-11-20 10:52 57856 c:\windows\system32\drivers\ndproxy.sys
+ 2011-10-02 21:12 . 2010-11-20 10:50 56832 c:\windows\system32\drivers\ndisuio.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 24064 c:\windows\system32\drivers\ndistapi.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 35328 c:\windows\system32\drivers\ndiscap.sys
+ 2009-06-02 11:15 . 2009-06-02 11:15 60464 c:\windows\system32\drivers\mwlPSDVDisk.sys
+ 2009-06-02 11:15 . 2009-06-02 11:15 20016 c:\windows\system32\drivers\mwlPSDNserv.sys
+ 2009-06-02 11:15 . 2009-06-02 11:15 22576 c:\windows\system32\drivers\mwlPSDFilter.sys
+ 2009-07-13 23:23 . 2009-07-14 01:48 60496 c:\windows\system32\drivers\mup.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02 15360 c:\windows\system32\drivers\MTConfig.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48 32320 c:\windows\system32\drivers\mssmbios.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 11136 c:\windows\system32\drivers\mskssrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 15424 c:\windows\system32\drivers\msisadrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 26112 c:\windows\system32\drivers\msfs.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 31104 c:\windows\system32\drivers\msahci.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 77312 c:\windows\system32\drivers\mpsdrv.sys
+ 2011-04-18 18:18 . 2011-04-18 18:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2011-10-02 21:12 . 2010-11-20 13:33 94592 c:\windows\system32\drivers\mountmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 31232 c:\windows\system32\drivers\mouhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 49216 c:\windows\system32\drivers\mouclass.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 30208 c:\windows\system32\drivers\monitor.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 40448 c:\windows\system32\drivers\modem.sys
+ 2009-06-10 20:37 . 2009-07-14 01:48 35392 c:\windows\system32\drivers\megasas.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01 22016 c:\windows\system32\drivers\mcd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 65600 c:\windows\system32\drivers\lsi_sas2.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 60928 c:\windows\system32\drivers\lltdio.sys
+ 2009-11-13 15:47 . 2009-11-13 15:47 67072 c:\windows\system32\drivers\L1C62x64.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 20992 c:\windows\system32\drivers\ksthunk.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 95616 c:\windows\system32\drivers\ksecdd.sys
+ 2011-10-02 21:11 . 2010-11-20 10:33 33280 c:\windows\system32\drivers\kbdhid.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48 20544 c:\windows\system32\drivers\isapnp.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08 17920 c:\windows\system32\drivers\irenum.sys
+ 2011-10-02 21:11 . 2010-11-20 10:04 78848 c:\windows\system32\drivers\IPMIDrv.sys
+ 2011-10-02 21:13 . 2010-11-20 10:52 82944 c:\windows\system32\drivers\ipfltdrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 62464 c:\windows\system32\drivers\intelppm.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48 16960 c:\windows\system32\drivers\intelide.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 44112 c:\windows\system32\drivers\iirsp.sys
+ 2011-10-02 21:12 . 2010-11-20 13:33 14720 c:\windows\system32\drivers\hwpolicy.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 78720 c:\windows\system32\drivers\HpSAMD.sys
+ 2011-10-02 21:11 . 2010-11-20 10:43 30208 c:\windows\system32\drivers\hidusb.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 32896 c:\windows\system32\drivers\hidparse.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 46592 c:\windows\system32\drivers\hidir.sys
+ 2011-10-02 21:13 . 2010-11-20 10:43 76800 c:\windows\system32\drivers\hidclass.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 26624 c:\windows\system32\drivers\hidbatt.sys
+ 2009-07-13 22:53 . 2009-06-10 20:31 31232 c:\windows\system32\drivers\hcw85cir.sys
+ 2010-02-24 11:59 . 2009-05-18 20:17 34152 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-07-13 23:38 . 2009-07-14 01:47 65088 c:\windows\system32\drivers\GAGP30KX.SYS
+ 2009-07-13 23:26 . 2009-07-14 01:47 55376 c:\windows\system32\drivers\fsdepends.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 23104 c:\windows\system32\drivers\fs_rec.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 24576 c:\windows\system32\drivers\flpydisk.sys
+ 2009-07-13 23:25 . 2009-07-13 23:25 34304 c:\windows\system32\drivers\filetrace.sys
+ 2009-07-13 23:34 . 2009-07-14 01:47 70224 c:\windows\system32\drivers\fileinfo.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 29696 c:\windows\system32\drivers\fdc.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 98816 c:\windows\system32\drivers\dxg.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 16896 c:\windows\system32\drivers\dxapi.sys
+ 2009-07-13 23:21 . 2009-07-14 01:43 55128 c:\windows\system32\drivers\dumpfve.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 28736 c:\windows\system32\drivers\Dumpata.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 43008 c:\windows\system32\drivers\Dot4usb.sys
+ 2011-10-02 21:11 . 2010-11-20 10:32 19968 c:\windows\system32\drivers\Dot4Prt.sys
+ 2011-06-05 21:35 . 2011-04-22 22:15 27520 c:\windows\system32\drivers\Diskdump.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47 73280 c:\windows\system32\drivers\disk.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37 40448 c:\windows\system32\drivers\discache.sys
+ 2009-11-04 08:58 . 2009-11-04 08:58 22528 c:\windows\system32\drivers\dc3d.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47 24144 c:\windows\system32\drivers\crcdisk.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47 39504 c:\windows\system32\drivers\crashdmp.sys
+ 2011-10-02 21:11 . 2010-11-20 10:33 38912 c:\windows\system32\drivers\CompositeBus.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52 21584 c:\windows\system32\drivers\compbatt.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 17488 c:\windows\system32\drivers\cmdide.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 17664 c:\windows\system32\drivers\CmBatt.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 45568 c:\windows\system32\drivers\circlass.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 92160 c:\windows\system32\drivers\cdfs.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 72192 c:\windows\system32\drivers\bthmodem.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 14720 c:\windows\system32\drivers\BrUsbSer.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 14976 c:\windows\system32\drivers\BrUsbMdm.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 47104 c:\windows\system32\drivers\BrSerWdm.sys
+ 2009-07-14 01:05 . 2009-07-14 01:01 95232 c:\windows\system32\drivers\bridge.sys
+ 2009-07-14 01:19 . 2009-06-10 20:41 18432 c:\windows\system32\drivers\BrFiltLo.sys
+ 2011-06-05 21:29 . 2011-02-23 04:55 90624 c:\windows\system32\drivers\bowser.sys
+ 2009-07-13 23:35 . 2009-07-13 23:35 45056 c:\windows\system32\drivers\blbdrive.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52 28240 c:\windows\system32\drivers\battc.sys
+ 2009-08-22 02:41 . 2009-05-04 13:30 16440 c:\windows\system32\drivers\AtiPcie.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 97856 c:\windows\system32\drivers\arcsas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 87632 c:\windows\system32\drivers\arc.sys
+ 2011-10-02 21:11 . 2010-11-20 10:14 61440 c:\windows\system32\drivers\appid.sys
+ 2011-10-02 21:13 . 2010-11-20 13:32 27008 c:\windows\system32\drivers\amdxata.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 60928 c:\windows\system32\drivers\amdppm.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 64512 c:\windows\system32\drivers\amdk8.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 15440 c:\windows\system32\drivers\amdide.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 15440 c:\windows\system32\drivers\aliide.sys
+ 2009-07-13 23:38 . 2009-07-14 01:52 61008 c:\windows\system32\drivers\AGP440.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 60416 c:\windows\system32\drivers\agilevpn.sys
+ 2011-10-02 21:11 . 2010-11-20 09:30 12800 c:\windows\system32\drivers\acpipmi.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 68096 c:\windows\system32\drivers\1394bus.sys
+ 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2009-10-10 23:45 . 2012-08-31 02:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-10 23:45 . 2012-08-04 03:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-20 23:39 . 2012-08-04 03:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-20 23:39 . 2012-08-31 02:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-04 03:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-31 02:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-13 23:19 . 2009-07-14 01:52 23120 c:\windows\system32\BOOTVID.DLL
+ 2010-01-04 23:40 . 2012-09-04 03:15 3190 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-02-24 21:04 . 2012-09-04 03:14 1684 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDYCL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYCC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYBA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDYAK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDWOL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDVNTC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUZB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDUSX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUSA.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDUS.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDURDU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDUR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDUKX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUK.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDUGHR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDUGHR.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDTURME.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\KBDTUQ.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\KBDTUF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDTIPRC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTH0.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDTAT.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDTAJIK.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSYR2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSYR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSW09.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSW.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDSP.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSORST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSORS1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSOREX.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDSN1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDSMSNO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDSMSFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDSL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDSL.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\KBDSG.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDSF.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDRU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDRU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDROST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDROPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDRO.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDPO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDPL1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDPL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDPASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDNSO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDNO1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDNO.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDNEPR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\kbdnecnt.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdnec95.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdnec.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDNE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMONMO.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDMON.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMLT48.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMLT47.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDMAORI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMACST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDMAC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDLV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLT2.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDLT1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDLT.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\kbdlk41a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDLAO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDLA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDKYR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDKHMR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDKAZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDIULAT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDIT142.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDIT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDIR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDINUK2.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDINTEL.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDINTAM.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINPUN.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDINORI.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDINMAR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDINMAL.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDINKAN.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDINHIN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINGUJ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDINDEV.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDINBEN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINBE2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINBE1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDINASA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDIC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDIBO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdibm02.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDHU1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 9728 c:\windows\system32\KBDHEPT.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHELA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHELA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDHEB.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHE319.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDHE220.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDHE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDHAU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDGRLND.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7680 c:\windows\system32\KBDGR1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDGR.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\KBDGKL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbdgeoqw.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbdgeoer.dll
+ 2011-10-02 21:11 . 2010-11-20 13:02 6656 c:\windows\system32\KBDGEO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDGAE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFO.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDFI1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDFI.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDFC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDFA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDEST.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDES.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDDV.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDIV2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDIV1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDDA.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCZ2.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 8192 c:\windows\system32\KBDCZ1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCZ.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\KBDCR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8704 c:\windows\system32\KBDCAN.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDCA.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDBULG.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBU.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBR.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDBLR.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBHC.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBGPH1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBGPH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDBENE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDBE.DLL
+ 2011-10-02 21:11 . 2010-11-20 13:02 7168 c:\windows\system32\KBDBASH.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDAZEL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDAZE.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbdax2.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDARMW.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDARME.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\KBDAL.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDA3.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 6656 c:\windows\system32\KBDA2.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\KBDA1.DLL
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd106n.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 8192 c:\windows\system32\kbd106.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd103.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd101c.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd101b.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7168 c:\windows\system32\kbd101a.dll
+ 2009-07-13 23:37 . 2009-07-14 01:28 7680 c:\windows\system32\kbd101.dll
+ 2009-07-14 00:06 . 2009-07-14 00:06 7936 c:\windows\system32\drivers\usbd.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 9728 c:\windows\system32\drivers\umpass.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 8192 c:\windows\system32\drivers\RDPREFMP.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 7680 c:\windows\system32\drivers\RDPENCDD.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16 7680 c:\windows\system32\drivers\RDPCDD.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 8064 c:\windows\system32\drivers\mstee.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 6784 c:\windows\system32\drivers\mspqm.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 7168 c:\windows\system32\drivers\mspclock.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 8192 c:\windows\system32\drivers\mshidkmdf.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31 9728 c:\windows\system32\drivers\errdev.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 5632 c:\windows\system32\drivers\drmkaud.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41 8704 c:\windows\system32\drivers\BrFiltUp.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 6656 c:\windows\system32\drivers\beep.sys
- 2012-08-30 02:04 . 2012-08-30 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 04:47 . 2012-09-05 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 02:04 . 2012-08-30 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-05 04:47 . 2012-09-05 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-05 21:35 . 2011-02-05 17:06 605552 c:\windows\system32\winload.exe
+ 2011-10-02 21:11 . 2010-11-20 13:13 147456 c:\windows\system32\RDPENCDD.dll
+ 2011-10-02 21:14 . 2010-11-20 11:05 274944 c:\windows\system32\rdpdd.dll
+ 2009-07-14 02:36 . 2012-08-31 02:45 629182 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 01:52 629182 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-31 02:45 108366 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-09 01:52 108366 c:\windows\system32\perfc009.dat
+ 2009-12-26 20:52 . 2012-01-31 10:59 279656 c:\windows\system32\MpSigStub.exe
- 2009-12-26 20:52 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
+ 2011-10-02 21:14 . 2010-11-20 13:33 299392 c:\windows\system32\mcupdate_GenuineIntel.dll
+ 2011-10-02 21:13 . 2010-11-20 13:33 263040 c:\windows\system32\hal.dll
+ 2011-10-02 21:11 . 2010-11-20 10:43 172544 c:\windows\system32\drivers\WUDFRd.sys
+ 2011-10-02 21:11 . 2010-11-20 10:42 112128 c:\windows\system32\drivers\WUDFPf.sys
+ 2009-07-13 23:22 . 2009-07-14 01:45 654928 c:\windows\system32\drivers\Wdf01000.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45 161872 c:\windows\system32\drivers\vsmraid.sys
+ 2011-10-02 21:13 . 2010-11-20 13:34 295808 c:\windows\system32\drivers\volsnap.sys
+ 2011-10-02 21:13 . 2010-11-20 13:34 363392 c:\windows\system32\drivers\volmgrx.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38 129024 c:\windows\system32\drivers\videoprt.sys
+ 2011-10-02 21:14 . 2010-11-20 13:34 215936 c:\windows\system32\drivers\vhdmp.sys
