Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Hijack.NoFolderOption System Infected HELP

Started by Jayli , Sep 30 2012 12:04 PM

This topic is locked

#121
Jayli

Posted 07 November 2012 - 02:29 PM

Member

Topic Starter
Member
98 posts

ComboFix 12-11-06.03 - JayLi 07/11/2012 15:16:18.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2046.1164 [GMT -5:00]
Running from: c:\users\JayLi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-11-07 20:22 . 2012-11-07 20:22 -------- d-----w- c:\users\SYS\AppData\Local\temp
2012-11-07 20:22 . 2012-11-07 20:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-07 20:22 . 2012-11-07 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-07 19:50 . 2012-11-07 19:50 -------- d-----w- c:\program files\NirSoft
2012-11-07 19:11 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FE48BE8-7710-4A6E-9346-DDC77A014B02}\mpengine.dll
2012-11-03 21:49 . 2012-11-03 21:49 -------- d-----w- c:\programdata\SafeNet Sentinel
2012-11-03 21:49 . 2012-11-03 21:49 -------- d-----w- c:\program files\SafeNet Sentinel
2012-11-03 21:28 . 2012-11-07 21:58 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2012-11-03 15:06 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-11-03 15:06 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-11-03 08:14 . 2012-11-06 18:14 -------- d-----w- c:\windows\Panther
2012-11-03 08:03 . 2012-11-03 05:15 -------- d-----w- C:\$WINDOWS.~Q
2012-11-03 07:49 . 2012-11-06 21:29 -------- d-----w- C:\$INPLACE.~TR
2012-11-03 06:11 . 2012-11-03 06:11 -------- d-----w- c:\windows\PCHEALTH
2012-11-03 05:54 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-11-03 05:54 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-11-03 05:54 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-11-03 05:54 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-11-03 05:54 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-11-03 05:54 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-03 05:54 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-03 05:54 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-03 05:54 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-11-03 05:53 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 05:53 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-11-03 05:53 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-11-03 05:53 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-11-03 05:53 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-03 05:53 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-11-03 05:53 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-11-03 05:53 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-03 05:53 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-03 05:53 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-03 05:52 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-11-03 05:52 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-11-03 05:50 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-11-03 05:49 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-11-03 05:49 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-11-03 05:49 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-11-03 05:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-11-03 05:49 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-11-03 05:49 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-11-03 05:49 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-03 05:49 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-11-03 05:49 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-11-03 05:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-11-03 05:49 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-11-03 05:49 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-11-03 05:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-11-03 05:38 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-11-03 05:31 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-03 05:31 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-11-03 05:31 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-03 05:31 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-11-03 05:31 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-11-03 05:31 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-11-03 05:31 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-11-03 05:30 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-03 05:30 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-11-03 04:19 . 2012-11-07 22:01 -------- d-----w- c:\users\Administrator
2012-11-03 04:19 . 2012-11-07 22:01 -------- d-----w- c:\users\Lisette Miller
2012-11-03 04:19 . 2012-11-07 19:02 -------- d-----w- c:\users\JayLi
2012-11-03 04:19 . 2012-11-07 22:01 -------- d-----w- c:\users\Guest
2012-11-03 02:30 . 2012-11-07 22:00 -------- d-----w- c:\windows\system32\SPReview
2012-11-03 01:52 . 2012-11-07 22:00 -------- d-----w- c:\windows\system32\EventProviders
2012-11-03 01:13 . 2012-11-06 18:29 -------- d-----w- C:\4d8af5a9e4fb7f239f652fdd2cee
2012-11-03 01:06 . 2012-11-03 06:06 -------- d-----w- c:\windows\system32\Wat
2012-11-03 01:01 . 2012-11-03 04:44 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-02 22:13 . 2012-11-07 21:47 -------- d-----w- c:\programdata\Malwarebytes
2012-11-02 22:12 . 2012-11-07 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-02 22:12 . 2012-09-29 23:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-02 20:49 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63DC256E-C81A-424B-B33A-1E3C6F6B8087}\mpengine.dll
2012-11-02 18:56 . 2012-11-03 04:43 -------- d-----w- c:\users\NEWBIE
2012-11-02 05:27 . 2012-11-07 21:47 -------- d-----w- c:\users\CopyCat
2012-10-30 09:02 . 2012-10-30 09:13 131384 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2012-10-30 09:02 . 2012-10-30 09:02 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-10-28 02:08 . 2012-05-31 16:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-27 20:48 . 2012-11-07 21:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-26 02:49 . 2012-10-26 03:55 -------- d-----w- c:\programdata\RegRun
2012-10-26 02:49 . 2012-10-26 02:49 2 --shatr- c:\windows\winstart.bat
2012-10-25 18:31 . 2012-11-03 04:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-24 02:24 . 2012-11-07 21:59 -------- d-----w- c:\program files\WinWatch
2012-10-24 02:08 . 2012-10-24 02:24 249856 ----a-w- c:\windows\Setup1.exe
2012-10-24 02:08 . 2012-10-24 02:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-10-22 21:57 . 2012-11-02 10:38 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-10-19 05:26 . 2012-11-07 22:01 -------- d-----w- c:\programdata\SecTaskMan
2012-10-19 04:38 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-18 06:56 . 2012-11-02 20:35 -------- d-----w- c:\programdata\Lavasoft
2012-10-18 06:55 . 2012-11-06 18:29 -------- d-----w- c:\program files\adawaretb
2012-10-18 06:55 . 2012-11-07 21:59 -------- d-----w- c:\program files\Toolbar Cleaner
2012-10-17 22:02 . 2012-11-07 21:57 -------- d-----w- c:\program files\CCleaner
2012-10-16 05:11 . 2012-10-16 05:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-16 05:00 . 2012-11-02 20:29 -------- d-----w- c:\programdata\HitmanPro
2012-10-14 07:58 . 2012-11-07 21:47 -------- d-----w- C:\RegBackup
2012-10-14 07:37 . 2012-11-06 18:13 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-14 07:36 . 2012-11-02 20:26 -------- d-----w- c:\program files\Tweaking.com
2012-10-14 07:30 . 2012-10-17 23:11 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-13 06:56 . 2012-10-14 11:08 -------- d-----w- c:\windows\Internet Logs
2012-10-12 07:32 . 2012-11-03 04:43 -------- d-----w- c:\programdata\Sophos
2012-10-12 07:32 . 2012-11-02 20:27 -------- d-----w- c:\program files\Sophos
2012-10-12 05:11 . 2012-10-12 05:35 -------- d-----w- c:\programdata\AVSoftware
2012-10-12 03:38 . 2012-11-02 21:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-09 04:21 . 2012-10-09 04:23 -------- d-----w- c:\program files\RRTFolder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-05 02:25 . 2012-08-30 23:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-05 02:25 . 2012-08-30 23:24 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2012-10-02 00:23 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-10-02 00:23 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-10-02 00:23 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-10-02 00:23 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-10-02 00:23 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-10-02 00:22 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-10-02 00:22 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-10-02 00:23 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-06 21:21 . 2012-10-06 21:21 2853 ----a-w- c:\windows\system32\COMMAND.PIF
2012-10-02 00:36 . 2012-10-02 00:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-02 00:36 . 2012-10-02 00:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-16 16:59 . 2012-09-16 16:59 44544 ----a-w- c:\windows\system32\agremove.exe
2012-09-10 03:37 . 2012-09-16 17:06 139 ----a-w- c:\windows\system32\devnum.vbs
2012-09-09 00:54 . 2012-09-09 01:28 27 ----a-w- c:\windows\system32\netwin.bat
2012-10-27 03:41 . 2012-10-27 03:40 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 1 (0x1)
"NoFolderOption"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 15:46 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 14:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SAiAdmin;SAiAdmin;c:\windows\System32\SAiAdmin.exe [x]
S2 SAiDownloader;SAiDownloader;c:\program files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe [x]
S2 SAiDownloaderVista;SAiDownloaderVista;c:\windows\System32\SAiDownloaderVista.exe [x]
S2 SAiLicSvr;SAiLicSvr;c:\windows\System32\SAiLicSvr.exe [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - NisDrv
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://msn.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\JayLi\AppData\Roaming\Mozilla\Firefox\Profiles\b9gr7xr1.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-03 00:36; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-07 15:25:15
ComboFix-quarantined-files.txt 2012-11-07 20:25
.
Pre-Run: 52,912,136,192 bytes free
Post-Run: 52,612,038,656 bytes free
.
- - End Of File - - 43190D913CBE672BF7D7D788C82D39E8

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TDSSKIller Log ~~~~~~~~~~~~~~~~~`