+ 2011-10-02 21:13 . 2010-11-20 10:44 184960 c:\windows\system32\drivers\usbvideo.sys
+ 2011-10-02 21:13 . 2010-11-20 10:44 325120 c:\windows\system32\drivers\usbport.sys
+ 2011-10-02 21:12 . 2010-11-20 10:44 343040 c:\windows\system32\drivers\usbhub.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 100352 c:\windows\system32\drivers\usbcir.sys
+ 2011-10-02 21:12 . 2010-11-20 10:43 109696 c:\windows\system32\drivers\USBAUDIO.sys
+ 2011-10-02 21:13 . 2010-11-20 09:26 328192 c:\windows\system32\drivers\udfs.sys
+ 2011-10-02 21:11 . 2010-11-20 10:51 125440 c:\windows\system32\drivers\tunnel.sys
+ 2009-08-22 02:41 . 2009-06-18 12:12 272432 c:\windows\system32\drivers\SynTP.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 189824 c:\windows\system32\drivers\storport.sys
+ 2011-10-02 21:04 . 2011-04-29 03:05 168448 c:\windows\system32\drivers\srvnet.sys
+ 2011-10-02 21:04 . 2011-04-29 03:05 410112 c:\windows\system32\drivers\srv2.sys
+ 2011-10-02 21:04 . 2011-04-29 03:06 467456 c:\windows\system32\drivers\srv.sys
+ 2009-06-10 20:48 . 2009-06-10 20:48 426496 c:\windows\system32\drivers\spsys.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 171392 c:\windows\system32\drivers\scsiport.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 103808 c:\windows\system32\drivers\sbp2port.sys
+ 2009-10-10 23:36 . 2009-08-10 03:07 222208 c:\windows\system32\drivers\RtsUStor.sys
+ 2011-10-02 21:12 . 2010-11-20 10:49 146432 c:\windows\system32\drivers\rmcast.sys
+ 2011-10-02 21:12 . 2010-11-20 13:33 213888 c:\windows\system32\drivers\rdyboost.sys
+ 2011-10-02 21:14 . 2010-11-20 11:04 210944 c:\windows\system32\drivers\rdpwd.sys
+ 2011-10-02 21:13 . 2010-11-20 09:27 309248 c:\windows\system32\drivers\rdbss.sys
+ 2011-10-02 21:13 . 2010-11-20 10:52 111104 c:\windows\system32\drivers\raspptp.sys
+ 2011-10-02 21:13 . 2010-11-20 10:52 129536 c:\windows\system32\drivers\rasl2tp.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45 128592 c:\windows\system32\drivers\ql40xx.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 230400 c:\windows\system32\drivers\portcls.sys
+ 2009-07-13 23:51 . 2009-07-14 01:01 651264 c:\windows\system32\drivers\PEAuth.sys
+ 2009-07-13 23:31 . 2009-07-14 01:45 220752 c:\windows\system32\drivers\pcmcia.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 184704 c:\windows\system32\drivers\pci.sys
+ 2011-10-02 21:12 . 2010-11-20 10:52 131584 c:\windows\system32\drivers\pacer.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07 318976 c:\windows\system32\drivers\nwifi.sys
+ 2011-10-02 21:14 . 2010-11-20 13:33 166272 c:\windows\system32\drivers\nvstor.sys
+ 2011-10-02 21:14 . 2010-11-20 13:33 148352 c:\windows\system32\drivers\nvraid.sys
+ 2009-07-13 23:38 . 2009-07-14 01:48 122960 c:\windows\system32\drivers\NV_AGP.SYS
+ 2011-10-02 21:14 . 2010-11-20 13:33 376192 c:\windows\system32\drivers\netio.sys
+ 2011-10-02 21:14 . 2010-11-20 09:23 261632 c:\windows\system32\drivers\netbt.sys
+ 2011-10-02 21:13 . 2010-11-20 10:52 164352 c:\windows\system32\drivers\ndiswan.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 366976 c:\windows\system32\drivers\msrpc.sys
+ 2011-10-02 21:14 . 2010-11-20 13:33 273792 c:\windows\system32\drivers\msiscsi.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 140672 c:\windows\system32\drivers\msdsm.sys
+ 2011-10-02 21:04 . 2011-04-27 02:39 128000 c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-10-02 21:04 . 2011-07-09 02:46 288768 c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-10-02 21:04 . 2011-04-27 02:40 158208 c:\windows\system32\drivers\mrxsmb.sys
+ 2011-10-02 21:13 . 2010-11-20 09:26 140800 c:\windows\system32\drivers\mrxdav.sys
+ 2011-10-02 21:12 . 2010-11-20 13:33 155008 c:\windows\system32\drivers\mpio.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 284736 c:\windows\system32\drivers\MegaSR.sys
+ 2009-07-13 23:26 . 2009-07-13 23:26 113152 c:\windows\system32\drivers\luafv.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 115776 c:\windows\system32\drivers\lsi_scsi.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 106560 c:\windows\system32\drivers\lsi_sas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48 114752 c:\windows\system32\drivers\lsi_fc.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 152960 c:\windows\system32\drivers\ksecpkg.sys
+ 2011-10-02 21:13 . 2010-11-20 10:33 243712 c:\windows\system32\drivers\ks.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 120320 c:\windows\system32\drivers\irda.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10 116224 c:\windows\system32\drivers\ipnat.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 410496 c:\windows\system32\drivers\iaStorV.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19 105472 c:\windows\system32\drivers\i8042prt.sys
+ 2011-10-02 21:14 . 2010-11-20 09:25 753664 c:\windows\system32\drivers\http.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06 100864 c:\windows\system32\drivers\hidbth.sys
+ 2011-10-02 21:11 . 2010-11-20 10:44 350208 c:\windows\system32\drivers\HdAudio.sys
+ 2011-10-02 21:11 . 2010-11-20 10:43 122368 c:\windows\system32\drivers\hdaudbus.sys
+ 2011-10-02 21:04 . 2010-11-20 13:33 288640 c:\windows\system32\drivers\FWPKCLNT.SYS
+ 2011-10-02 21:13 . 2010-11-20 13:28 223248 c:\windows\system32\drivers\fvevol.sys
+ 2011-10-02 21:13 . 2010-11-20 13:33 289664 c:\windows\system32\drivers\fltMgr.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23 204800 c:\windows\system32\drivers\fastfat.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23 195072 c:\windows\system32\drivers\exfat.sys
+ 2009-06-10 20:36 . 2009-07-14 01:47 530496 c:\windows\system32\drivers\elxstor.sys
+ 2011-10-02 21:12 . 2010-11-20 09:49 258048 c:\windows\system32\drivers\dxgmms1.sys
+ 2011-10-02 21:14 . 2010-11-20 13:33 982912 c:\windows\system32\drivers\dxgkrnl.sys
+ 2009-07-14 00:06 . 2009-07-14 01:01 116224 c:\windows\system32\drivers\drmk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00 145920 c:\windows\system32\drivers\Dot4.sys
+ 2011-10-02 21:11 . 2010-11-20 09:26 102400 c:\windows\system32\drivers\dfsc.sys
+ 2011-10-02 21:14 . 2010-11-20 13:28 459248 c:\windows\system32\drivers\cng.sys
+ 2011-10-02 21:13 . 2010-11-20 13:32 179072 c:\windows\system32\drivers\Classpnp.sys
+ 2011-10-02 21:11 . 2010-11-20 09:19 147456 c:\windows\system32\drivers\cdrom.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 468480 c:\windows\system32\drivers\bxvbda.sys
+ 2009-07-14 01:19 . 2009-07-14 01:19 286720 c:\windows\system32\drivers\BrSerId.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 270848 c:\windows\system32\drivers\b57nd60a.sys
+ 2011-10-02 21:12 . 2010-11-20 13:32 155520 c:\windows\system32\drivers\ataport.sys
+ 2009-06-10 20:37 . 2009-07-14 01:52 194128 c:\windows\system32\drivers\amdsbs.sys
+ 2011-10-02 21:14 . 2010-11-20 13:32 107904 c:\windows\system32\drivers\amdsata.sys
+ 2011-10-02 21:04 . 2011-04-25 02:34 499200 c:\windows\system32\drivers\afd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 182864 c:\windows\system32\drivers\adpu320.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52 339536 c:\windows\system32\drivers\adpahci.sys
+ 2009-06-10 20:36 . 2009-07-14 01:52 491088 c:\windows\system32\drivers\adp94xx.sys
+ 2011-10-02 21:13 . 2010-11-20 13:32 334208 c:\windows\system32\drivers\acpi.sys
+ 2011-10-02 21:13 . 2010-11-20 10:44 229888 c:\windows\system32\drivers\1394ohci.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52 367696 c:\windows\system32\clfs.sys
+ 2011-10-02 21:13 . 2010-11-20 13:28 780008 c:\windows\system32\ci.dll
+ 2011-10-02 21:13 . 2010-11-20 12:55 144384 c:\windows\system32\cdd.dll
+ 2011-06-05 21:36 . 2011-02-19 09:00 367616 c:\windows\system32\atmfd.dll
- 2009-07-14 05:01 . 2012-08-29 22:01 475068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-04 03:15 475068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-10-26 09:14 . 2012-08-29 21:39 658772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2504362823-1664360736-3732123707-1000-12288.dat
+ 2010-10-26 09:14 . 2012-08-30 04:29 658772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2504362823-1664360736-3732123707-1000-12288.dat
+ 2011-10-02 21:05 . 2011-06-11 03:07 3137536 c:\windows\system32\win32k.sys
+ 2009-08-22 01:53 . 2009-07-28 13:00 1966624 c:\windows\system32\drivers\RTKVHD64.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45 1524816 c:\windows\system32\drivers\ql2300.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34 3286016 c:\windows\system32\drivers\evbda.sys
+ 2009-08-22 02:41 . 2009-07-29 22:11 6038016 c:\windows\system32\drivers\atikmdag.sys
+ 2009-10-05 22:34 . 2009-10-05 22:34 1542656 c:\windows\system32\drivers\athrx.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Norton\Desktop\OTL.exe" [2012-09-04 599040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-27 828912]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R3 cpuz130;cpuz130;c:\users\Norton\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
R3 iscFlash;iscFlash;c:\windows\SYSTEM32\DRIVERS\iscflash.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - d9b771ee34184683
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000Core.job
- c:\users\Norton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 01:24]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000UA.job
- c:\users\Norton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 01:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d545l0384z185t48m2x232
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
TCP: Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
TCP: Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}\96E63796768647D277966696D203330333: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-f42d0bc46a1897c5.exe - c:\users\Norton\AppData\Local\f42d0bc46a1897c5.exe
SafeBoot-06035582.sys
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\d9b771ee34184683]
"ImagePath"="\SystemRoot\System32\Drivers\d9b771ee34184683.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2504362823-1664360736-3732123707-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fc,3c,6a,ea,8e,ac,b2,fc,39,f0,5d,37,ff,f8,18,34,c8,10,f3,42,7a,38,86,
b6,bb,61,1e,f5,f0,ce,17,a1,fa,ec,a7,3b,fe,ce,9d,c6,55,8f,35,d8,58,e9,86,cf,\
"??"=hex:7d,d3,5f,80,7c,5b,76,71,4e,3c,0d,39,8e,f3,c1,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-05 00:30:25
ComboFix-quarantined-files.txt 2012-09-05 05:30
ComboFix2.txt 2012-08-30 04:18
ComboFix3.txt 2012-08-30 02:37
ComboFix4.txt 2011-09-09 06:56
.
Pre-Run: 14,608,576,512 bytes free
Post-Run: 14,439,841,792 bytes free
.
- - End Of File - - 1D71C0191605D34DC5F5F48ADD09CA30




TDSSKiller Log

00:32:50.0739 1644 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:32:51.0207 1644 ============================================================
00:32:51.0207 1644 Current date / time: 2012/09/05 00:32:51.0207
00:32:51.0207 1644 SystemInfo:
00:32:51.0207 1644
00:32:51.0207 1644 OS Version: 6.1.7601 ServicePack: 1.0
00:32:51.0207 1644 Product type: Workstation
00:32:51.0207 1644 ComputerName: LAPTOP
00:32:51.0207 1644 UserName: Norton
00:32:51.0207 1644 Windows directory: C:\Windows
00:32:51.0207 1644 System windows directory: C:\Windows
00:32:51.0207 1644 Running under WOW64
00:32:51.0207 1644 Processor architecture: Intel x64
00:32:51.0207 1644 Number of processors: 1
00:32:51.0207 1644 Page size: 0x1000
00:32:51.0207 1644 Boot type: Safe boot with network
00:32:51.0207 1644 ============================================================
00:33:00.0630 1644 !crdlk
00:33:00.0645 1644 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
00:33:00.0677 1644 ============================================================
00:33:00.0677 1644 \Device\Harddisk0\DR0:
00:33:00.0723 1644 MBR partitions:
00:33:00.0723 1644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
00:33:00.0723 1644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
00:33:00.0723 1644 ============================================================
00:33:00.0786 1644 C: <-> \Device\Harddisk0\DR0\Partition2
00:33:00.0786 1644 ============================================================
00:33:00.0786 1644 Initialize success
00:33:00.0786 1644 ============================================================
00:33:17.0509 1720 ============================================================
00:33:17.0509 1720 Scan started
00:33:17.0509 1720 Mode: Manual; SigCheck; TDLFS;
00:33:17.0509 1720 ============================================================
00:33:18.0274 1720 ================ Scan system memory ========================
00:33:18.0274 1720 System memory - ok
00:33:18.0274 1720 ================ Scan services =============================
00:33:18.0554 1720 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:33:18.0679 1720 1394ohci - ok
00:33:18.0788 1720 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:33:18.0804 1720 ACPI - ok
00:33:18.0929 1720 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:33:19.0007 1720 AcpiPmi - ok
00:33:19.0116 1720 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:33:19.0163 1720 adp94xx - ok
00:33:19.0256 1720 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:33:19.0303 1720 adpahci - ok
00:33:19.0412 1720 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:33:19.0459 1720 adpu320 - ok
00:33:19.0553 1720 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:33:19.0646 1720 AeLookupSvc - ok
00:33:19.0724 1720 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
00:33:19.0834 1720 AFD - ok
00:33:19.0912 1720 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:33:19.0958 1720 agp440 - ok
00:33:20.0036 1720 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:33:20.0114 1720 ALG - ok
00:33:20.0208 1720 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:33:20.0224 1720 aliide - ok
00:33:20.0348 1720 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:33:20.0458 1720 AMD External Events Utility - ok
00:33:20.0520 1720 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:33:20.0536 1720 amdide - ok
00:33:20.0629 1720 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:33:20.0707 1720 AmdK8 - ok
00:33:20.0785 1720 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:33:20.0816 1720 AmdPPM - ok
00:33:20.0910 1720 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:33:20.0926 1720 amdsata - ok
00:33:21.0004 1720 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:33:21.0019 1720 amdsbs - ok
00:33:21.0144 1720 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:33:21.0160 1720 amdxata - ok
00:33:21.0284 1720 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:33:21.0440 1720 AppID - ok
00:33:21.0534 1720 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:33:21.0628 1720 AppIDSvc - ok
00:33:21.0768 1720 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:33:21.0862 1720 Appinfo - ok
00:33:22.0064 1720 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:33:22.0080 1720 Apple Mobile Device - ok
00:33:22.0252 1720 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:33:22.0267 1720 arc - ok
00:33:22.0345 1720 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:33:22.0361 1720 arcsas - ok
00:33:22.0423 1720 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:33:22.0517 1720 AsyncMac - ok
00:33:22.0610 1720 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:33:22.0626 1720 atapi - ok
00:33:22.0751 1720 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:33:22.0844 1720 athr - ok
00:33:23.0110 1720 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:33:23.0375 1720 atikmdag - ok
00:33:23.0500 1720 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
00:33:23.0546 1720 AtiPcie - ok
00:33:23.0656 1720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:33:23.0718 1720 AudioEndpointBuilder - ok
00:33:23.0765 1720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:33:23.0843 1720 AudioSrv - ok
00:33:23.0936 1720 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:33:23.0983 1720 AxInstSV - ok
00:33:24.0092 1720 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:33:24.0124 1720 b06bdrv - ok
00:33:24.0248 1720 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:33:24.0295 1720 b57nd60a - ok
00:33:24.0451 1720 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:33:24.0498 1720 BDESVC - ok
00:33:24.0576 1720 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:33:24.0654 1720 Beep - ok
00:33:24.0763 1720 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:33:24.0857 1720 BFE - ok
00:33:24.0982 1720 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
00:33:25.0044 1720 BITS - ok
00:33:25.0138 1720 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:33:25.0184 1720 blbdrive - ok
00:33:25.0387 1720 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:33:25.0403 1720 Bonjour Service - ok
00:33:25.0512 1720 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:33:25.0559 1720 bowser - ok
00:33:25.0652 1720 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:33:25.0699 1720 BrFiltLo - ok
00:33:25.0793 1720 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:33:25.0808 1720 BrFiltUp - ok
00:33:25.0918 1720 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
00:33:26.0011 1720 BridgeMP - ok
00:33:26.0105 1720 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
00:33:26.0183 1720 Browser - ok
00:33:26.0292 1720 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:33:26.0386 1720 Brserid - ok
00:33:26.0526 1720 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:33:26.0557 1720 BrSerWdm - ok
00:33:26.0666 1720 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:33:26.0698 1720 BrUsbMdm - ok
00:33:26.0838 1720 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:33:26.0854 1720 BrUsbSer - ok
00:33:26.0932 1720 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:33:26.0994 1720 BTHMODEM - ok
00:33:27.0119 1720 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:33:27.0212 1720 bthserv - ok
00:33:27.0290 1720 catchme - ok
00:33:27.0368 1720 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:33:27.0478 1720 cdfs - ok
00:33:27.0618 1720 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:33:27.0696 1720 cdrom - ok
00:33:27.0805 1720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:33:27.0883 1720 CertPropSvc - ok
00:33:27.0992 1720 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:33:28.0055 1720 circlass - ok
00:33:28.0180 1720 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:33:28.0211 1720 CLFS - ok
00:33:28.0367 1720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:33:28.0382 1720 clr_optimization_v2.0.50727_32 - ok
00:33:28.0523 1720 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:33:28.0538 1720 clr_optimization_v2.0.50727_64 - ok
00:33:28.0648 1720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:33:28.0648 1720 clr_optimization_v4.0.30319_32 - ok
00:33:28.0772 1720 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:33:28.0819 1720 clr_optimization_v4.0.30319_64 - ok
00:33:28.0913 1720 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:33:28.0928 1720 CmBatt - ok
00:33:28.0991 1720 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:33:29.0038 1720 cmdide - ok
00:33:29.0147 1720 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
00:33:29.0209 1720 CNG - ok
00:33:29.0303 1720 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:33:29.0318 1720 Compbatt - ok
00:33:29.0443 1720 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:33:29.0506 1720 CompositeBus - ok
00:33:29.0584 1720 COMSysApp - ok
00:33:29.0693 1720 cpuz130 - ok
00:33:29.0755 1720 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:33:29.0802 1720 crcdisk - ok
00:33:29.0942 1720 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:33:30.0020 1720 CryptSvc - ok
00:33:30.0083 1720 Suspicious service (NoAccess): d9b771ee34184683
00:33:30.0161 1720 [ 89E846B9BC49495EE7CC61B087B5928E ] d9b771ee34184683 C:\Windows\System32\Drivers\d9b771ee34184683.sys
00:33:30.0161 1720 Suspicious file (NoAccess): C:\Windows\System32\Drivers\d9b771ee34184683.sys. md5: 89E846B9BC49495EE7CC61B087B5928E
00:33:30.0270 1720 d9b771ee34184683 ( Rootkit.Win32.Necurs.gen ) - infected
00:33:30.0270 1720 d9b771ee34184683 - detected Rootkit.Win32.Necurs.gen (0)
00:33:30.0379 1720 [ DB0459AFD124CE5CCB649E33F95D715F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
00:33:30.0410 1720 dc3d - ok
00:33:30.0535 1720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:33:30.0629 1720 DcomLaunch - ok
00:33:30.0738 1720 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:33:30.0816 1720 defragsvc - ok
00:33:30.0956 1720 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:33:31.0034 1720 DfsC - ok
00:33:31.0144 1720 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:33:31.0284 1720 Dhcp - ok
00:33:31.0378 1720 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:33:31.0487 1720 discache - ok
00:33:31.0596 1720 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:33:31.0627 1720 Disk - ok
00:33:31.0877 1720 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
00:33:31.0877 1720 DKbFltr - ok
00:33:31.0986 1720 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:33:32.0064 1720 Dnscache - ok
00:33:32.0173 1720 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:33:32.0251 1720 dot3svc - ok
00:33:32.0392 1720 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:33:32.0423 1720 dot4 - ok
00:33:32.0563 1720 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
00:33:32.0641 1720 Dot4Print - ok
00:33:32.0766 1720 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:33:32.0797 1720 dot4usb - ok
00:33:32.0922 1720 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:33:32.0969 1720 DPS - ok
00:33:33.0062 1720 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:33:33.0109 1720 drmkaud - ok
00:33:33.0296 1720 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:33:33.0328 1720 DXGKrnl - ok
00:33:33.0421 1720 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:33:33.0515 1720 EapHost - ok
00:33:33.0686 1720 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:33:33.0842 1720 ebdrv - ok
00:33:33.0936 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
00:33:33.0983 1720 EFS - ok
00:33:34.0123 1720 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:33:34.0170 1720 ehRecvr - ok
00:33:34.0279 1720 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:33:34.0295 1720 ehSched - ok