15:31:39.0586 1664 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:31:39.0835 1664 ============================================================
15:31:39.0835 1664 Current date / time: 2012/11/07 15:31:39.0835
15:31:39.0835 1664 SystemInfo:
15:31:39.0835 1664
15:31:39.0835 1664 OS Version: 6.1.7601 ServicePack: 1.0
15:31:39.0835 1664 Product type: Workstation
15:31:39.0835 1664 ComputerName: LISETTEMILLER
15:31:39.0835 1664 UserName: JayLi
15:31:39.0835 1664 Windows directory: C:\Windows
15:31:39.0835 1664 System windows directory: C:\Windows
15:31:39.0835 1664 Processor architecture: Intel x86
15:31:39.0835 1664 Number of processors: 2
15:31:39.0835 1664 Page size: 0x1000
15:31:39.0835 1664 Boot type: Normal boot
15:31:39.0835 1664 ============================================================
15:31:41.0661 1664 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:31:41.0661 1664 ============================================================
15:31:41.0661 1664 \Device\Harddisk0\DR0:
15:31:41.0661 1664 MBR partitions:
15:31:41.0661 1664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:31:41.0661 1664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
15:31:41.0661 1664 ============================================================
15:31:41.0692 1664 C: <-> \Device\Harddisk0\DR0\Partition2
15:31:41.0692 1664 ============================================================
15:31:41.0692 1664 Initialize success
15:31:41.0692 1664 ============================================================
15:31:57.0417 3004 ============================================================
15:31:57.0417 3004 Scan started
15:31:57.0417 3004 Mode: Manual;
15:31:57.0417 3004 ============================================================
15:31:57.0963 3004 ================ Scan system memory ========================
15:31:57.0963 3004 System memory - ok
15:31:57.0963 3004 ================ Scan services =============================
15:31:58.0197 3004 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:31:58.0212 3004 1394ohci - ok
15:31:58.0290 3004 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:31:58.0290 3004 ACPI - ok
15:31:58.0368 3004 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:31:58.0368 3004 AcpiPmi - ok
15:31:58.0431 3004 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:31:58.0431 3004 adp94xx - ok
15:31:58.0446 3004 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:31:58.0462 3004 adpahci - ok
15:31:58.0493 3004 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:31:58.0493 3004 adpu320 - ok
15:31:58.0540 3004 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:31:58.0540 3004 AeLookupSvc - ok
15:31:58.0602 3004 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:31:58.0618 3004 AFD - ok
15:31:58.0633 3004 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:31:58.0633 3004 agp440 - ok
15:31:58.0665 3004 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:31:58.0665 3004 aic78xx - ok
15:31:58.0711 3004 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:31:58.0727 3004 ALG - ok
15:31:58.0727 3004 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:31:58.0727 3004 aliide - ok
15:31:58.0743 3004 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:31:58.0743 3004 amdagp - ok
15:31:58.0758 3004 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:31:58.0758 3004 amdide - ok
15:31:58.0789 3004 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:31:58.0789 3004 AmdK8 - ok
15:31:58.0821 3004 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:31:58.0821 3004 AmdPPM - ok
15:31:58.0867 3004 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:31:58.0867 3004 amdsata - ok
15:31:58.0961 3004 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:31:58.0961 3004 amdsbs - ok
15:31:59.0023 3004 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:31:59.0023 3004 amdxata - ok
15:31:59.0133 3004 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:31:59.0133 3004 AppID - ok
15:31:59.0164 3004 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:31:59.0164 3004 AppIDSvc - ok
15:31:59.0195 3004 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:31:59.0195 3004 Appinfo - ok
15:31:59.0257 3004 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:31:59.0257 3004 AppMgmt - ok
15:31:59.0304 3004 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
15:31:59.0304 3004 arc - ok
15:31:59.0335 3004 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:31:59.0335 3004 arcsas - ok
15:31:59.0398 3004 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
15:31:59.0398 3004 aswFsBlk - ok
15:31:59.0429 3004 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:31:59.0429 3004 aswMonFlt - ok
15:31:59.0445 3004 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
15:31:59.0445 3004 aswRdr - ok
15:31:59.0476 3004 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:31:59.0491 3004 aswSnx - ok
15:31:59.0507 3004 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:31:59.0507 3004 aswSP - ok
15:31:59.0523 3004 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:31:59.0523 3004 aswTdi - ok
15:31:59.0585 3004 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:31:59.0585 3004 AsyncMac - ok
15:31:59.0616 3004 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:31:59.0616 3004 atapi - ok
15:31:59.0710 3004 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:31:59.0725 3004 AudioEndpointBuilder - ok
15:31:59.0741 3004 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:31:59.0757 3004 Audiosrv - ok
15:31:59.0897 3004 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:31:59.0897 3004 avast! Antivirus - ok
15:31:59.0944 3004 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:31:59.0959 3004 AxInstSV - ok
15:32:00.0037 3004 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
15:32:00.0037 3004 b06bdrv - ok
15:32:00.0084 3004 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:32:00.0084 3004 b57nd60x - ok
15:32:00.0147 3004 [ EB7C2DADF52F50F69F198C14C3556DC1 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:32:00.0178 3004 BCM43XX - ok
15:32:00.0209 3004 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:32:00.0209 3004 BDESVC - ok
15:32:00.0256 3004 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:32:00.0256 3004 Beep - ok
15:32:00.0334 3004 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:32:00.0334 3004 BFE - ok
15:32:00.0396 3004 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
15:32:00.0412 3004 BITS - ok
15:32:00.0427 3004 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:32:00.0427 3004 blbdrive - ok
15:32:00.0459 3004 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:32:00.0459 3004 bowser - ok
15:32:00.0459 3004 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:32:00.0459 3004 BrFiltLo - ok
15:32:00.0474 3004 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:32:00.0474 3004 BrFiltUp - ok
15:32:00.0521 3004 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:32:00.0521 3004 BridgeMP - ok
15:32:00.0568 3004 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:32:00.0568 3004 Browser - ok
15:32:00.0615 3004 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:32:00.0615 3004 Brserid - ok
15:32:00.0630 3004 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:32:00.0646 3004 BrSerWdm - ok
15:32:00.0646 3004 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:32:00.0646 3004 BrUsbMdm - ok
15:32:00.0661 3004 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:32:00.0661 3004 BrUsbSer - ok
15:32:00.0724 3004 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:32:00.0724 3004 BthEnum - ok
15:32:00.0724 3004 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:32:00.0739 3004 BTHMODEM - ok
15:32:00.0739 3004 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:32:00.0755 3004 BthPan - ok
15:32:00.0771 3004 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:32:00.0771 3004 BTHPORT - ok
15:32:00.0817 3004 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:32:00.0833 3004 bthserv - ok
15:32:00.0849 3004 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:32:00.0849 3004 BTHUSB - ok
15:32:01.0020 3004 catchme - ok
15:32:01.0083 3004 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:32:01.0083 3004 cdfs - ok
15:32:01.0145 3004 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:32:01.0145 3004 cdrom - ok
15:32:01.0223 3004 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:32:01.0223 3004 CertPropSvc - ok
15:32:01.0270 3004 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
15:32:01.0270 3004 circlass - ok
15:32:01.0317 3004 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:32:01.0317 3004 CLFS - ok
15:32:01.0441 3004 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:01.0457 3004 clr_optimization_v2.0.50727_32 - ok
15:32:01.0504 3004 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:32:01.0504 3004 CmBatt - ok
15:32:01.0519 3004 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:32:01.0519 3004 cmdide - ok
15:32:01.0551 3004 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:32:01.0566 3004 CNG - ok
15:32:01.0597 3004 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:32:01.0597 3004 Compbatt - ok
15:32:01.0629 3004 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:32:01.0644 3004 CompositeBus - ok
15:32:01.0675 3004 COMSysApp - ok
15:32:01.0707 3004 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:32:01.0707 3004 crcdisk - ok
15:32:01.0769 3004 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:32:01.0769 3004 CryptSvc - ok
15:32:01.0831 3004 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:32:01.0831 3004 CSC - ok
15:32:01.0863 3004 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:32:01.0863 3004 CscService - ok
15:32:01.0925 3004 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:32:01.0941 3004 DcomLaunch - ok
15:32:02.0003 3004 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:32:02.0003 3004 defragsvc - ok
15:32:02.0050 3004 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:32:02.0065 3004 DfsC - ok
15:32:02.0128 3004 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:32:02.0128 3004 Dhcp - ok
15:32:02.0143 3004 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:32:02.0143 3004 discache - ok
15:32:02.0206 3004 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
15:32:02.0206 3004 Disk - ok
15:32:02.0221 3004 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:32:02.0221 3004 dmvsc - ok
15:32:02.0268 3004 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:32:02.0268 3004 Dnscache - ok
15:32:02.0284 3004 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:32:02.0284 3004 dot3svc - ok
15:32:02.0315 3004 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:32:02.0315 3004 DPS - ok
15:32:02.0362 3004 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:32:02.0362 3004 drmkaud - ok
15:32:02.0440 3004 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:32:02.0440 3004 DXGKrnl - ok
15:32:02.0487 3004 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:32:02.0487 3004 EapHost - ok
15:32:02.0643 3004 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
15:32:02.0658 3004 ebdrv - ok
15:32:02.0721 3004 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:32:02.0721 3004 EFS - ok
15:32:02.0830 3004 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:32:02.0830 3004 ehRecvr - ok
15:32:02.0845 3004 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:32:02.0861 3004 ehSched - ok
15:32:02.0908 3004 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:32:02.0908 3004 elxstor - ok
15:32:02.0908 3004 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:32:02.0908 3004 ErrDev - ok
15:32:02.0970 3004 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:32:02.0970 3004 EventSystem - ok
15:32:03.0033 3004 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:32:03.0033 3004 exfat - ok