00:33:34.0404 1720 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:33:34.0435 1720 elxstor - ok
00:33:34.0591 1720 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:33:34.0622 1720 ePowerSvc - ok
00:33:34.0716 1720 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:33:34.0747 1720 ErrDev - ok
00:33:34.0950 1720 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:33:35.0044 1720 EventSystem - ok
00:33:35.0184 1720 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:33:35.0246 1720 exfat - ok
00:33:35.0371 1720 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:33:35.0449 1720 fastfat - ok
00:33:35.0558 1720 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:33:35.0668 1720 Fax - ok
00:33:35.0761 1720 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:33:35.0824 1720 fdc - ok
00:33:35.0933 1720 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:33:36.0011 1720 fdPHost - ok
00:33:36.0120 1720 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:33:36.0214 1720 FDResPub - ok
00:33:36.0323 1720 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:33:36.0354 1720 FileInfo - ok
00:33:36.0448 1720 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:33:36.0541 1720 Filetrace - ok
00:33:36.0635 1720 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:33:36.0666 1720 flpydisk - ok
00:33:36.0760 1720 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:33:36.0775 1720 FltMgr - ok
00:33:36.0916 1720 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:33:36.0978 1720 FontCache - ok
00:33:37.0118 1720 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:33:37.0134 1720 FontCache3.0.0.0 - ok
00:33:37.0228 1720 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:33:37.0243 1720 FsDepends - ok
00:33:37.0352 1720 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:33:37.0368 1720 Fs_Rec - ok
00:33:37.0462 1720 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:33:37.0477 1720 fvevol - ok
00:33:37.0586 1720 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:33:37.0602 1720 gagp30kx - ok
00:33:37.0680 1720 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:33:37.0696 1720 GEARAspiWDM - ok
00:33:37.0820 1720 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:33:37.0930 1720 gpsvc - ok
00:33:38.0086 1720 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
00:33:38.0148 1720 Greg_Service - ok
00:33:38.0226 1720 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:33:38.0288 1720 hcw85cir - ok
00:33:38.0429 1720 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:33:38.0476 1720 HdAudAddService - ok
00:33:38.0600 1720 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:33:38.0647 1720 HDAudBus - ok
00:33:38.0756 1720 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:33:38.0803 1720 HidBatt - ok
00:33:38.0912 1720 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:33:38.0944 1720 HidBth - ok
00:33:39.0053 1720 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:33:39.0084 1720 HidIr - ok
00:33:39.0193 1720 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
00:33:39.0287 1720 hidserv - ok
00:33:39.0427 1720 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
00:33:39.0474 1720 HidUsb - ok
00:33:39.0568 1720 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:33:39.0661 1720 hkmsvc - ok
00:33:39.0770 1720 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:33:39.0817 1720 HomeGroupListener - ok
00:33:39.0926 1720 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:33:39.0989 1720 HomeGroupProvider - ok
00:33:40.0098 1720 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:33:40.0129 1720 HpSAMD - ok
00:33:40.0254 1720 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:33:40.0363 1720 HTTP - ok
00:33:40.0472 1720 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:33:40.0504 1720 hwpolicy - ok
00:33:40.0613 1720 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:33:40.0628 1720 i8042prt - ok
00:33:40.0738 1720 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:33:40.0769 1720 iaStorV - ok
00:33:40.0894 1720 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:33:40.0925 1720 idsvc - ok
00:33:41.0018 1720 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:33:41.0034 1720 iirsp - ok
00:33:41.0159 1720 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:33:41.0252 1720 IKEEXT - ok
00:33:41.0440 1720 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:33:41.0502 1720 IntcAzAudAddService - ok
00:33:41.0580 1720 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:33:41.0596 1720 intelide - ok
00:33:41.0674 1720 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:33:41.0736 1720 intelppm - ok
00:33:41.0845 1720 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:33:41.0923 1720 IPBusEnum - ok
00:33:42.0032 1720 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:33:42.0110 1720 IpFilterDriver - ok
00:33:42.0220 1720 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:33:42.0313 1720 iphlpsvc - ok
00:33:42.0422 1720 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:33:42.0485 1720 IPMIDRV - ok
00:33:42.0594 1720 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:33:42.0672 1720 IPNAT - ok
00:33:42.0859 1720 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:33:42.0890 1720 iPod Service - ok
00:33:42.0953 1720 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:33:43.0062 1720 IRENUM - ok
00:33:43.0156 1720 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:33:43.0171 1720 isapnp - ok
00:33:43.0249 1720 iscFlash - ok
00:33:43.0327 1720 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:33:43.0374 1720 iScsiPrt - ok
00:33:43.0468 1720 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:33:43.0468 1720 kbdclass - ok
00:33:43.0608 1720 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:33:43.0655 1720 kbdhid - ok
00:33:43.0748 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
00:33:43.0764 1720 KeyIso - ok
00:33:43.0842 1720 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:33:43.0873 1720 KSecDD - ok
00:33:43.0967 1720 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:33:43.0982 1720 KSecPkg - ok
00:33:44.0107 1720 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:33:44.0216 1720 ksthunk - ok
00:33:44.0326 1720 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:33:44.0435 1720 KtmRm - ok
00:33:44.0560 1720 [ 9C46A5421DE9D116C47155317CABB522 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
00:33:44.0622 1720 L1C - ok
00:33:44.0747 1720 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
00:33:44.0856 1720 LanmanServer - ok
00:33:44.0996 1720 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:33:45.0074 1720 LanmanWorkstation - ok
00:33:45.0168 1720 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:33:45.0246 1720 lltdio - ok
00:33:45.0402 1720 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:33:45.0496 1720 lltdsvc - ok
00:33:45.0636 1720 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:33:45.0714 1720 lmhosts - ok
00:33:45.0823 1720 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:33:45.0839 1720 LSI_FC - ok
00:33:45.0948 1720 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:33:45.0964 1720 LSI_SAS - ok
00:33:46.0042 1720 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:33:46.0073 1720 LSI_SAS2 - ok
00:33:46.0166 1720 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:33:46.0182 1720 LSI_SCSI - ok
00:33:46.0276 1720 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:33:46.0354 1720 luafv - ok
00:33:46.0478 1720 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:33:46.0494 1720 Mcx2Svc - ok
00:33:46.0619 1720 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:33:46.0634 1720 megasas - ok
00:33:46.0744 1720 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:33:46.0759 1720 MegaSR - ok
00:33:46.0931 1720 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:33:46.0946 1720 Microsoft Office Groove Audit Service - ok
00:33:47.0056 1720 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:33:47.0165 1720 MMCSS - ok
00:33:47.0274 1720 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:33:47.0352 1720 Modem - ok
00:33:47.0446 1720 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:33:47.0508 1720 monitor - ok
00:33:47.0617 1720 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:33:47.0664 1720 mouclass - ok
00:33:47.0742 1720 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:33:47.0789 1720 mouhid - ok
00:33:47.0914 1720 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:33:47.0960 1720 mountmgr - ok
00:33:48.0132 1720 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:33:48.0132 1720 MozillaMaintenance - ok
00:33:48.0241 1720 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:33:48.0257 1720 MpFilter - ok
00:33:48.0335 1720 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:33:48.0366 1720 mpio - ok
00:33:48.0475 1720 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
00:33:48.0491 1720 MpNWMon - ok
00:33:48.0553 1720 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:33:48.0631 1720 mpsdrv - ok
00:33:48.0756 1720 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:33:48.0850 1720 MpsSvc - ok
00:33:48.0943 1720 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:33:49.0021 1720 MRxDAV - ok
00:33:49.0146 1720 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:33:49.0208 1720 mrxsmb - ok
00:33:49.0302 1720 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:33:49.0364 1720 mrxsmb10 - ok
00:33:49.0458 1720 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:33:49.0505 1720 mrxsmb20 - ok
00:33:49.0567 1720 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:33:49.0583 1720 msahci - ok
00:33:49.0692 1720 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:33:49.0723 1720 msdsm - ok
00:33:49.0832 1720 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:33:49.0895 1720 MSDTC - ok
00:33:50.0035 1720 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:33:50.0113 1720 Msfs - ok
00:33:50.0207 1720 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:33:50.0300 1720 mshidkmdf - ok
00:33:50.0425 1720 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:33:50.0441 1720 msisadrv - ok
00:33:50.0534 1720 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:33:50.0659 1720 MSiSCSI - ok
00:33:50.0737 1720 msiserver - ok
00:33:50.0815 1720 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:33:50.0909 1720 MSKSSRV - ok
00:33:51.0065 1720 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:33:51.0080 1720 MsMpSvc - ok
00:33:51.0190 1720 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:33:51.0268 1720 MSPCLOCK - ok
00:33:51.0361 1720 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:33:51.0455 1720 MSPQM - ok
00:33:51.0564 1720 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:33:51.0595 1720 MsRPC - ok
00:33:51.0720 1720 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:33:51.0736 1720 mssmbios - ok
00:33:51.0829 1720 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:33:51.0907 1720 MSTEE - ok
00:33:51.0985 1720 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:33:52.0032 1720 MTConfig - ok
00:33:52.0126 1720 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:33:52.0172 1720 Mup - ok
00:33:52.0266 1720 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:33:52.0344 1720 napagent - ok
00:33:52.0469 1720 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:33:52.0547 1720 NativeWifiP - ok
00:33:52.0687 1720 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:33:52.0734 1720 NDIS - ok
00:33:52.0812 1720 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:33:52.0921 1720 NdisCap - ok
00:33:53.0015 1720 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:33:53.0108 1720 NdisTapi - ok
00:33:53.0218 1720 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:33:53.0311 1720 Ndisuio - ok
00:33:53.0389 1720 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:33:53.0498 1720 NdisWan - ok
00:33:53.0608 1720 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:33:53.0670 1720 NDProxy - ok
00:33:53.0779 1720 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:33:53.0857 1720 NetBIOS - ok
00:33:53.0951 1720 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:33:54.0029 1720 NetBT - ok
00:33:54.0091 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
00:33:54.0138 1720 Netlogon - ok
00:33:54.0216 1720 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:33:54.0310 1720 Netman - ok
00:33:54.0419 1720 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:33:54.0528 1720 netprofm - ok
00:33:54.0653 1720 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:33:54.0668 1720 NetTcpPortSharing - ok
00:33:54.0809 1720 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:33:54.0840 1720 nfrd960 - ok
00:33:54.0934 1720 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:33:54.0949 1720 NisDrv - ok
00:33:55.0027 1720 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:33:55.0043 1720 NisSrv - ok
00:33:55.0136 1720 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:33:55.0214 1720 NlaSvc - ok
00:33:55.0324 1720 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:33:55.0370 1720 Npfs - ok
00:33:55.0433 1720 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:33:55.0511 1720 nsi - ok
00:33:55.0589 1720 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:33:55.0667 1720 nsiproxy - ok
00:33:55.0870 1720 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:33:55.0932 1720 Ntfs - ok
00:33:56.0322 1720 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
00:33:56.0338 1720 NuidFltr - ok
00:33:56.0416 1720 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:33:56.0494 1720 Null - ok
00:33:56.0572 1720 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:33:56.0587 1720 nvraid - ok
00:33:56.0665 1720 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:33:56.0696 1720 nvstor - ok
00:33:56.0806 1720 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:33:56.0837 1720 nv_agp - ok
00:33:57.0024 1720 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:33:57.0040 1720 odserv - ok
00:33:57.0118 1720 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:33:57.0196 1720 ohci1394 - ok
00:33:57.0352 1720 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:33:57.0367 1720 ose - ok
00:33:57.0508 1720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:33:57.0554 1720 p2pimsvc - ok
00:33:57.0679 1720 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:33:57.0695 1720 p2psvc - ok
00:33:57.0773 1720 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:33:57.0820 1720 Parport - ok
00:33:57.0913 1720 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:33:57.0929 1720 partmgr - ok
00:33:58.0007 1720 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:33:58.0085 1720 PcaSvc - ok
00:33:58.0178 1720 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:33:58.0210 1720 pci - ok
00:33:58.0303 1720 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:33:58.0319 1720 pciide - ok
00:33:58.0412 1720 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:33:58.0428 1720 pcmcia - ok
00:33:58.0506 1720 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:33:58.0537 1720 pcw - ok
00:33:58.0646 1720 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:33:58.0724 1720 PEAUTH - ok
00:33:58.0865 1720 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:33:58.0912 1720 PerfHost - ok
00:33:59.0130 1720 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:33:59.0224 1720 pla - ok
00:33:59.0348 1720 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:33:59.0411 1720 PlugPlay - ok
00:33:59.0520 1720 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:33:59.0567 1720 PNRPAutoReg - ok
00:33:59.0676 1720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:33:59.0723 1720 PNRPsvc - ok
00:33:59.0801 1720 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:33:59.0879 1720 PolicyAgent - ok
00:34:00.0004 1720 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:34:00.0082 1720 Power - ok
00:34:00.0191 1720 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:34:00.0269 1720 PptpMiniport - ok
00:34:00.0409 1720 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:34:00.0456 1720 Processor - ok
00:34:00.0565 1720 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
00:34:00.0659 1720 ProfSvc - ok
00:34:00.0737 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
00:34:00.0784 1720 ProtectedStorage - ok
00:34:00.0877 1720 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:34:00.0971 1720 Psched - ok
00:34:01.0096 1720 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:34:01.0142 1720 ql2300 - ok
00:34:01.0252 1720 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:34:01.0314 1720 ql40xx - ok
00:34:01.0423 1720 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:34:01.0486 1720 QWAVE - ok
00:34:01.0564 1720 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:34:01.0610 1720 QWAVEdrv - ok
00:34:01.0720 1720 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:34:01.0798 1720 RasAcd - ok
00:34:01.0907 1720 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:34:01.0985 1720 RasAgileVpn - ok
00:34:02.0063 1720 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:34:02.0188 1720 RasAuto - ok
00:34:02.0281 1720 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:34:02.0375 1720 Rasl2tp - ok
00:34:02.0500 1720 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:34:02.0593 1720 RasMan - ok
00:34:02.0718 1720 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:34:02.0796 1720 RasPppoe - ok
00:34:02.0890 1720 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:34:02.0968 1720 RasSstp - ok
00:34:03.0092 1720 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:34:03.0170 1720 rdbss - ok
00:34:03.0280 1720 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:34:03.0326 1720 rdpbus - ok
00:34:03.0404 1720 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:34:03.0482 1720 RDPCDD - ok
00:34:03.0623 1720 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:34:03.0701 1720 RDPENCDD - ok
00:34:03.0810 1720 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:34:03.0857 1720 RDPREFMP - ok
00:34:03.0950 1720 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:34:03.0997 1720 RDPWD - ok
00:34:04.0106 1720 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:34:04.0122 1720 rdyboost - ok
00:34:04.0247 1720 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:34:04.0356 1720 RemoteAccess - ok
00:34:04.0481 1720 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:34:04.0559 1720 RemoteRegistry - ok
00:34:04.0684 1720 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:34:04.0762 1720 RpcEptMapper - ok
00:34:04.0902 1720 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:34:04.0918 1720 RpcLocator - ok
00:34:05.0027 1720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
00:34:05.0120 1720 RpcSs - ok
00:34:05.0230 1720 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:34:05.0308 1720 rspndr - ok
00:34:05.0417 1720 [ FB39AF63D6617F028BA0EBC21B83360D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
00:34:05.0464 1720 RSUSBSTOR - ok
00:34:05.0542 1720 RtsUIR - ok
00:34:05.0604 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
00:34:05.0620 1720 SamSs - ok
00:34:05.0729 1720 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:34:05.0744 1720 sbp2port - ok
00:34:05.0838 1720 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:34:05.0978 1720 SCardSvr - ok
00:34:06.0103 1720 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:34:06.0181 1720 scfilter - ok
00:34:06.0290 1720 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:34:06.0415 1720 Schedule - ok
00:34:06.0540 1720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:34:06.0587 1720 SCPolicySvc - ok
00:34:06.0680 1720 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:34:06.0743 1720 SDRSVC - ok
00:34:06.0836 1720 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:34:06.0930 1720 secdrv - ok
00:34:07.0055 1720 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:34:07.0133 1720 seclogon - ok
00:34:07.0226 1720 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
00:34:07.0304 1720 SENS - ok
00:34:07.0445 1720 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:34:07.0492 1720 SensrSvc - ok
00:34:07.0601 1720 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:34:07.0648 1720 Serenum - ok
00:34:07.0741 1720 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:34:07.0757 1720 Serial - ok
00:34:07.0866 1720 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:34:07.0897 1720 sermouse - ok
00:34:08.0038 1720 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:34:08.0147 1720 SessionEnv - ok
00:34:08.0256 1720 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:34:08.0287 1720 sffdisk - ok
00:34:08.0365 1720 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:34:08.0428 1720 sffp_mmc - ok
00:34:08.0521 1720 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:34:08.0584 1720 sffp_sd - ok
00:34:08.0662 1720 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:34:08.0677 1720 sfloppy - ok
00:34:08.0818 1720 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:34:08.0911 1720 SharedAccess - ok
00:34:09.0020 1720 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:34:09.0098 1720 ShellHWDetection - ok
00:34:09.0192 1720 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:34:09.0208 1720 SiSRaid2 - ok
00:34:09.0317 1720 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:34:09.0332 1720 SiSRaid4 - ok
00:34:09.0410 1720 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:34:09.0488 1720 Smb - ok
00:34:09.0644 1720 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:34:09.0707 1720 SNMPTRAP - ok
00:34:09.0816 1720 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:34:09.0847 1720 spldr - ok
00:34:09.0972 1720 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
00:34:10.0050 1720 Spooler - ok
00:34:10.0206 1720 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:34:10.0331 1720 sppsvc - ok
00:34:10.0456 1720 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:34:10.0502 1720 sppuinotify - ok
00:34:10.0627 1720 [ 51DE15CA5C05BCA46D8B110CD00A02FB ] sptd C:\Windows\system32\Drivers\sptd.sys
00:34:10.0658 1720 sptd - ok
00:34:10.0752 1720 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:34:10.0877 1720 srv - ok
00:34:10.0970 1720 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:34:11.0017 1720 srv2 - ok
00:34:11.0111 1720 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:34:11.0173 1720 srvnet - ok
00:34:11.0298 1720 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:34:11.0376 1720 SSDPSRV - ok
00:34:11.0516 1720 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:34:11.0579 1720 SstpSvc - ok
00:34:11.0688 1720 Steam Client Service - ok
00:34:11.0782 1720 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:34:11.0797 1720 stexstor - ok
00:34:11.0922 1720 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:34:11.0984 1720 stisvc - ok
00:34:12.0109 1720 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:34:12.0109 1720 swenum - ok
00:34:12.0343 1720 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:34:12.0359 1720 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
00:34:12.0359 1720 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
00:34:12.0468 1720 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:34:12.0562 1720 swprv - ok
00:34:12.0671 1720 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:34:12.0686 1720 SynTP - ok