15:32:03.0048 3004 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:32:03.0064 3004 fastfat - ok
15:32:03.0142 3004 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:32:03.0157 3004 Fax - ok
15:32:03.0204 3004 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
15:32:03.0204 3004 fdc - ok
15:32:03.0220 3004 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:32:03.0235 3004 fdPHost - ok
15:32:03.0251 3004 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:32:03.0251 3004 FDResPub - ok
15:32:03.0267 3004 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:32:03.0267 3004 FileInfo - ok
15:32:03.0282 3004 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:32:03.0298 3004 Filetrace - ok
15:32:03.0407 3004 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:32:03.0407 3004 FLEXnet Licensing Service - ok
15:32:03.0423 3004 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:32:03.0423 3004 flpydisk - ok
15:32:03.0469 3004 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:32:03.0469 3004 FltMgr - ok
15:32:03.0516 3004 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
15:32:03.0532 3004 FontCache - ok
15:32:03.0625 3004 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:03.0625 3004 FontCache3.0.0.0 - ok
15:32:03.0688 3004 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:32:03.0688 3004 FsDepends - ok
15:32:03.0719 3004 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:32:03.0719 3004 Fs_Rec - ok
15:32:03.0766 3004 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
15:32:03.0766 3004 FTDIBUS - ok
15:32:03.0781 3004 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
15:32:03.0781 3004 FTSER2K - ok
15:32:03.0813 3004 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:32:03.0813 3004 fvevol - ok
15:32:03.0875 3004 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:32:03.0875 3004 gagp30kx - ok
15:32:03.0937 3004 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:32:03.0953 3004 gpsvc - ok
15:32:03.0953 3004 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:32:03.0969 3004 hcw85cir - ok
15:32:04.0031 3004 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:32:04.0031 3004 HdAudAddService - ok
15:32:04.0093 3004 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:32:04.0093 3004 HDAudBus - ok
15:32:04.0093 3004 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:32:04.0093 3004 HidBatt - ok
15:32:04.0125 3004 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:32:04.0125 3004 HidBth - ok
15:32:04.0171 3004 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:32:04.0171 3004 HidIr - ok
15:32:04.0203 3004 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
15:32:04.0218 3004 hidserv - ok
15:32:04.0281 3004 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:32:04.0281 3004 HidUsb - ok
15:32:04.0343 3004 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:32:04.0343 3004 hkmsvc - ok
15:32:04.0374 3004 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:32:04.0374 3004 HomeGroupListener - ok
15:32:04.0421 3004 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:32:04.0421 3004 HomeGroupProvider - ok
15:32:04.0468 3004 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:32:04.0483 3004 HpSAMD - ok
15:32:04.0515 3004 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:32:04.0530 3004 HTTP - ok
15:32:04.0546 3004 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:32:04.0561 3004 hwpolicy - ok
15:32:04.0608 3004 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:32:04.0608 3004 i8042prt - ok
15:32:04.0655 3004 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:32:04.0655 3004 iaStorV - ok
15:32:04.0764 3004 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:04.0780 3004 idsvc - ok
15:32:04.0780 3004 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:32:04.0795 3004 iirsp - ok
15:32:04.0873 3004 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:32:04.0889 3004 IKEEXT - ok
15:32:04.0920 3004 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:32:04.0920 3004 intelide - ok
15:32:04.0998 3004 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:32:04.0998 3004 intelppm - ok
15:32:05.0014 3004 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:32:05.0014 3004 IPBusEnum - ok
15:32:05.0029 3004 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:32:05.0029 3004 IpFilterDriver - ok
15:32:05.0061 3004 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:32:05.0061 3004 iphlpsvc - ok
15:32:05.0092 3004 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:32:05.0092 3004 IPMIDRV - ok
15:32:05.0123 3004 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:32:05.0123 3004 IPNAT - ok
15:32:05.0185 3004 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:32:05.0185 3004 IRENUM - ok
15:32:05.0201 3004 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:32:05.0201 3004 isapnp - ok
15:32:05.0232 3004 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:32:05.0232 3004 iScsiPrt - ok
15:32:05.0295 3004 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:32:05.0295 3004 kbdclass - ok
15:32:05.0326 3004 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:32:05.0326 3004 kbdhid - ok
15:32:05.0357 3004 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:32:05.0373 3004 KeyIso - ok
15:32:05.0404 3004 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:32:05.0404 3004 KSecDD - ok
15:32:05.0419 3004 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:32:05.0419 3004 KSecPkg - ok
15:32:05.0466 3004 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:32:05.0482 3004 KtmRm - ok
15:32:05.0497 3004 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
15:32:05.0513 3004 LanmanServer - ok
15:32:05.0560 3004 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:32:05.0575 3004 LanmanWorkstation - ok
15:32:05.0653 3004 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:32:05.0653 3004 lltdio - ok
15:32:05.0669 3004 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:32:05.0685 3004 lltdsvc - ok
15:32:05.0716 3004 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:32:05.0716 3004 lmhosts - ok
15:32:05.0794 3004 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:32:05.0809 3004 LSI_FC - ok
15:32:05.0809 3004 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:32:05.0825 3004 LSI_SAS - ok
15:32:05.0825 3004 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:32:05.0825 3004 LSI_SAS2 - ok
15:32:05.0841 3004 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:32:05.0841 3004 LSI_SCSI - ok
15:32:05.0872 3004 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:32:05.0872 3004 luafv - ok
15:32:05.0903 3004 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:32:05.0919 3004 Mcx2Svc - ok
15:32:05.0919 3004 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
15:32:05.0919 3004 megasas - ok
15:32:05.0919 3004 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:32:05.0934 3004 MegaSR - ok
15:32:06.0012 3004 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:32:06.0012 3004 Microsoft Office Groove Audit Service - ok
15:32:06.0075 3004 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:32:06.0075 3004 MMCSS - ok
15:32:06.0121 3004 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:32:06.0137 3004 Modem - ok
15:32:06.0184 3004 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:32:06.0184 3004 monitor - ok
15:32:06.0246 3004 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:32:06.0246 3004 mouclass - ok
15:32:06.0293 3004 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:32:06.0293 3004 mouhid - ok
15:32:06.0309 3004 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:32:06.0324 3004 mountmgr - ok
15:32:06.0371 3004 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:32:06.0371 3004 MozillaMaintenance - ok
15:32:06.0418 3004 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:32:06.0418 3004 mpio - ok
15:32:06.0465 3004 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:32:06.0465 3004 mpsdrv - ok
15:32:06.0527 3004 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:32:06.0543 3004 MpsSvc - ok
15:32:06.0605 3004 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:32:06.0605 3004 MRxDAV - ok
15:32:06.0683 3004 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:32:06.0683 3004 mrxsmb - ok
15:32:06.0699 3004 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:32:06.0714 3004 mrxsmb10 - ok
15:32:06.0730 3004 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:32:06.0730 3004 mrxsmb20 - ok
15:32:06.0745 3004 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:32:06.0745 3004 msahci - ok
15:32:06.0745 3004 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:32:06.0745 3004 msdsm - ok
15:32:06.0761 3004 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:32:06.0777 3004 MSDTC - ok
15:32:06.0792 3004 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:32:06.0792 3004 Msfs - ok
15:32:06.0808 3004 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:32:06.0808 3004 mshidkmdf - ok
15:32:06.0808 3004 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:32:06.0808 3004 msisadrv - ok
15:32:06.0870 3004 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:32:06.0886 3004 MSiSCSI - ok
15:32:06.0886 3004 msiserver - ok
15:32:06.0948 3004 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:32:06.0964 3004 MSKSSRV - ok
15:32:06.0964 3004 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:32:06.0979 3004 MSPCLOCK - ok
15:32:06.0979 3004 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:32:06.0979 3004 MSPQM - ok
15:32:07.0011 3004 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:32:07.0011 3004 MsRPC - ok
15:32:07.0026 3004 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:32:07.0026 3004 mssmbios - ok
15:32:07.0057 3004 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:32:07.0057 3004 MSTEE - ok
15:32:07.0073 3004 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:32:07.0073 3004 MTConfig - ok
15:32:07.0104 3004 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:32:07.0104 3004 Mup - ok
15:32:07.0167 3004 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:32:07.0182 3004 napagent - ok
15:32:07.0260 3004 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:32:07.0260 3004 NativeWifiP - ok
15:32:07.0338 3004 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:32:07.0354 3004 NDIS - ok
15:32:07.0385 3004 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:32:07.0385 3004 NdisCap - ok
15:32:07.0432 3004 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:32:07.0432 3004 NdisTapi - ok
15:32:07.0494 3004 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:32:07.0494 3004 Ndisuio - ok
15:32:07.0510 3004 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:32:07.0510 3004 NdisWan - ok
15:32:07.0525 3004 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:32:07.0525 3004 NDProxy - ok
15:32:07.0572 3004 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:32:07.0572 3004 NetBIOS - ok
15:32:07.0588 3004 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:32:07.0588 3004 NetBT - ok
15:32:07.0603 3004 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:32:07.0603 3004 Netlogon - ok
15:32:07.0681 3004 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:32:07.0697 3004 Netman - ok
15:32:07.0713 3004 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:32:07.0728 3004 netprofm - ok
15:32:07.0775 3004 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:07.0775 3004 NetTcpPortSharing - ok
15:32:07.0947 3004 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
15:32:07.0978 3004 netw5v32 - ok
15:32:08.0025 3004 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:32:08.0025 3004 nfrd960 - ok
15:32:08.0056 3004 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:32:08.0056 3004 NlaSvc - ok
15:32:08.0071 3004 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\Windows\system32\drivers\npf.sys