00:34:12.0858 1720 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:34:12.0936 1720 SysMain - ok
00:34:13.0045 1720 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:34:13.0092 1720 TabletInputService - ok
00:34:13.0232 1720 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:34:13.0342 1720 TapiSrv - ok
00:34:13.0435 1720 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:34:13.0513 1720 TBS - ok
00:34:13.0685 1720 [ F0E98C00A09FDF791525829A1D14240F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:34:13.0747 1720 Tcpip - ok
00:34:13.0903 1720 [ F0E98C00A09FDF791525829A1D14240F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:34:13.0950 1720 TCPIP6 - ok
00:34:14.0059 1720 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:34:14.0153 1720 tcpipreg - ok
00:34:14.0262 1720 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:34:14.0340 1720 TDPIPE - ok
00:34:14.0449 1720 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:34:14.0527 1720 TDTCP - ok
00:34:14.0636 1720 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:34:14.0683 1720 tdx - ok
00:34:14.0730 1720 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:34:14.0761 1720 TermDD - ok
00:34:14.0886 1720 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:34:14.0995 1720 TermService - ok
00:34:15.0089 1720 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
00:34:15.0136 1720 Themes ( UnsignedFile.Multi.Generic ) - warning
00:34:15.0136 1720 Themes - detected UnsignedFile.Multi.Generic (1)
00:34:15.0245 1720 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:34:15.0323 1720 THREADORDER - ok
00:34:15.0401 1720 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:34:15.0479 1720 TrkWks - ok
00:34:15.0604 1720 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:34:15.0650 1720 TrustedInstaller - ok
00:34:15.0760 1720 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:34:15.0822 1720 tssecsrv - ok
00:34:15.0947 1720 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:34:16.0025 1720 TsUsbFlt - ok
00:34:16.0150 1720 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:34:16.0243 1720 tunnel - ok
00:34:16.0337 1720 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:34:16.0384 1720 uagp35 - ok
00:34:16.0493 1720 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:34:16.0571 1720 udfs - ok
00:34:16.0711 1720 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:34:16.0727 1720 UI0Detect - ok
00:34:16.0820 1720 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:34:16.0836 1720 uliagpkx - ok
00:34:16.0930 1720 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:34:16.0976 1720 umbus - ok
00:34:17.0086 1720 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:34:17.0132 1720 UmPass - ok
00:34:17.0304 1720 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:34:17.0320 1720 Updater Service - ok
00:34:17.0429 1720 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:34:17.0522 1720 upnphost - ok
00:34:17.0647 1720 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:34:17.0663 1720 USBAAPL64 - ok
00:34:17.0788 1720 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:34:17.0834 1720 usbaudio - ok
00:34:17.0975 1720 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
00:34:17.0990 1720 usbccgp - ok
00:34:18.0068 1720 USBCCID - ok
00:34:18.0146 1720 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:34:18.0178 1720 usbcir - ok
00:34:18.0271 1720 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:34:18.0302 1720 usbehci - ok
00:34:18.0412 1720 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
00:34:18.0427 1720 usbfilter - ok
00:34:18.0536 1720 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
00:34:18.0568 1720 usbhub - ok
00:34:18.0646 1720 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:34:18.0661 1720 usbohci - ok
00:34:18.0770 1720 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:34:18.0848 1720 usbprint - ok
00:34:18.0958 1720 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:34:19.0004 1720 USBSTOR - ok
00:34:19.0082 1720 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:34:19.0129 1720 usbuhci - ok
00:34:19.0238 1720 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:34:19.0285 1720 usbvideo - ok
00:34:19.0379 1720 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:34:19.0472 1720 UxSms - ok
00:34:19.0550 1720 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
00:34:19.0582 1720 VaultSvc - ok
00:34:19.0675 1720 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:34:19.0691 1720 vdrvroot - ok
00:34:19.0784 1720 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:34:19.0878 1720 vds - ok
00:34:19.0972 1720 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:34:19.0987 1720 vga - ok
00:34:20.0081 1720 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:34:20.0190 1720 VgaSave - ok
00:34:20.0299 1720 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:34:20.0346 1720 vhdmp - ok
00:34:20.0440 1720 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:34:20.0440 1720 viaide - ok
00:34:20.0549 1720 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:34:20.0564 1720 volmgr - ok
00:34:20.0674 1720 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:34:20.0705 1720 volmgrx - ok
00:34:20.0783 1720 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:34:20.0798 1720 volsnap - ok
00:34:20.0876 1720 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:34:20.0923 1720 vsmraid - ok
00:34:21.0079 1720 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:34:21.0173 1720 VSS - ok
00:34:21.0251 1720 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:34:21.0282 1720 vwifibus - ok
00:34:21.0344 1720 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:34:21.0422 1720 vwififlt - ok
00:34:21.0532 1720 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:34:21.0578 1720 vwifimp - ok
00:34:21.0688 1720 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:34:21.0766 1720 W32Time - ok
00:34:21.0906 1720 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:34:21.0968 1720 WacomPen - ok
00:34:22.0093 1720 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:34:22.0171 1720 WANARP - ok
00:34:22.0265 1720 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:34:22.0343 1720 Wanarpv6 - ok
00:34:22.0546 1720 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:34:22.0592 1720 WatAdminSvc - ok
00:34:22.0764 1720 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:34:22.0826 1720 wbengine - ok
00:34:22.0936 1720 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:34:22.0982 1720 WbioSrvc - ok
00:34:23.0092 1720 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:34:23.0170 1720 wcncsvc - ok
00:34:23.0294 1720 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:34:23.0372 1720 WcsPlugInService - ok
00:34:23.0482 1720 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:34:23.0513 1720 Wd - ok
00:34:23.0622 1720 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:34:23.0684 1720 Wdf01000 - ok
00:34:23.0731 1720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:34:23.0794 1720 WdiServiceHost - ok
00:34:23.0872 1720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:34:23.0903 1720 WdiSystemHost - ok
00:34:24.0012 1720 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:34:24.0059 1720 WebClient - ok
00:34:24.0168 1720 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:34:24.0277 1720 Wecsvc - ok
00:34:24.0402 1720 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:34:24.0496 1720 wercplsupport - ok
00:34:24.0605 1720 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:34:24.0652 1720 WerSvc - ok
00:34:24.0761 1720 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:34:24.0808 1720 WfpLwf - ok
00:34:24.0886 1720 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:34:24.0901 1720 WIMMount - ok
00:34:24.0979 1720 WinDefend - ok
00:34:25.0057 1720 WinHttpAutoProxySvc - ok
00:34:25.0182 1720 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:34:25.0291 1720 Winmgmt - ok
00:34:25.0447 1720 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:34:25.0588 1720 WinRM - ok
00:34:25.0790 1720 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:34:25.0806 1720 WinUsb - ok
00:34:25.0915 1720 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:34:26.0009 1720 Wlansvc - ok
00:34:26.0305 1720 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:34:26.0383 1720 wlidsvc - ok
00:34:26.0492 1720 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:34:26.0539 1720 WmiAcpi - ok
00:34:26.0695 1720 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:34:26.0742 1720 wmiApSrv - ok
00:34:26.0820 1720 WMPNetworkSvc - ok
00:34:26.0882 1720 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:34:26.0929 1720 WPCSvc - ok
00:34:27.0023 1720 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:34:27.0038 1720 WPDBusEnum - ok
00:34:27.0116 1720 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:34:27.0194 1720 ws2ifsl - ok
00:34:27.0272 1720 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
00:34:27.0350 1720 wscsvc - ok
00:34:27.0413 1720 WSearch - ok
00:34:27.0584 1720 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:34:27.0662 1720 wuauserv - ok
00:34:27.0787 1720 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:34:27.0834 1720 WudfPf - ok
00:34:27.0943 1720 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:34:28.0052 1720 WUDFRd - ok
00:34:28.0146 1720 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:34:28.0193 1720 wudfsvc - ok
00:34:28.0286 1720 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:34:28.0349 1720 WwanSvc - ok
00:34:28.0489 1720 ================ Scan global ===============================
00:34:28.0552 1720 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:34:28.0630 1720 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:34:28.0645 1720 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:34:28.0692 1720 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:34:28.0723 1720 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:34:28.0739 1720 [Global] - ok
00:34:28.0739 1720 ================ Scan MBR ==================================
00:34:28.0786 1720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:34:29.0768 1720 \Device\Harddisk0\DR0 - ok
00:34:29.0768 1720 ================ Scan VBR ==================================
00:34:29.0815 1720 [ 358B3811BFBE0715510687B1AE7C5C05 ] \Device\Harddisk0\DR0\Partition1
00:34:29.0815 1720 \Device\Harddisk0\DR0\Partition1 - ok
00:34:29.0831 1720 [ 20BDE2FFDC2FD9EA7A625D5A9475B375 ] \Device\Harddisk0\DR0\Partition2
00:34:29.0846 1720 \Device\Harddisk0\DR0\Partition2 - ok
00:34:29.0846 1720 ============================================================
00:34:29.0846 1720 Scan finished
00:34:29.0846 1720 ============================================================
00:34:29.0862 0444 Detected object count: 3
00:34:29.0862 0444 Actual detected object count: 3
00:37:45.0237 0444 C:\Windows\System32\Drivers\d9b771ee34184683.sys - copied to quarantine
00:37:45.0284 0444 HKLM\SYSTEM\ControlSet001\services\d9b771ee34184683 - will be deleted on reboot
00:37:45.0377 0444 HKLM\SYSTEM\ControlSet002\services\d9b771ee34184683 - will be deleted on reboot
00:37:45.0986 0444 C:\Windows\System32\Drivers\d9b771ee34184683.sys - will be deleted on reboot
00:37:45.0986 0444 d9b771ee34184683 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
00:37:46.0001 0444 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:46.0001 0444 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:37:46.0001 0444 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
00:37:46.0001 0444 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:38:05.0720 2044 Deinitialize success