15:32:08.0071 3004 NPF - ok
15:32:08.0118 3004 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:32:08.0118 3004 Npfs - ok
15:32:08.0134 3004 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:32:08.0134 3004 nsi - ok
15:32:08.0149 3004 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:32:08.0149 3004 nsiproxy - ok
15:32:08.0181 3004 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:32:08.0196 3004 Ntfs - ok
15:32:08.0212 3004 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:32:08.0212 3004 Null - ok
15:32:08.0243 3004 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:32:08.0243 3004 nvraid - ok
15:32:08.0259 3004 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:32:08.0259 3004 nvstor - ok
15:32:08.0274 3004 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:32:08.0274 3004 nv_agp - ok
15:32:08.0368 3004 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:32:08.0383 3004 odserv - ok
15:32:08.0415 3004 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:32:08.0415 3004 ohci1394 - ok
15:32:08.0461 3004 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:08.0461 3004 ose - ok
15:32:08.0508 3004 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:32:08.0524 3004 p2pimsvc - ok
15:32:08.0586 3004 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:32:08.0602 3004 p2psvc - ok
15:32:08.0602 3004 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
15:32:08.0602 3004 Parport - ok
15:32:08.0633 3004 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:32:08.0633 3004 partmgr - ok
15:32:08.0649 3004 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:32:08.0664 3004 Parvdm - ok
15:32:08.0695 3004 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:32:08.0695 3004 PcaSvc - ok
15:32:08.0742 3004 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:32:08.0742 3004 pci - ok
15:32:08.0742 3004 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:32:08.0742 3004 pciide - ok
15:32:08.0773 3004 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:32:08.0773 3004 pcmcia - ok
15:32:08.0789 3004 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:32:08.0789 3004 pcw - ok
15:32:08.0851 3004 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:32:08.0867 3004 PEAUTH - ok
15:32:08.0945 3004 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:32:08.0961 3004 PeerDistSvc - ok
15:32:09.0039 3004 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:32:09.0070 3004 pla - ok
15:32:09.0132 3004 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:32:09.0148 3004 PlugPlay - ok
15:32:09.0163 3004 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:32:09.0179 3004 PNRPAutoReg - ok
15:32:09.0195 3004 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:32:09.0210 3004 PNRPsvc - ok
15:32:09.0241 3004 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:32:09.0257 3004 PolicyAgent - ok
15:32:09.0304 3004 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:32:09.0319 3004 Power - ok
15:32:09.0397 3004 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:32:09.0397 3004 PptpMiniport - ok
15:32:09.0429 3004 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
15:32:09.0429 3004 Processor - ok
15:32:09.0460 3004 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
15:32:09.0475 3004 ProfSvc - ok
15:32:09.0491 3004 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:32:09.0507 3004 ProtectedStorage - ok
15:32:09.0553 3004 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:32:09.0553 3004 Psched - ok
15:32:09.0553 3004 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:32:09.0553 3004 PxHelp20 - ok
15:32:09.0631 3004 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:32:09.0631 3004 ql2300 - ok
15:32:09.0647 3004 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:32:09.0647 3004 ql40xx - ok
15:32:09.0694 3004 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:32:09.0709 3004 QWAVE - ok
15:32:09.0725 3004 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:32:09.0725 3004 QWAVEdrv - ok
15:32:09.0741 3004 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:32:09.0741 3004 RasAcd - ok
15:32:09.0772 3004 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:32:09.0787 3004 RasAgileVpn - ok
15:32:09.0803 3004 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:32:09.0803 3004 RasAuto - ok
15:32:09.0865 3004 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:32:09.0881 3004 Rasl2tp - ok
15:32:09.0897 3004 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:32:09.0912 3004 RasMan - ok
15:32:09.0928 3004 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:32:09.0928 3004 RasPppoe - ok
15:32:09.0943 3004 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:32:09.0943 3004 RasSstp - ok
15:32:09.0959 3004 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:32:09.0959 3004 rdbss - ok
15:32:09.0975 3004 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:32:09.0975 3004 rdpbus - ok
15:32:09.0990 3004 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:32:09.0990 3004 RDPCDD - ok
15:32:10.0037 3004 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:32:10.0037 3004 RDPDR - ok
15:32:10.0084 3004 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:32:10.0084 3004 RDPENCDD - ok
15:32:10.0099 3004 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:32:10.0115 3004 RDPREFMP - ok
15:32:10.0177 3004 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:32:10.0177 3004 RdpVideoMiniport - ok
15:32:10.0224 3004 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:32:10.0224 3004 RDPWD - ok
15:32:10.0287 3004 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:32:10.0287 3004 rdyboost - ok
15:32:10.0349 3004 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:32:10.0349 3004 RemoteAccess - ok
15:32:10.0411 3004 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:32:10.0427 3004 RemoteRegistry - ok
15:32:10.0505 3004 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:32:10.0505 3004 RFCOMM - ok
15:32:10.0567 3004 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:32:10.0567 3004 rpcapd - ok
15:32:10.0599 3004 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:32:10.0614 3004 RpcEptMapper - ok
15:32:10.0630 3004 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:32:10.0630 3004 RpcLocator - ok
15:32:10.0661 3004 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
15:32:10.0661 3004 RpcSs - ok
15:32:10.0739 3004 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:32:10.0739 3004 rspndr - ok
15:32:10.0786 3004 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:32:10.0786 3004 s3cap - ok
15:32:10.0848 3004 [ E7D22DF3D3DF3D6B16117225C7F46EFD ] SAiAdmin C:\Windows\System32\SAiAdmin.exe
15:32:10.0864 3004 SAiAdmin - ok
15:32:10.0989 3004 [ 3ED40039A91E5B1DD310AB3C922160D8 ] SAiDownloader C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
15:32:11.0004 3004 SAiDownloader - ok
15:32:11.0020 3004 [ 100AC9047AE9F4F4315B7A4AD2DCD71F ] SAiDownloaderVista C:\Windows\System32\SAiDownloaderVista.exe
15:32:11.0035 3004 SAiDownloaderVista - ok
15:32:11.0035 3004 [ 626FF246CAEB4761978FF3A0790B97B2 ] SAiLicSvr C:\Windows\System32\SAiLicSvr.exe
15:32:11.0035 3004 SAiLicSvr - ok
15:32:11.0067 3004 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:32:11.0067 3004 SamSs - ok
15:32:11.0129 3004 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:32:11.0129 3004 sbp2port - ok
15:32:11.0176 3004 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:32:11.0191 3004 SCardSvr - ok
15:32:11.0223 3004 [ 20B2751CD4C8F3FD989739CA661B9F30 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
15:32:11.0223 3004 SCDEmu - ok
15:32:11.0269 3004 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:32:11.0269 3004 scfilter - ok
15:32:11.0316 3004 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:32:11.0332 3004 Schedule - ok
15:32:11.0347 3004 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:32:11.0347 3004 SCPolicySvc - ok
15:32:11.0363 3004 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:32:11.0363 3004 SDRSVC - ok
15:32:11.0410 3004 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:32:11.0410 3004 secdrv - ok
15:32:11.0425 3004 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:32:11.0441 3004 seclogon - ok
15:32:11.0457 3004 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
15:32:11.0457 3004 SENS - ok
15:32:11.0488 3004 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:32:11.0503 3004 SensrSvc - ok
15:32:11.0566 3004 [ A2CC81C30BEF6AC9F27055490EEF6DE3 ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
15:32:11.0566 3004 Sentinel - ok
15:32:11.0675 3004 [ 16964C25BFF56710BABBEBFDBA362B6C ] SentinelKeysServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
15:32:11.0691 3004 SentinelKeysServer - ok
15:32:11.0753 3004 [ 7190FB9C0D4BE26A0D353B49D016C1C9 ] SentinelProtectionServer C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
15:32:11.0769 3004 SentinelProtectionServer - ok
15:32:11.0815 3004 [ 2C0836EA58DB084E338503E555ABAEFF ] SentinelSecurityRuntime C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
15:32:11.0815 3004 SentinelSecurityRuntime - ok
15:32:11.0893 3004 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:32:11.0893 3004 Serenum - ok
15:32:11.0909 3004 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:32:11.0909 3004 Serial - ok
15:32:11.0940 3004 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:32:11.0940 3004 sermouse - ok
15:32:12.0003 3004 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:32:12.0018 3004 SessionEnv - ok
15:32:12.0049 3004 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:32:12.0049 3004 sffdisk - ok
15:32:12.0049 3004 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:32:12.0049 3004 sffp_mmc - ok
15:32:12.0065 3004 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:32:12.0065 3004 sffp_sd - ok
15:32:12.0065 3004 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:32:12.0065 3004 sfloppy - ok
15:32:12.0112 3004 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:32:12.0127 3004 SharedAccess - ok
15:32:12.0143 3004 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:32:12.0159 3004 ShellHWDetection - ok
15:32:12.0159 3004 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:32:12.0159 3004 sisagp - ok
15:32:12.0190 3004 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:32:12.0190 3004 SiSRaid2 - ok
15:32:12.0205 3004 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:32:12.0205 3004 SiSRaid4 - ok
15:32:12.0237 3004 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:32:12.0237 3004 Smb - ok
15:32:12.0299 3004 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:32:12.0315 3004 SNMPTRAP - ok
15:32:12.0346 3004 [ 928310CFD08FA17F6AD8D63E53B395AD ] SNTNLUSB C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
15:32:12.0346 3004 SNTNLUSB - ok
15:32:12.0393 3004 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:32:12.0408 3004 spldr - ok
15:32:12.0439 3004 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
15:32:12.0455 3004 Spooler - ok
15:32:12.0564 3004 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:32:12.0580 3004 sppsvc - ok
15:32:12.0595 3004 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:32:12.0611 3004 sppuinotify - ok
15:32:12.0642 3004 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:32:12.0642 3004 srv - ok
15:32:12.0673 3004 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:32:12.0689 3004 srv2 - ok
15:32:12.0767 3004 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:32:12.0767 3004 SrvHsfHDA - ok
15:32:12.0814 3004 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:32:12.0829 3004 SrvHsfV92 - ok
15:32:12.0845 3004 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:32:12.0861 3004 SrvHsfWinac - ok
15:32:12.0892 3004 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:32:12.0892 3004 srvnet - ok
15:32:12.0954 3004 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:32:12.0970 3004 SSDPSRV - ok
15:32:12.0985 3004 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:32:12.0985 3004 SstpSvc - ok
15:32:13.0017 3004 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:32:13.0017 3004 stexstor - ok
15:32:13.0095 3004 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:32:13.0110 3004 StiSvc - ok
15:32:13.0141 3004 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:32:13.0141 3004 storflt - ok
15:32:13.0173 3004 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:32:13.0173 3004 storvsc - ok
15:32:13.0188 3004 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:32:13.0188 3004 swenum - ok
15:32:13.0313 3004 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:32:13.0329 3004 SwitchBoard - ok
15:32:13.0375 3004 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:32:13.0391 3004 swprv - ok
15:32:13.0391 3004 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:32:13.0407 3004 Synth3dVsc - ok
15:32:13.0469 3004 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:32:13.0500 3004 SysMain - ok
15:32:13.0516 3004 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:32:13.0516 3004 TabletInputService - ok
15:32:13.0531 3004 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:32:13.0547 3004 TapiSrv - ok
15:32:13.0563 3004 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:32:13.0563 3004 TBS - ok
15:32:13.0609 3004 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:32:13.0625 3004 Tcpip - ok
15:32:13.0703 3004 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:32:13.0719 3004 TCPIP6 - ok
15:32:13.0765 3004 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:32:13.0765 3004 tcpipreg - ok
15:32:13.0797 3004 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:32:13.0797 3004 TDPIPE - ok
15:32:13.0828 3004 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:32:13.0828 3004 TDTCP - ok
15:32:13.0859 3004 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:32:13.0859 3004 tdx - ok
15:32:13.0875 3004 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:32:13.0875 3004 TermDD - ok
15:32:13.0921 3004 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:32:13.0921 3004 terminpt - ok
15:32:13.0984 3004 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:32:14.0015 3004 TermService - ok
15:32:14.0015 3004 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:32:14.0015 3004 Themes - ok
15:32:14.0031 3004 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:32:14.0031 3004 THREADORDER - ok
15:32:14.0062 3004 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:32:14.0062 3004 TrkWks - ok
15:32:14.0155 3004 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:32:14.0155 3004 TrustedInstaller - ok
15:32:14.0187 3004 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:32:14.0187 3004 tssecsrv - ok
15:32:14.0233 3004 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:32:14.0233 3004 TsUsbFlt - ok
15:32:14.0265 3004 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:32:14.0265 3004 TsUsbGD - ok
15:32:14.0280 3004 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:32:14.0280 3004 tsusbhub - ok
15:32:14.0327 3004 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:32:14.0343 3004 tunnel - ok
15:32:14.0343 3004 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:32:14.0358 3004 uagp35 - ok
15:32:14.0389 3004 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:32:14.0389 3004 udfs - ok
15:32:14.0436 3004 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:32:14.0452 3004 UI0Detect - ok
15:32:14.0467 3004 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:32:14.0467 3004 uliagpkx - ok
15:32:14.0499 3004 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:32:14.0499 3004 umbus - ok
15:32:14.0545 3004 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
15:32:14.0545 3004 UmPass - ok
15:32:14.0592 3004 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:32:14.0608 3004 UmRdpService - ok
15:32:14.0639 3004 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:32:14.0639 3004 upnphost - ok
15:32:14.0655 3004 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
15:32:14.0655 3004 usbccgp - ok
15:32:14.0655 3004 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:32:14.0670 3004 usbcir - ok
15:32:14.0717 3004 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:32:14.0717 3004 usbehci - ok
15:32:14.0779 3004 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:32:14.0779 3004 usbhub - ok
15:32:14.0811 3004 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:32:14.0811 3004 usbohci - ok
15:32:14.0826 3004 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:32:14.0826 3004 usbprint - ok
15:32:14.0842 3004 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:32:14.0842 3004 USBSTOR - ok
15:32:14.0873 3004 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:32:14.0873 3004 usbuhci - ok
15:32:14.0920 3004 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:32:14.0935 3004 UxSms - ok
15:32:14.0967 3004 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:32:14.0967 3004 VaultSvc - ok
15:32:15.0029 3004 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:32:15.0029 3004 vdrvroot - ok
15:32:15.0060 3004 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:32:15.0060 3004 vds - ok
15:32:15.0091 3004 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:32:15.0091 3004 vga - ok
15:32:15.0091 3004 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:32:15.0091 3004 VgaSave - ok
15:32:15.0107 3004 VGPU - ok
15:32:15.0107 3004 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:32:15.0107 3004 vhdmp - ok
15:32:15.0138 3004 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:32:15.0154 3004 viaagp - ok
15:32:15.0169 3004 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:32:15.0169 3004 ViaC7 - ok
15:32:15.0169 3004 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:32:15.0169 3004 viaide - ok
15:32:15.0185 3004 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:32:15.0185 3004 vmbus - ok
15:32:15.0185 3004 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:32:15.0185 3004 VMBusHID - ok
15:32:15.0216 3004 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:32:15.0216 3004 volmgr - ok
15:32:15.0247 3004 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:32:15.0247 3004 volmgrx - ok
15:32:15.0279 3004 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:32:15.0294 3004 volsnap - ok
15:32:15.0310 3004 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:32:15.0310 3004 vsmraid - ok
15:32:15.0388 3004 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:32:15.0419 3004 VSS - ok
15:32:15.0435 3004 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:32:15.0435 3004 vwifibus - ok
15:32:15.0450 3004 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:32:15.0466 3004 W32Time - ok
15:32:15.0497 3004 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:32:15.0497 3004 WacomPen - ok
15:32:15.0544 3004 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:32:15.0544 3004 WANARP - ok
15:32:15.0559 3004 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:32:15.0559 3004 Wanarpv6 - ok
15:32:15.0653 3004 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:32:15.0684 3004 WatAdminSvc - ok
15:32:15.0715 3004 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:32:15.0731 3004 wbengine - ok
15:32:15.0747 3004 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:32:15.0747 3004 WbioSrvc - ok
15:32:15.0793 3004 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:32:15.0793 3004 wcncsvc - ok
15:32:15.0809 3004 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:32:15.0809 3004 WcsPlugInService - ok
15:32:15.0809 3004 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
15:32:15.0825 3004 Wd - ok
15:32:15.0856 3004 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:32:15.0871 3004 Wdf01000 - ok
15:32:15.0887 3004 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:32:15.0903 3004 WdiServiceHost - ok
15:32:15.0903 3004 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:32:15.0918 3004 WdiSystemHost - ok
15:32:15.0934 3004 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:32:15.0934 3004 WebClient - ok
15:32:15.0949 3004 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:32:15.0965 3004 Wecsvc - ok
15:32:15.0965 3004 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:32:15.0981 3004 wercplsupport - ok
15:32:16.0043 3004 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:32:16.0059 3004 WerSvc - ok
15:32:16.0105 3004 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:32:16.0105 3004 WfpLwf - ok
15:32:16.0137 3004 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:32:16.0137 3004 WIMMount - ok
15:32:16.0246 3004 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:32:16.0261 3004 WinDefend - ok
15:32:16.0277 3004 WinHttpAutoProxySvc - ok
15:32:16.0371 3004 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:32:16.0386 3004 Winmgmt - ok
15:32:16.0449 3004 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:32:16.0480 3004 WinRM - ok
15:32:16.0558 3004 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
15:32:16.0558 3004 WinUsb - ok
15:32:16.0636 3004 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:32:16.0651 3004 Wlansvc - ok
15:32:16.0714 3004 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:32:16.0714 3004 WmiAcpi - ok
15:32:16.0745 3004 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:32:16.0745 3004 wmiApSrv - ok
15:32:16.0854 3004 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:32:16.0870 3004 WMPNetworkSvc - ok
15:32:16.0901 3004 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:32:16.0901 3004 WPCSvc - ok
15:32:16.0917 3004 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:32:16.0932 3004 WPDBusEnum - ok
15:32:16.0932 3004 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:32:16.0932 3004 ws2ifsl - ok
15:32:16.0948 3004 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
15:32:16.0963 3004 wscsvc - ok
15:32:16.0963 3004 WSearch - ok
15:32:17.0041 3004 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:32:17.0073 3004 wuauserv - ok
15:32:17.0088 3004 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:32:17.0088 3004 WudfPf - ok
15:32:17.0104 3004 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:32:17.0104 3004 WUDFRd - ok
15:32:17.0151 3004 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:32:17.0166 3004 wudfsvc - ok
15:32:17.0197 3004 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:32:17.0197 3004 WwanSvc - ok
15:32:17.0244 3004 ================ Scan global ===============================
15:32:17.0291 3004 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:32:17.0338 3004 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:32:17.0369 3004 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:32:17.0400 3004 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:32:17.0447 3004 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:32:17.0463 3004 [Global] - ok
15:32:17.0463 3004 ================ Scan MBR ==================================
15:32:17.0494 3004 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:32:17.0837 3004 \Device\Harddisk0\DR0 - ok
15:32:17.0853 3004 ================ Scan VBR ==================================
15:32:17.0853 3004 [ C2DD7235CA09BFBE7B09B1265E866BDC ] \Device\Harddisk0\DR0\Partition1
15:32:17.0853 3004 \Device\Harddisk0\DR0\Partition1 - ok
15:32:17.0868 3004 [ F390C335C8B1F599A2CA5CDD4AF70FA0 ] \Device\Harddisk0\DR0\Partition2
15:32:17.0868 3004 \Device\Harddisk0\DR0\Partition2 - ok
15:32:17.0868 3004 ============================================================
15:32:17.0868 3004 Scan finished
15:32:17.0868 3004 ============================================================
15:32:17.0868 1872 Detected object count: 0
15:32:17.0868 1872 Actual detected object count: 0
15:33:29.0613 3736 Deinitialize success

Edited by Jayli, 07 November 2012 - 02:36 PM.

#122
RKinner

Posted 07 November 2012 - 06:45 PM

Malware Expert

Expert
24,625 posts

These two:

S2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [x]

Are from a software protection scheme where you have to have a dongle attached to a USB or serial/parallel port in order to use the software. Do you still use this?

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#123
Jayli

Posted 07 November 2012 - 07:09 PM

Member

Topic Starter
Member
98 posts

Yes, the Sentinel items are from my Vinyl cutter. I still use that software. Thanks.
Vew logs:
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 8:06:32 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/11/2012 10:18:50 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 07/11/2012 9:01:49 PM
Type: Error Category: 0
Event: 59 Source: SideBySide
Activation context generation failed for "c:\program files\signwarehouse\vinyl express lxi\Program\HSPrinterUI.dll".Error in manifest or policy file "c:\program files\signwarehouse\vinyl express lxi\Program\HSPrinterUI.dll" on line 1. Invalid Xml syntax.

Log: 'Application' Date/Time: 07/11/2012 7:05:01 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {bb3e64aa-c17a-4354-a93c-bd7814566d17}

Log: 'Application' Date/Time: 07/11/2012 7:04:27 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 07/11/2012 6:08:11 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: MpCmdRun.exe, version: 4.1.522.0, time stamp: 0x5051250b Faulting module name: mpclient.dll, version: 4.1.522.0, time stamp: 0x50512508 Exception code: 0xc0000005 Fault offset: 0x0003c190 Faulting process id: 0xed4 Faulting application start time: 0x01cdbd12d8ea987f Faulting application path: c:\Program Files\Microsoft Security Client\MpCmdRun.exe Faulting module path: c:\Program Files\Microsoft Security Client\mpclient.dll Report Id: 16a30a40-2906-11e2-98b8-001a6bf9aff0

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index data on disk is for the wrong version. (HRESULT : 0xc0041821) (0xc0041821)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 1
Event: 9002 Source: Microsoft-Windows-Search
The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 454 Source: ESENT
Windows (2980) Windows: Database recovery/restore failed with unexpected error -543.

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 3
Event: 452 Source: ESENT
Windows (2980) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb requires logfiles 9-10 in order to recover successfully. Recovery could only locate logfiles starting at 10.

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 1
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Log: 'Application' Date/Time: 07/11/2012 6:06:55 PM
Type: Error Category: 1
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Log: 'Application' Date/Time: 07/11/2012 6:06:25 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: SearchIndexer.exe, version: 7.0.7600.16385, time stamp: 0x4a5bcdd0 Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722 Exception code: 0xc0000005 Fault offset: 0x00009b60 Faulting process id: 0xd1c Faulting application start time: 0x01cdbd1189b2d4cf Faulting application path: C:\Windows\system32\SearchIndexer.exe Faulting module path: C:\Windows\system32\msvcrt.dll Report Id: d779269b-2905-11e2-98b8-001a6bf9aff0

Log: 'Application' Date/Time: 07/11/2012 6:02:26 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft Office Enterprise 2007 -- Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/11/2012 11:06:16 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 11:06:16 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 11:06:16 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 11:06:16 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 8:04:07 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 8:04:07 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 8:04:07 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 8:04:07 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 7:04:01 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <C:\ProgramData\Microsoft\Windows\Start Menu\> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (HRESULT : 0x80040d0d) (0x80040d0d)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:56 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:55 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:55 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3719756025-897928378-3360252852-500}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:08:44 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.

Log: 'Application' Date/Time: 07/11/2012 6:02:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

Log: 'Application' Date/Time: 07/11/2012 6:02:36 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-3719756025-897928378-3360252852-1001}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)

``````````````````````````````````````````````````````

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 8:05:17 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 7:02:36 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 5:56:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 5:07:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 5:26:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 3:37:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 1:21:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 7:23:22 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 06/11/2012 6:12:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 11:55:39 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 07/11/2012 11:55:39 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The SSDP Discovery service hung on starting.

Log: 'System' Date/Time: 07/11/2012 11:54:08 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 07/11/2012 11:54:08 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The SSDP Discovery service hung on starting.

Log: 'System' Date/Time: 07/11/2012 11:52:38 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 07/11/2012 11:21:46 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Malicious Software Removal Tool - October 2012 (KB890830).

Log: 'System' Date/Time: 07/11/2012 10:23:03 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 07/11/2012 10:23:03 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The SSDP Discovery service hung on starting.

Log: 'System' Date/Time: 07/11/2012 10:21:32 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 07/11/2012 10:21:32 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The SSDP Discovery service hung on starting.

Log: 'System' Date/Time: 07/11/2012 10:21:32 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Log: 'System' Date/Time: 07/11/2012 10:20:00 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state.

Log: 'System' Date/Time: 07/11/2012 10:20:00 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Function Discovery Resource Publication service hung on starting.

Log: 'System' Date/Time: 07/11/2012 10:20:00 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 07/11/2012 10:18:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 07/11/2012 10:18:16 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 07/11/2012 10:18:16 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 07/11/2012 8:22:40 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 07/11/2012 8:19:10 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 07/11/2012 8:16:05 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 10:17:04 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 10:17:03 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 10:16:29 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 7:02:44 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 7:02:40 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 6:11:33 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 5:56:38 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 5:56:34 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 5:27:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 5:07:54 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 5:07:51 PM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 7:07:14 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 5:26:42 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 5:26:39 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 4:58:54 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 4:00:31 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 4:00:30 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 07/11/2012 3:50:46 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 07/11/2012 3:47:52 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 07/11/2012 3:47:52 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Thanks.

#124
RKinner

Posted 07 November 2012 - 07:34 PM

Malware Expert

Expert
24,625 posts

Appears Windows Search has turned itself back on. Can you turn it off again?

While in Services see if SSDP Discovery service is started. If not try to start it. Does it give you an error?

Run the Fixit on http://support.micro...b;en-US;2545227

Do the following:
Go to "Control Panel."
Go to "Clock, Language, and Region."
Click on "Region and Language."
Go to the tab "Administrative" tab.
Click on "Change System Locale" and set the "Current system locale" to English (United States).

Also make sure you clear all System and Application events before you reboot and run VEW. Appears to be a lot of older events.

#125
Jayli

Posted 07 November 2012 - 08:01 PM

Member

Topic Starter
Member
98 posts

Thanks Ron.

Disabled & Stopped Windows search.

SSDP Discovery was already started.

Ran MS Fixit. No problems.

Went to Change System Locale. Was already English (US).

Cleared Logs.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 8:57:15 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 9:00:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Done. Thanks.

#126
RKinner

Posted 07 November 2012 - 09:59 PM

Malware Expert

Expert
24,625 posts

That looks a lot better. You did reboot after clearing the alarms didn't you?

#127
Jayli

Posted 07 November 2012 - 10:11 PM

Member

Topic Starter
Member
98 posts

Ooops. Rebooted. Here are the new logs. Thanks. FYI. I also have a bunch of pending Windows Updates.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 11:08:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 11:09:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/11/2012 4:07:33 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

Log: 'System' Date/Time: 08/11/2012 4:07:31 AM
Type: Warning Category: 0
Event: 4 Source: b57nd60x
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 08/11/2012 4:06:59 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Edited by Jayli, 07 November 2012 - 10:12 PM.

#128
RKinner

Posted 08 November 2012 - 01:04 AM

Malware Expert

Expert
24,625 posts

Thought that looked too good to be true.

The driver \Driver\WUDFRd failed to load for the device USB\VID_0B97&PID_7772\6&1b8ab83c&0&2.

This is the only error now so things are looking up. I think it refers to O2Micro OZ776 USB CCID Smartcard Reader so visit the PC maker's website and see if there is a driver for it unless this is one you plug in and then you need to look on it and get the name and part number and visit the maker's website.

#129
Jayli

Posted 08 November 2012 - 01:56 AM

Member

Topic Starter
Member
98 posts

Thanks Ron. I checked device mgr for the smartcard reader and it says it's working and drivers are up to date. I've seen mention of this smartcard reader in my taskbar under the "safely remove hardware and Eject media" option.

The problem I am having is after startup. When I click on the desktop an error pops up. " Setup Error. The setup controller has encountered a problem during install. Please review the log files for further information on the error." When I hit OK, Windows Installer starts, Microsoft Office Enterprise 2007. Then an error states " The feature you are trying to use is on a network resource that is unavailable." Click OK to try again, or enter an alternate path to a folder containing the installation package 'EnterpriseWW.msi' in the box below." Use source: C:\MSOCache\All Users\{90120000-0030-0000....etc..can't see the rest of the file.

Then I just hit cancel and a box pops up. Error 1706.Setup cannot find the required files. Check your connection to the network, or CD-Rom drive. For other potential solutions to this problem, see SETUP.CHM. Then I hit OK, and the install cancels.

#130
RKinner

Posted 08 November 2012 - 02:57 AM

Malware Expert

Expert
24,625 posts

Do you have the install disk for Microsoft Office Enterprise 2007? If you uninstall it and reinstall it that might fix the problem.

#131
Jayli

Posted 08 November 2012 - 10:28 AM

Member

Topic Starter
Member
98 posts

Good Morning. No, I don't have the MS Office disk. I currently have 68 optional MS Updates pending. Perhaps I should just try to update??? I'll continue searching for the fix. Is there something else I need to do? Clean up? Thanks.

#132
RKinner

Posted 08 November 2012 - 11:08 AM

Malware Expert

Expert
24,625 posts

Go ahead and do the updates. You don't need the search update or windows live. I would not use Windows updates for hardware (unless they have one for your card reader). Your PC maker's website is usually preferred.

You can try the troubleshooter on http://support.micro....com/kb/2438651 but I doubt that it will help.

Does the file: C:\MSOCache\All Users\{90120000-0030-0000....etc exist?

I still want to see a custom OTL scan before we clean up.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#133
Jayli

Posted 08 November 2012 - 01:40 PM

Member

Topic Starter
Member
98 posts

Updates completed.

Troubleshooter didn't help.

Yes, I have the MSOCache\All Users\ folder, but no subfolders like enterpriseww.msi and setup.exe , 11 folders in all. Should I download these folders? OR revert MS Office back to a Previous Version? Thanks.

OTL

OTL Extras logfile created on: 08/11/2012 2:17:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayLi\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.50% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 45.96 Gb Free Space | 61.75% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B93E784D-2F82-4350-9B81-4904E8B8DDFC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{101C45EB-3F3D-42CA-9C8A-8AB577007291}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{11A8B621-C962-4F0A-B7CF-201B974CADA1}" = protocol=17 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{37BE9B1A-B092-477A-A959-291C4CD50FD6}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{492BD072-828F-45B4-9425-7F6A59B2360D}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\tftp_client.exe |
"{506865DC-2E44-4CBD-9CC1-3B1222345D78}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6C45A910-FCCD-41F3-A225-72750DAC2EC2}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{8EFDCD72-5A1F-43C1-80C0-2414995A3A19}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{92EBDBA8-67AC-4471-904E-E6FA9BCF57D0}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{A1EEE2E4-2F4D-4327-B2DA-69AEA96CF723}" = protocol=6 | dir=in | app=c:\windows\system32\sailicsvr.exe |
"{AA9BC18F-505D-4978-AFE6-E148057295DE}" = protocol=17 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{BBA0538F-B703-406A-8B6C-483F6974FBFC}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app.exe |
"{BFD0D470-C0A4-45CF-9236-F13AAA135BAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D50B6F32-0FD7-49C8-B93F-EEE6F7E3644D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA2A8A0E-820C-4072-8384-3C7C3E970F57}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{EE374E42-04D3-40AC-87FF-39DBB8A2F661}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{FAC4EC53-8D2F-4302-837D-0CFADB7F6C3C}" = protocol=6 | dir=in | app=c:\program files\signwarehouse\vinyl express lxi\program\app2.exe |
"{FB7C930F-540C-4765-AD82-57D2B9A4AF92}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F31532A-16F1-4812-8B7B-D321A4CE91A6}" = Sony Vegas Pro 8.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2C0E2B08-0991-43DF-9515-77FA4C5A9DD2}" = Adobe Setup
"{2E8E2726-F641-4636-BB86-A9D4459BA27F}" = Vinyl Express LXi
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC14A37-586A-4AB3-A458-874AAE29337C}" = Adobe Setup
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}" = Sentinel System Driver Installer 7.5.7
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7E3FF32-7E00-4703-9C34-5777C08A56AA}" = Toon Boom Studio 4.5
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE09967A-E9E2-4562-A58D-989CA70FA65E}" = Sentinel Protection Installer 7.6.5
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_0b36ff97a89684768f1da4defc9f237" = Adobe Encore CS4 Codecs
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft ShellExView" = NirSoft ShellExView
"PC-Doctor for Windows" = Dell Support Center
"PoiZone" = PoiZone
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WM Recorder 14" = WM Recorder 14
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate 6

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/11/2012 2:51:03 AM | Computer Name = LisetteMiller | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\signwarehouse\vinyl
express lxi\Program\HSPrinterUI.dll".Error in manifest or policy file "c:\program
files\signwarehouse\vinyl express lxi\Program\HSPrinterUI.dll" on line 1. Invalid
Xml syntax.

Error - 08/11/2012 3:45:43 AM | Computer Name = LisetteMiller | Source = MsiInstaller | ID = 11706
Description =

Error - 08/11/2012 2:35:44 PM | Computer Name = LisetteMiller | Source = MsiInstaller | ID = 11706
Description =

Error - 08/11/2012 2:55:50 PM | Computer Name = LisetteMiller | Source = MsiInstaller | ID = 11706
Description =

Error - 08/11/2012 3:09:13 PM | Computer Name = LisetteMiller | Source = MsiInstaller | ID = 11706
Description =

Error - 08/11/2012 3:09:57 PM | Computer Name = LisetteMiller | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 08/11/2012 2:09:47 PM | Computer Name = LisetteMiller | Source = SCardSvr | ID = 610
Description =

Error - 08/11/2012 2:10:26 PM | Computer Name = LisetteMiller | Source = SCardSvr | ID = 610
Description =

[ Windows PowerShell Events ]
Error - 21/09/2012 5:10:41 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =

Error - 21/09/2012 8:10:15 PM | Computer Name = LisetteMiller | Source = PowerShell | ID = 103
Description =

< End of report >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

OTL logfile created on: 08/11/2012 2:17:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JayLi\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.50% Memory free
4.00 Gb Paging File | 3.17 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 45.96 Gb Free Space | 61.75% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: JayLi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 07:40:34 | 000,417,792 | ---- | M] (SA International) -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe
PRC - [2011/10/12 07:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 07:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 16:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/26 22:41:07 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/08/16 19:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2012/11/03 01:06:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 22:41:07 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/30 19:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 07:40:34 | 000,417,792 | ---- | M] (SA International) [Auto | Running] -- C:\Program Files\SignWarehouse\Vinyl Express LXi\Program\SAiDownloaderVistaUI.exe -- (SAiDownloader)
SRV - [2011/10/12 07:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 07:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/09/22 06:06:06 | 001,259,040 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2011/09/22 00:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2011/09/22 00:00:00 | 000,292,384 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/19 14:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JayLi\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/23 09:46:55 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/27 06:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 08:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 08:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 16:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010/11/20 16:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/09/17 06:05:02 | 000,092,712 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [2009/09/09 17:19:16 | 000,069,664 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 58 6E 20 2D A5 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/06 13:29:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 23:36:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/11/06 13:29:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/07 16:59:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/01 19:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Extensions
[2012/11/07 13:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JayLi\AppData\Roaming\Mozilla\Firefox\Profiles\b9gr7xr1.default\extensions
[2012/11/02 23:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/26 22:41:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

O1 HOSTS File: ([2012/11/07 14:12:37 | 000,000,698 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOption = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Ad-Aware Antivirus - hkey= - key= - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/08 13:46:14 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.21275827186257757.3.1.Run.exe
[2012/11/08 13:01:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/08 13:01:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\terminpt.sys
[2012/11/08 13:01:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2012/11/08 13:01:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/08 13:01:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2012/11/08 13:01:33 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2012/11/08 13:01:33 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbGD.sys
[2012/11/08 13:01:28 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2012/11/08 13:01:28 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2012/11/08 13:01:28 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2012/11/08 13:01:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2012/11/08 13:01:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2012/11/08 13:01:28 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2012/11/08 13:01:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2012/11/08 13:01:28 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2012/11/08 13:01:27 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/11/08 13:01:27 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2012/11/08 12:27:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/11/08 12:27:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/11/08 12:26:59 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/08 12:26:54 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/11/08 12:26:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/11/08 12:26:34 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/11/08 12:26:34 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/11/08 12:26:33 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/11/08 12:26:33 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/11/08 12:26:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/11/08 12:26:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/11/08 12:26:22 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/11/08 12:26:21 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/11/08 12:26:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/08 12:26:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/11/08 12:26:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/08 12:26:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/08 12:26:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/11/08 12:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/11/08 12:26:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/08 12:26:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/11/08 12:26:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/11/08 12:26:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/08 12:26:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/11/08 12:26:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/08 12:26:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/11/08 12:26:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/11/08 12:26:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/11/08 12:25:55 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/11/08 12:25:43 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/11/08 12:25:41 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/11/08 12:25:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/08 12:25:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/11/08 12:25:34 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/11/08 12:25:33 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/11/08 12:25:29 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/11/08 12:25:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/11/08 12:25:21 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/11/08 12:25:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/11/08 12:24:53 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/11/08 12:24:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/11/08 12:19:57 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/11/07 15:30:26 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JayLi\Desktop\tdsskiller.exe
[2012/11/07 15:14:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/07 15:14:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/07 15:14:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/07 15:14:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/07 14:58:11 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\JayLi\Desktop\ComboFix.exe
[2012/11/07 14:50:39 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2012/11/07 14:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2012/11/07 14:10:58 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\HostsXpert
[2012/11/07 12:22:39 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\HostsXpert
[2012/11/07 12:15:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/06 12:45:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/03 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VRAiFiles
[2012/11/03 16:58:08 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\VinylR
[2012/11/03 16:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel
[2012/11/03 16:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2012/11/03 16:48:07 | 008,396,912 | ---- | C] (SafeNet, Inc. ) -- C:\Users\JayLi\Desktop\Sentinel Protection Installer 7.6.5.exe
[2012/11/03 16:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/11/03 16:27:28 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Documents\Downloaded Installations
[2012/11/03 15:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vinyl Express LXi
[2012/11/03 03:14:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/11/03 03:03:37 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2012/11/03 02:49:52 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2012/11/03 01:19:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 01:11:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/03 00:54:08 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/03 00:54:08 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/03 00:53:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/03 00:53:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/11/03 00:53:11 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/11/03 00:53:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/11/03 00:53:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/11/03 00:52:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/11/03 00:52:00 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/11/03 00:51:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/11/03 00:51:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/11/03 00:51:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/11/03 00:50:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/11/03 00:50:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/11/03 00:50:55 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/11/03 00:50:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/11/03 00:50:46 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/11/03 00:50:45 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/11/03 00:50:45 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/11/03 00:50:31 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/11/03 00:50:18 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/03 00:50:17 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/03 00:50:05 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/11/03 00:50:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/11/03 00:50:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/11/03 00:50:02 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/11/03 00:50:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/11/03 00:50:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/11/03 00:50:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/11/03 00:49:58 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/11/03 00:49:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/11/03 00:49:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/11/03 00:49:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/03 00:49:47 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/11/03 00:49:46 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/11/03 00:49:43 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/11/03 00:49:32 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/11/03 00:38:10 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/11/03 00:31:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/11/03 00:31:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/11/03 00:31:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/11/03 00:31:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/11/03 00:31:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/11/03 00:30:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/11/03 00:30:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/11/03 00:30:25 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\VirtualStore
[2012/11/02 23:19:49 | 000,000,000 | --SD | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Videos
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Saved Games
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Pictures
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Music
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Links
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Favorites
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Downloads
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Documents
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\Desktop
[2012/11/02 23:19:49 | 000,000,000 | R--D | C] -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Temporary Internet Files
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Templates
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Start Menu
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\SendTo
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Recent
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\PrintHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\NetHood
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Videos
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Pictures
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Documents\My Music
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\My Documents
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Local Settings
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\History
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Cookies
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -HSD | C] -- C:\Users\JayLi\AppData\Local\Application Data
[2012/11/02 23:19:49 | 000,000,000 | -H-D | C] -- C:\Users\JayLi\AppData
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Temp
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\Microsoft
[2012/11/02 23:19:49 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Media Center Programs
[2012/11/02 23:16:29 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/11/02 21:30:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/11/02 20:52:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/11/02 20:13:40 | 000,000,000 | ---D | C] -- C:\4d8af5a9e4fb7f239f652fdd2cee
[2012/11/02 20:06:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/11/02 20:01:36 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/11/02 17:13:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Malwarebytes
[2012/11/02 17:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/02 17:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/02 17:12:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/02 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/02 17:04:12 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/30 21:53:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/30 04:02:31 | 000,131,384 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/28 02:53:59 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/27 21:08:51 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/10/27 19:36:56 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 15:48:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/27 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\JayLi\SETAcl
[2012/10/27 02:49:12 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Roaming\Ad-Aware Antivirus
[2012/10/27 01:09:43 | 000,000,000 | ---D | C] -- C:\Users\JayLi\Desktop\backups
[2012/10/26 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/25 21:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/10/25 13:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/23 21:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
[2012/10/23 21:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinWatch
[2012/10/23 21:08:50 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:08:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/22 16:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/10/19 00:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/10/19 00:00:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/18 23:38:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/18 23:38:14 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/18 01:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/18 01:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/18 01:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/17 17:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/16 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\JayLi\AppData\Local\SlimWare Utilities Inc
[2012/10/16 00:11:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 00:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/14 05:23:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/14 02:58:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/10/14 02:37:09 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/14 02:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/10/14 02:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/14 02:30:09 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/13 15:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/10/13 01:56:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/10/12 02:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/12 02:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/12 00:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSoftware
[2012/10/11 22:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2012/11/08 13:46:17 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.21275827186257757.3.1.Run.exe
[2012/11/08 13:29:19 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/08 13:29:19 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/08 13:24:42 | 000,000,726 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/08 13:24:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/08 13:24:19 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/08 13:23:50 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/08 13:23:50 | 000,023,312 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/08 13:09:21 | 003,782,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/07 20:52:08 | 000,671,232 | ---- | M] () -- C:\Users\JayLi\Desktop\MicrosoftFixit50688.msi
[2012/11/07 15:30:30 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JayLi\Desktop\tdsskiller.exe
[2012/11/07 15:08:23 | 000,000,512 | ---- | M] () -- C:\Users\JayLi\Desktop\MBR.dat
[2012/11/07 14:58:18 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\JayLi\Desktop\ComboFix.exe
[2012/11/07 14:43:42 | 000,138,984 | ---- | M] () -- C:\Users\JayLi\Desktop\shexview_setup.exe
[2012/11/07 14:42:57 | 000,064,190 | ---- | M] () -- C:\Users\JayLi\Documents\shexview.zip
[2012/11/07 14:12:37 | 000,000,698 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/07 14:10:37 | 000,357,766 | ---- | M] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 14:06:03 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/07 12:15:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JayLi\Desktop\aswMBR.exe
[2012/11/07 12:14:01 | 000,080,384 | ---- | M] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 12:45:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JayLi\Desktop\OTL.exe
[2012/11/06 12:43:16 | 000,061,440 | ---- | M] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/05 01:56:33 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/11/04 21:25:17 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/04 21:25:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/03 19:49:37 | 000,000,000 | -H-- | M] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 16:05:08 | 000,002,229 | ---- | M] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/03 16:05:08 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/03 15:39:49 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/11/03 09:59:26 | 000,001,407 | ---- | M] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/03 01:19:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/11/03 01:19:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/11/03 01:19:06 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/11/03 01:19:06 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/11/03 01:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/11/03 01:19:06 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/03 01:19:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/11/03 01:19:06 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/11/03 01:19:05 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/11/03 01:19:05 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/03 01:19:05 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/11/03 01:19:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/11/03 01:19:05 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/11/03 01:19:05 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/11/03 01:19:05 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/03 01:19:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/11/03 01:19:05 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/03 01:19:05 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/11/03 01:19:05 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/11/03 01:19:05 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/11/03 01:19:05 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 01:19:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/11/03 01:19:05 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/11/03 01:19:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/11/03 01:19:04 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/03 01:19:04 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/03 01:19:04 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/03 01:19:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/11/03 01:19:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/11/03 01:19:04 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/11/03 01:19:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/11/03 01:19:04 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/03 01:19:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/11/03 01:19:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/11/03 01:19:04 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/11/03 01:19:04 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/11/03 01:19:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/11/03 00:30:25 | 000,001,382 | RHS- | M] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:23:19 | 000,116,385 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/11/03 00:12:17 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:18:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/11/02 21:56:22 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/11/02 17:13:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/02 17:04:20 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JayLi\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/02 15:21:59 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/30 19:39:25 | 000,444,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_512
[2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 17:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/30 07:12:32 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/30 04:13:15 | 000,131,384 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2012/10/30 04:02:29 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/10/27 19:37:05 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Users\JayLi\Desktop\mseinstall.exe
[2012/10/27 17:53:43 | 000,033,588 | ---- | M] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/10/23 21:24:43 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2012/10/23 21:24:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2012/10/17 18:11:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/17 18:08:08 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121030-203925.backup
[2012/10/17 12:39:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_793
[2012/10/17 02:51:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\edit
[2012/10/16 00:11:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/15 11:59:28 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/14 02:59:18 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat

========== Files Created - No Company Name ==========

[2012/11/07 20:52:04 | 000,671,232 | ---- | C] () -- C:\Users\JayLi\Desktop\MicrosoftFixit50688.msi
[2012/11/07 15:14:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/07 15:14:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/07 15:14:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/07 15:14:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/07 15:14:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/07 15:08:23 | 000,000,512 | ---- | C] () -- C:\Users\JayLi\Desktop\MBR.dat
[2012/11/07 14:43:41 | 000,138,984 | ---- | C] () -- C:\Users\JayLi\Desktop\shexview_setup.exe
[2012/11/07 14:42:55 | 000,064,190 | ---- | C] () -- C:\Users\JayLi\Documents\shexview.zip
[2012/11/07 14:10:34 | 000,357,766 | ---- | C] () -- C:\Users\JayLi\Documents\HostsXpert.zip
[2012/11/07 12:13:59 | 000,080,384 | ---- | C] () -- C:\Users\JayLi\Desktop\MBRCheck.exe
[2012/11/06 12:43:13 | 000,061,440 | ---- | C] ( ) -- C:\Users\JayLi\Desktop\VEW.exe
[2012/11/03 19:49:37 | 000,000,000 | -H-- | C] () -- C:\Users\JayLi\Documents\Default.rdp
[2012/11/03 16:03:35 | 000,002,229 | ---- | C] () -- C:\Users\Public\Desktop\VE LXi Expert 10.5.lnk
[2012/11/03 16:03:35 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\Production Manager 10.5.lnk
[2012/11/03 01:19:05 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/11/03 00:31:36 | 000,001,413 | ---- | C] () -- C:\Users\JayLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/11/03 00:30:24 | 000,001,382 | RHS- | C] () -- C:\Users\JayLi\ntuser.pol
[2012/11/03 00:24:42 | 1609,015,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/03 00:12:17 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2012/11/02 23:19:49 | 000,000,290 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/11/02 23:19:49 | 000,000,272 | ---- | C] () -- C:\Users\JayLi\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/11/02 23:19:24 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/02 23:19:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/02 23:18:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2012/11/02 17:13:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/10/30 07:45:15 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/10/27 19:37:57 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/10/27 17:53:36 | 000,033,588 | ---- | C] () -- C:\Users\JayLi\Documents\cc_20121027_185311_10262012.reg
[2012/10/25 21:49:19 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/10/17 17:02:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/17 02:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\edit
[2012/10/14 02:59:18 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/09/23 18:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/08 18:04:43 | 000,000,726 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 16:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 16:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 15:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat
[2010/11/20 16:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MHZ2080BH G2 ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 105906176
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/11/02 15:35:25 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Ad-Aware Antivirus
[2012/11/07 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Adobe
[2012/11/02 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Apple Computer
[2012/11/02 23:55:47 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/11/02 23:55:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Identities
[2012/11/07 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Macromedia
[2012/11/06 13:13:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\MailFrontier
[2012/11/02 23:55:48 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Malwarebytes
[2011/04/11 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Media Center Programs
[2012/11/07 16:47:34 | 000,000,000 | --SD | M] -- C:\Users\JayLi\AppData\Roaming\Microsoft
[2012/11/07 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Mozilla
[2012/11/07 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\PCDr
[2012/08/29 21:20:03 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Publish Providers
[2012/11/07 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Sony
[2012/11/02 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/07 14:10:58 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\WinRAR
[2012/11/02 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\JayLi\AppData\Roaming\Xilisoft

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 20:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\erdnt\cache\explorer.exe
[2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010/11/20 16:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 16:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 16:29:12 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010/11/20 16:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 16:29:11 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 20:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/10/26 22:41:05 | 000,889,848 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/10/26 22:41:08 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/11/03 01:19:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/03 01:19:07 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< End of report >

#134
RKinner

Posted 08 November 2012 - 06:27 PM

Malware Expert

Expert
24,625 posts

Find this file C:\Windows\winstart.bat and right click on it and Edit. Then copy and paste the text.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

msconfig

Then under Startup find GrooveMonitor and check it, Apply and Reboot. It's part of Office so perhaps that is why it is complaining.

I'm also seeing an alarm for signwarehouse\vinyl express. Apparently the install for it is not working. Can you uninstall and reinstall? (Right click and Run As Admin when you install)

#135
Jayli

Posted 08 November 2012 - 10:09 PM

Member

Topic Starter
Member
98 posts

Could not find a winstart.bat file in the computer. I even searched without the .bat extension.

Found 2 incidents of GrooveMonitor in startup. One was Enabled, the other disabled. Enabled the disabled one and rebooted. Went back and only saw one incident of it in startup.

Uninstalled Vinyl Express Software, then reinstalled w Run as Admin.

Pls advise. Thanks.