Malwarebytes Log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Norton :: LAPTOP [administrator]

9/5/12 12:57:51 AM
mbam-log-2012-09-05 (00-57-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198483
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



VEW System Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/09/2012 1:30:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2012 6:28:49 AM
Type: Error Category: 0
Event: 3002 Source: Microsoft Antimalware
Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

Log: 'System' Date/Time: 05/09/2012 6:28:37 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: sptd

Log: 'System' Date/Time: 05/09/2012 6:28:13 AM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 05/09/2012 6:28:13 AM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

Log: 'System' Date/Time: 05/09/2012 6:27:58 AM
Type: Error Category: 0
Event: 4 Source: sptd
Driver detected an internal error in its data structures for .

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/09/2012 6:27:37 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



VEW Application Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/09/2012 1:32:41 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/09/2012 6:27:30 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 05/09/2012 6:27:29 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.




FSS Log

Farbar Service Scanner Version: 06-08-2012
Ran by Norton (administrator) on 05-09-2012 at 02:11:32
Running from "C:\Users\Norton\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Computer seems to be running fine. No more Google re-direct and no more Windows 8 Security Essentials bull crap haha. Thank you for your patience. Any more scans you will want me to run?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
TDSSKiller took out a rootkit. aswMBR and CF had flagged it. Run Combofix again please and post the log.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).


I've got to go off-island for the day so no more replies until late tonight.
  • 0

#7
BlazeHeatnix

BlazeHeatnix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix Log

ComboFix 12-09-05.02 - Norton d 09/05/12 21:27:18.5.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1781 [GMT -5:00]
Running from: c:\users\Norton\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 02:35 . 2012-09-06 02:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-06 02:35 . 2012-09-06 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 05:56 . 2012-09-05 05:56 -------- d-----w- c:\users\Norton\AppData\Roaming\Malwarebytes
2012-09-05 05:56 . 2012-09-05 05:56 -------- d-----w- c:\programdata\Malwarebytes
2012-09-05 05:56 . 2012-09-05 05:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-05 05:56 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 04:46 . 2012-09-05 04:46 -------- d-----w- C:\_OTL
2012-09-05 03:47 . 2012-02-09 19:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCAF14D3-3602-4ECF-A59F-827456B2A6DF}\gapaengine.dll
2012-09-05 03:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1A280E5D-98B7-43F4-B38E-0EFAF171300C}\mpengine.dll
2012-08-30 03:14 . 2012-09-05 05:37 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-23 08:26 . 2011-10-05 03:52 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-05_05.25.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 02:34 . 2012-09-06 01:58 57570 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-06 01:58 45642 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 23:24 . 2012-09-06 01:58 17968 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2504362823-1664360736-3732123707-1000_UserData.bin
+ 2009-07-13 23:54 . 2009-07-14 01:41 44544 c:\windows\system32\themeservice.dll
- 2009-07-13 23:54 . 2010-05-12 00:13 44544 c:\windows\system32\themeservice.dll
- 2012-09-05 04:47 . 2012-09-05 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-06 01:56 . 2012-09-06 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-06 01:56 . 2012-09-06 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 04:47 . 2012-09-05 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-13 23:55 . 2010-05-12 00:13 332288 c:\windows\system32\uxtheme.dll
+ 2009-07-13 23:55 . 2009-07-14 01:41 332288 c:\windows\system32\uxtheme.dll
- 2009-07-14 05:01 . 2012-09-04 03:15 475068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-05 07:27 475068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-26 09:14 . 2012-09-05 07:27 658772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2504362823-1664360736-3732123707-1000-12288.dat
- 2010-10-26 09:14 . 2012-08-30 04:29 658772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2504362823-1664360736-3732123707-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-28 1157128]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-27 828912]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\Norton\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
R3 iscFlash;iscFlash;c:\windows\SYSTEM32\DRIVERS\iscflash.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-13 67072]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000Core.job
- c:\users\Norton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 01:24]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504362823-1664360736-3732123707-1000UA.job
- c:\users\Norton\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-30 01:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5532&r=27361209d545l0384z185t48m2x232
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
TCP: Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}: DhcpNameServer = 74.128.17.114 74.128.19.102 192.168.1.1
TCP: Interfaces\{E6B08B89-55D9-4C41-9085-4E822E645B38}\96E63796768647D277966696D203330333: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Norton\AppData\Roaming\Mozilla\Firefox\Profiles\x8eu7lvy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-47673817.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2504362823-1664360736-3732123707-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fc,3c,6a,ea,8e,ac,b2,fc,39,f0,5d,37,ff,f8,18,34,c8,10,f3,42,7a,38,86,
b6,bb,61,1e,f5,f0,ce,17,a1,fa,ec,a7,3b,fe,ce,9d,c6,55,8f,35,d8,58,e9,86,cf,\
"??"=hex:7d,d3,5f,80,7c,5b,76,71,4e,3c,0d,39,8e,f3,c1,d2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11a_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-05 21:38:57
ComboFix-quarantined-files.txt 2012-09-06 02:38
ComboFix2.txt 2012-09-05 05:30
ComboFix3.txt 2012-08-30 04:18
ComboFix4.txt 2012-08-30 02:37
ComboFix5.txt 2012-09-06 02:25
.
Pre-Run: 15,610,359,808 bytes free
Post-Run: 15,417,348,096 bytes free
.
- - End Of File - - 6FB4290EF34B3CBC353ED48313B9CCB0



ESET found no threats....I looked for options to export the log and save it but saw nothing of the sort? It took about three and a half hours to finish scanning..
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Looks like your PC is clean. Unless you have other problems we can clean up now:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently actually makes things worse.

My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#9
BlazeHeatnix

BlazeHeatnix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you very much Ron. I greatly appreciate your help and your patience.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP