Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Random BSOD suddenly occuring

Started by Aristazi , Oct 11 2012 06:15 AM

Please log in to reply

#1
Aristazi

Posted 11 October 2012 - 06:15 AM

Member

Member
266 posts

Hi! Our home computer has started acting very finicky since this weekend. I think I turned No Script off for one very picky but trusted website and then forgot to turn it on, and sometime when my husband was using it he started having problems with Firefox and started getting BSOD. Ran Nortan scan - nothing found, ran MBAM nothing found so thought I'd see if someone here could take a look as well. I may ask extra questions since I'm a GeekU student, hope that's okay :rolleyes:

Hubby also got his email account hacked a couple of weeks ago and he hasn't figured out how. He changed his password and we haven't noticed any odd behavior since, but I thought I'd mention it too just in case.

Here are the logs:

OTL logfile created on: 10/11/2012 6:58:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CowTip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.09% Memory free
11.98 Gb Paging File | 9.95 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 696.75 Gb Free Space | 74.80% Space Free | Partition Type: NTFS

Computer Name: COWTIP-PC | User Name: CowTip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
PRC - [2012/10/09 13:55:16 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008/10/17 18:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/09 13:55:16 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/07 20:23:17 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 20:34:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 20:34:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 07:33:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 07:33:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 07:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 07:33:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
MOD - [2010/07/12 07:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

========== Services (SafeList) ==========

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/09/18 17:19:04 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/09 13:55:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 20:23:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/12/22 14:46:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/09/18 17:17:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/11 13:17:51 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2012/10/10 19:37:35 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121010.034\ex64.sys -- (NAVEX15)
DRV - [2012/10/10 19:37:35 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121010.034\eng64.sys -- (NAVENG)
DRV - [2012/10/09 15:46:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121010.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/11 21:27:23 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/11 21:27:23 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 4B 20 1E C4 99 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {28BD1E51-802C-47B1-B7EF-2BDFC68D5191}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{28BD1E51-802C-47B1-B7EF-2BDFC68D5191}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/18 13:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/10 23:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/01 13:17:11 | 000,000,000 | ---D | M]

[2010/09/01 04:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Extensions
[2012/10/09 14:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions
[2012/09/17 20:28:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/02 09:55:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\[email protected]
[2012/10/09 14:24:22 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/11 08:28:31 | 000,001,976 | ---- | M] () -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\searchplugins\duckduckgo.xml
[2012/07/15 07:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/19 16:04:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/04 11:11:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/07 20:23:17 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/07 20:23:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/07 20:23:17 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sdl.webex.co...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DBA098A-FEC1-4A8F-B83A-8E087C7BB18C}: DhcpNameServer = 192.168.35.11 204.130.255.3 209.63.0.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6287593-86CC-421A-A028-684EEE8F9434}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 14:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 06:57:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/10 21:27:44 | 000,000,000 | ---D | C] -- C:\Users\CowTip\AppData\Roaming\Malwarebytes
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/10 21:27:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/10 21:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/20 22:03:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2012/09/13 22:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/11 06:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 06:45:14 | 000,000,358 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/10/10 23:31:03 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 23:31:03 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/10 23:23:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/10 23:23:32 | 834,703,376 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/10 23:23:30 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/10 21:27:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 22:09:15 | 000,658,468 | ---- | M] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/09/18 20:37:46 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 20:37:46 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 20:37:46 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/10 21:27:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 22:09:15 | 000,658,468 | ---- | C] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/08/01 20:02:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/03/24 14:59:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/03/24 14:59:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/24 14:46:15 | 000,030,477 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/03/24 14:25:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 18:22:55 | 000,000,496 | ---- | C] () -- C:\Users\CowTip\AppData\Roaming\UserMetrics.osl
[2011/12/25 15:19:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/24 21:34:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/13 17:17:22 | 000,777,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/10 23:27:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011/07/06 22:58:06 | 000,003,584 | ---- | C] () -- C:\Users\CowTip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 06:10:19 | 000,001,940 | ---- | C] () -- C:\Users\CowTip\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/10/13 20:42:08 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/10/08 10:54:52 | 000,000,008 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\date
[2010/10/08 10:54:52 | 000,000,002 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\evf6

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/09/01 05:16:24 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\acccore
[2010/12/05 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Acreon
[2011/12/25 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Big Fish Games
[2010/09/22 18:09:52 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\BitTorrent
[2011/12/24 21:34:13 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Broken Rules
[2012/03/24 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Canon
[2012/10/11 06:45:19 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Dropbox
[2012/04/21 08:57:32 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Greenshot
[2011/11/30 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Wacom
[2011/11/30 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/09/23 09:35:14 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\webex

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 10/11/2012 6:58:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CowTip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.09% Memory free
11.98 Gb Paging File | 9.95 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 696.75 Gb Free Space | 74.80% Space Free | Partition Type: NTFS

Computer Name: COWTIP-PC | User Name: CowTip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F207D-0F83-440D-9336-6E9395803092}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07F58A8E-C6A1-4DFE-829E-6C7679AE515C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{213C032B-D434-46A0-997C-666008D08D3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{285264D1-C875-4A60-BF0F-E85739973B57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2DB99E6C-703B-46D3-BB31-97BBA83E9773}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F83578C-FFC9-4AB5-9BD4-1E8C125B58CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FFF1D41-614A-4AC7-8A7A-670B5EE6A25E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{4D4A48D0-2BC1-4FC8-871B-92FC4654EFAA}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5380F753-FD84-479A-A636-4FCB50FE89DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549774DE-3B71-4B78-A61A-E9008F05EBAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61F7C53D-4C69-475D-BECC-7FB1B181E1B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C6EA12D-12A3-4C12-B38F-83E8E36AB674}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CD34CD6-7ED3-4959-B938-C44BD4B5109B}" = lport=137 | protocol=17 | dir=in | app=system |
"{753A9979-2FD0-4EA5-AB31-FF364D5A23B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7BE3C0B6-8EE1-437F-8364-EDFC1054D623}" = rport=445 | protocol=6 | dir=out | app=system |
"{868DCAF0-1BBA-4B84-AAFB-97851F7D30E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8808E701-81BD-4C14-BF91-F37F21417353}" = lport=138 | protocol=17 | dir=in | app=system |
"{943928B0-AA32-4440-A7A6-E5D3557814D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{98EB28EA-5F05-468F-B13A-DC3C91CC47CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6360332-5B96-4A14-B0DF-F8E1D3CFFA6E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A77A92CF-3DB6-4C27-AC88-93567BC4F9F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2E7F499-8E4E-4AFE-9303-D5CA52C1AC1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B70F824D-2744-4A0B-B2CC-436C095172F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{B89C9DD2-23BD-4CFB-80EA-F8DD12749B9A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C85A9A0B-9940-4B26-8EE3-2F5186F81772}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC96AB36-C300-4859-AE20-CE7976129BD3}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E00A71C4-B737-468B-86E8-57BEA0C98E6F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E7909799-19AA-4743-A9CD-6A613CE69ADF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE47F2F5-0845-447A-AD18-E62480CF31BF}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E5A0C2-A6A5-4672-B946-C79F15875344}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0508E031-A321-4AFB-BEF6-2B9B2371F124}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{05F8E1A0-F620-4B85-94A8-F0AD52EC4BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
"{0C751157-93B8-47FA-8F09-5E120BA6D442}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\azada\azada.exe |
"{0DB41D79-89E4-430E-9D09-DE5CDB21D0A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{0F360C1C-AC2F-495B-9A5B-6CE0D710C74E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{1093C89A-C832-414C-8B9C-7404D5A65067}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe |
"{16CEE715-CC7D-4651-87DE-5DBF5E61356A}" = protocol=58 | dir=out | [email protected],-28546 |
"{1A67916B-3756-4B01-953C-3B51F97AE72A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{1BFF2B2C-2D8C-4666-B2C6-B774DCBB0BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\windosill\windosill.exe |
"{1D405E59-0C4C-4EC4-B6CC-1B6FE540CE6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the tiny bang story\ttbs.exe |
"{200B1135-72D9-4030-B7B8-57B26B23C20F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{22752E0A-CAAF-4E6B-BD55-91203AF62799}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{2327D0A2-2DDA-402A-A513-DD411126EE16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe |
"{247EC005-E50D-426A-B325-A0AB742678A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25F21C8B-4FDB-4DF5-B873-D11AAECF9BA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blueberry garden\blueberrygarden.exe |
"{276EB550-A17A-4625-967F-F890683B2979}" = protocol=6 | dir=in | app=c:\users\cowtip\appdata\roaming\dropbox\bin\dropbox.exe |
"{2931669F-137A-41F1-8B31-B375A8632273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E2C1E02-89BA-4E4F-B3EE-43DAAE68BBC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\azada\azada.exe |
"{3342BCAA-4596-48DB-85D3-373ECF04A3A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37E2C032-C745-460E-9A30-5DA695C23B11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe |
"{3A55E3F1-712A-4A0C-8687-70FF1A215D52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{3CF0E490-0006-4963-B86F-6154CEF2B581}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D87788F-7B74-4BEC-AD69-F0047A9BF12B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FA6A831-9558-4280-997C-4ABD4EAB4837}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{40119815-F4DD-450D-89C9-D86E5531332A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{42063210-FEF7-4EFE-BE0A-3D1790CF173D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drawn the painted tower\drawn.exe |
"{43D5F135-ECE6-44D2-A835-E2D002B05400}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{48E6CF24-1B15-4491-B347-3198443521D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4932A5EE-4406-4A10-80C0-2529605FC21A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\windosill\windosill.exe |
"{4995A678-CE85-4811-A656-8B8D34B23C15}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{4ABA935E-3CEB-4698-AD9D-6E3E0F9FE41D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lume\lume.exe |
"{4D52A37D-C352-45CB-A5FA-0CF4153B5585}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{4EAFDE17-58EB-48FD-AC37-2D40FD3BB6C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{52099339-599B-4E45-B2B7-949588AC48A6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{52CC2A5C-3D71-4083-AC7C-31D20F2D3746}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{531D8764-55FE-498D-A11B-FB92EE322007}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{558B7D70-DD94-4AE3-AFE9-F489E30D1E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{55D91DBB-0B4A-4579-B3F9-634ED60BFFEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{56480CC6-9700-4D60-91F3-3D72CE1B704B}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{564A4ABA-EE20-4662-81B3-9A5A76EF8C17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe |
"{59138125-6EC9-4CA4-866B-BC6DB6F0F521}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5CE4ED03-6F2A-4120-9C02-97492DDE68BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{5DF4635C-FDE2-4E3A-8059-D46CFDD31823}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E25537C-40B2-4DAB-BC18-CE3CC8C1CA58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lume\lume.exe |
"{64DF736D-77A7-4E59-B61A-2AC1815F366C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
"{682DEBF8-736D-4B06-BF10-C0A7E18E5E50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lugaru hd\lugaru.exe |
"{6F8E9DD8-680F-4ED3-88F8-DD130BF6AA98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aquaria\aquaria.exe |
"{703D601C-E70D-4C1D-AEAE-63D39E768CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe |
"{7844F896-4451-4428-9A31-C35F131F446E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{7902382A-98FD-4A6E-B6F9-1462D40F801A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{7BCAAF5B-1089-4F93-8AE6-805FE781DF74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{7E5DC1AB-55B6-4DA3-B1C3-E1EFCD345478}" = protocol=1 | dir=out | [email protected],-28544 |
"{80278DDE-4DA3-4EA0-BDE3-418B3A69E546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{831CEA31-0E0F-4AFC-AC4A-487233BB01C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{88CF920D-EE7B-4F31-9519-D7750464F5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8C4C8261-7AA2-4C25-A3AC-93339814F72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{8C6659F0-192E-411E-A655-6FE01191D840}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8E477F85-70D9-43A2-82D4-166F1B8F3EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
"{95C0D583-2E1E-4B7E-8DBB-14B18B5037C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the tiny bang story\ttbs.exe |
"{99EA464E-DE63-4CE0-8478-937E5B77DE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe |
"{9B3F0DC3-E280-46ED-942D-EDD4810DF11B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{9EE41256-41D7-4164-AA2C-D64F650E4B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
"{A412114A-7CC0-4240-990A-35066248AE3B}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AAF1770C-B133-4174-A097-970E2FFAFBDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC93A26A-64A0-44B4-8536-1718353C0612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD4848FF-05E3-44AA-97A7-0DFC6C80292A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{AE04A1E7-F512-472E-BB14-6CDBD1E51378}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drawn the painted tower\drawn.exe |
"{B0C4D556-BA97-42AD-8B75-DC800725091F}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{B4EE25B9-6BD7-4F9A-A86E-B64F0161C5EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{B4FB6701-4F39-446A-A93A-449C4B8857E4}" = protocol=6 | dir=out | app=system |
"{B5D093D3-08B9-4960-ADB8-F25C7C66A381}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{B79F0DFA-F3DB-4DC1-9CDC-E71FDE0644CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA401F01-CEB1-4FCE-A0A6-B50BAB5076F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BF0E68A4-7F73-4C29-B0A0-6F53F2CD24E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{C1D5353D-2CEC-4DED-BF5E-1C4F70A39B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C5F5DCA8-AB0B-4DDC-A4F2-427519EAED0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blueberry garden\blueberrygarden.exe |
"{C99E8579-1A2E-4170-9BBB-77191FA804A3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CD326EA1-98BE-4EEE-829E-160FB7C554A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{CD539DCC-8689-426B-8B8C-6B2111E6359F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{CE360500-45C2-42C6-B1DB-649BD82EE2F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lugaru hd\lugaru.exe |
"{CE65E9E2-36AD-4BBB-BE69-4208F5AB7671}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4AD2745-4895-4134-ACFD-2EE13F860771}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D946A010-6286-415D-B3E6-BBF0028D96C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{DBF2E63F-7DD0-42E2-9D6C-246F83208B7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{DC083E28-ED2C-4805-B922-05C056856BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{E2722EC6-EFA3-4EDD-B2AB-B505748122CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{E30FAC15-1B11-465E-AB8E-BDD27040B38B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E4253633-DDAA-4305-9C5A-FBB33C13E2DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{E5B6B1CF-E155-4A48-9A78-450252C31A78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED7815E1-10B2-4D78-A1C2-0F4D31B3C7CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{EEC2F47B-A016-4FE1-BCCA-42D3E8C31FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{F2702B49-6D10-434D-A0C1-B450F9BAB416}" = protocol=58 | dir=in | [email protected],-28545 |
"{F2D61241-7477-43BA-A5E7-C6DF56363AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{F31DBE62-55C3-4A29-A5AE-31907D3888D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{F32391F4-2E33-4F2B-9417-E78AEBF6D4C6}" = protocol=17 | dir=in | app=c:\users\cowtip\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3DDB533-3528-419B-B3E9-BC35EBAC1F2E}" = protocol=1 | dir=in | [email protected],-28543 |
"{F98E4033-9A04-46C7-B0BF-831E7C9445CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aquaria\aquaria.exe |
"{FD6D4F64-B0D4-4CA5-981A-1A3B649E94E4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FEC2E1E8-0146-44EA-89EA-1D17957B0BD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{50EFE7D8-19B3-4FEB-901A-E6DAEBBF6196}" = Brother HL-2140
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92F59AB3-8B11-4552-8F40-462270A8FD5E}" = PX5 Advanced Sound Editor
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor Platinum
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"AIM_7" = AIM 7
"Amazon Kindle" = Amazon Kindle
"Bamboo Dock" = Bamboo Dock
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Greenshot_is1" = Greenshot
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 105100" = Lume
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 220" = Half-Life 2
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 23310" = The Last Remnant
"Steam App 24420" = Aquaria
"Steam App 25010" = Lugaru HD
"Steam App 29160" = Blueberry Garden
"Steam App 29180" = Osmos
"Steam App 37600" = Windosill
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 47700" = Command and Conquer 4: Tiberian Twilight
"Steam App 48900" = Saira
"Steam App 51060" = Drawn: The Painted Tower
"Steam App 65800" = Dungeon Defenders
"Steam App 70" = Half-Life
"Steam App 7340" = Azada
"Steam App 8190" = Just Cause 2
"Steam App 94200" = Jamestown
"Steam App 9500" = Gish
"Steam App 95500" = Your Doodles Are Bugged!
"Steam App 96000" = The Tiny Bang Story
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"World of Warcraft" = World of Warcraft
"ZillaTube" = ZillaTube 4.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2012 5:57:48 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/29/2012 7:33:49 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/1/2012 7:59:24 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/5/2012 7:27:29 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/6/2012 11:54:26 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/7/2012 10:11:55 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/8/2012 3:23:43 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/9/2012 4:11:24 PM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/11/2012 1:31:40 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/11/2012 2:05:00 AM | Computer Name = CowTip-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x0000000000017ef1
Faulting
process id: 0x3fc Faulting application start time: 0x01cda7682e35a115 Faulting application
path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 96da7ceb-1369-11e2-8729-485b3986cf79

[ System Events ]
Error - 10/11/2012 12:23:43 AM | Computer Name = COWTIP-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Audio Endpoint Builder service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Offline Files service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Program Compatibility Assistant Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Superfetch service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Tablet PC Input Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Distributed Link Tracking Client service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Desktop Window Manager Session Manager service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The WLAN AutoConfig service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 10/11/2012 2:05:02 AM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.

< End of report >

And MBAM too:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CowTip :: COWTIP-PC [administrator]

10/10/2012 9:28:08 PM
mbam-log-2012-10-10 (21-28-08).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 737910
Time elapsed: 1 hour(s), 48 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks so much for taking a look!!
Aristazi

#2
RKinner

Posted 11 October 2012 - 01:41 PM

Malware Expert

Expert
24,625 posts

Hubby also got his email account hacked a couple of weeks ago and he hasn't figured out how. He changed his password and we haven't noticed any odd behavior since, but I thought I'd mention it too just in case.

Was it yahoo mail? It seems everyone I know (including my wife and her system was clean) has had their yahoo account hacked. It seems that if you use less than 8 characters in your password that it will be guessed by some hacker program. Supposedly there is a way to use a two step security process to logon but I just canceled the account.

Since you are concerned about Java:

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do have the latest Java but also have an obsolete version which needs to be removed.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 33

You should also update Adobe Reader 9.5.2. Dangerous to have old versions.

Your logs show that superfetch crashed and took a bunch of other services riding on svchost.exe with it.

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Right click on BlueScreenView.exe file and Run As Admin.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Let's do a disk check to see if there is a bad spot on the drive, then spc and sigverif.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are or do a screen shot (I don't want the whole log). If you get a lot just look for those with newish dates (since about the time the problem started.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Now let's have OTL check the superfetch file to make sure it is OK:

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
ASACPI.sys
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
sysmain.dll
msvcrt.dll
SHELL32.dll
SHLWAPI.dll
ole32.dll
OLEAUT32.dll
ntdll.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-Management-L2-1-0.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
KERNEL32.dll
ADVAPI32.dll
USER32.dll
WTSAPI32.dll
RPCRT4.dll
SETUPAPI.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

I don't think it's malware but if you would like to run some scans:

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls. Change the Quickscan to C:\ (this will make it take a long time or you can just leave it at quickscan)
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

Ron

#3
Aristazi

Posted 12 October 2012 - 06:12 AM

Member

Topic Starter
Member
266 posts

Thanks RKiller! I haven't quite finished everything yet - i have to run off to work. But here are the first logs and results. Checkdisk also ran overnight.

==================================================
Dump File : 101112-30732-01.dmp
Crash Time : 10/11/2012 9:49:45 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`0334d6b8
Parameter 3 : fffff880`0334cf10
Parameter 4 : fffff800`030b3d23
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+48d8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101112-30732-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 288,464
==================================================

==================================================
Dump File : 101012-22510-01.dmp
Crash Time : 10/10/2012 11:23:43 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`03354758
Parameter 3 : fffff880`03353fb0
Parameter 4 : fffff880`0147e8e4
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+758e4
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101012-22510-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 289,136
==================================================

==================================================
Dump File : 101012-23275-01.dmp
Crash Time : 10/10/2012 6:38:37 PM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff800`0318335f
Parameter 3 : fffff880`07aa2c90
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101012-23275-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 283,968
==================================================

==================================================
Dump File : 101012-23790-01.dmp
Crash Time : 10/10/2012 2:29:18 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`0333f5b8
Parameter 3 : fffff880`0333ee10
Parameter 4 : fffff800`030bcb86
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+48d8
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\101012-23790-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 292,704
==================================================

==================================================
Dump File : 100912-21340-01.dmp
Crash Time : 10/9/2012 2:22:58 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00041284
Parameter 2 : 00000000`1a8d9001
Parameter 3 : 00000000`000440fa
Parameter 4 : fffff700`01080000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\100912-21340-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 289,464
==================================================

==================================================
Dump File : 051912-26754-01.dmp
Crash Time : 5/19/2012 11:21:57 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0552e700
Parameter 3 : fffff800`00b9c518
Parameter 4 : fffffa80`0ba4dcb0
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7f1c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+7f1c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\051912-26754-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 1,738,704
==================================================

==================================================
Dump File : 040112-20748-01.dmp
Crash Time : 4/1/2012 12:31:39 PM
Bug Check String : MEMORY_MANAGEMENT
Bug Check Code : 0x0000001a
Parameter 1 : 00000000`00005003
Parameter 2 : fffff700`01080000
Parameter 3 : 00000000`00004efa
Parameter 4 : 00004ffd`00009ff6
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cd40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17944 (win7sp1_gdr.120830-0333)
Processor : x64
Crash Address : ntoskrnl.exe+7cd40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040112-20748-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 292,696
==================================================

==================================================
Dump File : 122411-27284-01.dmp
Crash Time : 12/24/2011 8:22:51 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0357e9c8
Parameter 4 : fffff880`0357e220
Caused By Driver : MijXfilt.sys
Caused By Address : MijXfilt.sys+2d21
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122411-27284-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 285,224
==================================================

==================================================
Dump File : 122411-27970-01.dmp
Crash Time : 12/24/2011 8:18:27 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`035629c8
Parameter 4 : fffff880`03562220
Caused By Driver : MijXfilt.sys
Caused By Address : MijXfilt.sys+2d21
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122411-27970-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 285,160
==================================================

==================================================
Dump File : 122411-33509-01.dmp
Crash Time : 12/24/2011 8:13:49 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0355b9c8
Parameter 4 : fffff880`0355b220
Caused By Driver : MijXfilt.sys
Caused By Address : MijXfilt.sys+2d21
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address :
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\122411-33509-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 283,888
==================================================

sfc /scannow
Windows Resource Protection found corrupt files but was unable to fix some of them.

sigverif - all okay

Vino's Event Viewer v01c run on Windows 2008 in English - System
Report run at 12/10/2012 7:06:23 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2012 7:09:24 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2012 6:36:54 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\HidUsb failed to load for the device USB\VID_413C&PID_2003\5&23b074a8&0&1.

Log: 'System' Date/Time: 12/10/2012 3:23:47 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English - Application
Report run at 12/10/2012 7:07:42 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/10/2012 7:20:19 AM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Log: 'Application' Date/Time: 12/10/2012 7:09:23 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x0000000000004e03 Faulting process id: 0x698 Faulting application start time: 0x01cda844022334db Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: bf96d1ef-143b-11e2-9501-485b3986cf79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'm running OTL again now with the custom scan you provided.

#4
Aristazi

Posted 12 October 2012 - 06:26 AM

Member

Topic Starter
Member
266 posts

OTL logfile created on: 10/12/2012 7:09:05 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CowTip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 66.41% Memory free
11.98 Gb Paging File | 10.08 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 694.94 Gb Free Space | 74.60% Space Free | Partition Type: NTFS

Computer Name: COWTIP-PC | User Name: CowTip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
PRC - [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008/10/17 18:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe

========== Modules (No Company Name) ==========

MOD - [2012/09/07 20:23:17 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 20:34:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 20:34:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 07:33:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 07:33:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 07:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 07:33:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
MOD - [2010/07/12 07:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

========== Services (SafeList) ==========

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/09/18 17:19:04 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/09 13:55:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 20:23:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/12/22 14:46:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/09/18 17:17:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/11 13:17:51 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2012/10/12 03:51:52 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121011.034\ex64.sys -- (NAVEX15)
DRV - [2012/10/12 03:51:52 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/10/12 03:51:52 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121011.034\eng64.sys -- (NAVENG)
DRV - [2012/10/09 15:46:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121011.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/11 21:27:23 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 4B 20 1E C4 99 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {28BD1E51-802C-47B1-B7EF-2BDFC68D5191}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{28BD1E51-802C-47B1-B7EF-2BDFC68D5191}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/18 13:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/12 01:37:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 20:23:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/11 21:57:16 | 000,000,000 | ---D | M]

[2010/09/01 04:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Extensions
[2012/10/09 14:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions
[2012/09/17 20:28:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/02 09:55:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\[email protected]
[2012/10/09 14:24:22 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/11 08:28:31 | 000,001,976 | ---- | M] () -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\searchplugins\duckduckgo.xml
[2012/10/11 21:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/19 16:04:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/09/07 20:23:17 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/07 20:23:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/07 20:23:17 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sdl.webex.co...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DBA098A-FEC1-4A8F-B83A-8E087C7BB18C}: DhcpNameServer = 192.168.35.11 204.130.255.3 209.63.0.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6287593-86CC-421A-A028-684EEE8F9434}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 14:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B291CC64-4E29-6F87-523B-0C60ACFEB47A} - DirectX
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DB02F99A-446A-1CFC-2161-0F71F2D0063F} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/10/11 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/10/11 06:57:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/10 21:27:44 | 000,000,000 | ---D | C] -- C:\Users\CowTip\AppData\Roaming\Malwarebytes
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/10 21:27:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/10 21:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/09 16:24:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 16:24:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 16:24:39 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 16:24:30 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 16:24:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 16:24:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 16:24:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 16:24:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 16:24:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 16:24:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 16:24:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 16:24:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 16:24:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 16:24:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 16:24:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 16:24:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 16:24:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 16:24:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 16:23:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 16:23:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/29 15:39:20 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/22 00:22:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 00:22:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 00:22:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 00:21:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 00:21:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 00:21:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 00:21:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 00:21:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 00:21:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 00:21:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 00:21:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 00:21:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 00:21:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 00:21:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 00:21:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 22:03:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2012/09/13 22:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/13 22:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/13 07:31:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 07:31:42 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/13 07:31:41 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/13 07:31:41 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/12 07:05:33 | 000,061,440 | ---- | M] ( ) -- C:\Users\CowTip\Desktop\VEW.exe
[2012/10/12 06:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/12 06:48:03 | 000,000,358 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/10/12 01:44:27 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 01:44:27 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/12 01:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/12 01:36:55 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/11 21:49:29 | 805,797,904 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/10 21:27:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/09 13:55:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 13:55:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 22:09:15 | 000,658,468 | ---- | M] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/09/18 20:37:46 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 20:37:46 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 20:37:46 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 07:05:32 | 000,061,440 | ---- | C] ( ) -- C:\Users\CowTip\Desktop\VEW.exe
[2012/10/10 21:27:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 22:09:15 | 000,658,468 | ---- | C] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/08/01 20:02:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/03/24 14:59:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/03/24 14:59:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/24 14:46:15 | 000,030,477 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/03/24 14:25:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 18:22:55 | 000,000,496 | ---- | C] () -- C:\Users\CowTip\AppData\Roaming\UserMetrics.osl
[2011/12/25 15:19:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/24 21:34:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/13 17:17:22 | 000,777,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/10 23:27:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011/07/06 22:58:06 | 000,003,584 | ---- | C] () -- C:\Users\CowTip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 06:10:19 | 000,001,940 | ---- | C] () -- C:\Users\CowTip\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/10/13 20:42:08 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/10/08 10:54:52 | 000,000,008 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\date
[2010/10/08 10:54:52 | 000,000,002 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\evf6

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: SAMSUNG HD103SJ ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 32256
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/09/01 05:16:24 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\acccore
[2010/12/05 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Acreon
[2011/06/17 08:15:59 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Adobe
[2011/09/11 08:38:39 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Apple Computer
[2011/12/25 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Big Fish Games
[2010/09/22 18:09:52 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\BitTorrent
[2011/12/24 21:34:13 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Broken Rules
[2010/09/11 17:33:21 | 000,000,000 | R--D | M] -- C:\Users\CowTip\AppData\Roaming\Brother
[2012/03/24 15:33:46 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Canon
[2012/10/12 06:48:09 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Dropbox
[2012/04/21 08:57:32 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Greenshot
[2010/09/01 03:38:17 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Identities
[2010/09/18 16:26:49 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Intuit
[2010/09/01 06:28:08 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Macromedia
[2012/10/10 21:27:44 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Malwarebytes
[2009/07/14 02:45:37 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Media Center Programs
[2012/10/01 17:15:09 | 000,000,000 | --SD | M] -- C:\Users\CowTip\AppData\Roaming\Microsoft
[2010/09/01 04:01:56 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Mozilla
[2012/02/25 14:45:32 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\NVIDIA
[2010/09/14 13:58:52 | 000,000,000 | RH-D | M] -- C:\Users\CowTip\AppData\Roaming\SecuROM
[2012/08/11 21:26:19 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Skype
[2012/08/11 21:18:20 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\skypePM
[2010/11/18 08:07:35 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\U3
[2010/10/13 20:45:45 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Ventrilo
[2011/11/30 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\Wacom
[2011/11/30 22:17:26 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/09/23 09:35:14 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\webex
[2010/11/09 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\WinRAR
[2011/11/30 22:14:52 | 000,000,000 | ---D | M] -- C:\Users\CowTip\AppData\Roaming\WTablet

< MD5 for: ADVAPI32.DLL >
[2009/07/13 20:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=0C65FA8214D6F8378D1D3BA1CA46AF0A -- C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_e31ea7cde7d54e21\advapi32.dll
[2004/08/10 06:00:00 | 000,616,960 | ---- | M] (Microsoft Corporation) MD5=1AFF244CA134956C54474F4E2433E4CE -- C:\Windows.old\Windows\system32\advapi32.dll
[2004/08/10 06:00:00 | 000,616,960 | ---- | M] (Microsoft Corporation) MD5=1AFF244CA134956C54474F4E2433E4CE -- C:\Windows.old\Windows\system32\dllcache\advapi32.dll
[2009/07/13 20:40:01 | 000,877,056 | ---- | M] (Microsoft Corporation) MD5=6DF46D2BD74E3DA1B45F08F10D172732 -- C:\Windows\SysNative\advapi32.dll
[2009/07/13 20:40:01 | 000,877,056 | ---- | M] (Microsoft Corporation) MD5=6DF46D2BD74E3DA1B45F08F10D172732 -- C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7600.16385_none_3f3d4351a032bf57\advapi32.dll
[2010/11/20 07:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) MD5=95E2376B3323F062EB562B8586D0F14A -- C:\Windows\SysWOW64\advapi32.dll
[2010/11/20 07:18:02 | 000,640,512 | ---- | M] (Microsoft Corporation) MD5=95E2376B3323F062EB562B8586D0F14A -- C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.1.7601.17514_none_e54fbb95e4c3d1bb\advapi32.dll

< MD5 for: API-MS-WIN-SECURITY-SDDL-L1-1-0.DLL >
[2009/07/13 18:11:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) MD5=804AD3E54AD2C11BA91C28F73ADE90DA -- C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll
[2009/07/13 18:11:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) MD5=804AD3E54AD2C11BA91C28F73ADE90DA -- C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-sddl-l1-1-0.dll
[2009/07/13 20:24:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) MD5=F3B3E3370C767D623B35FEDC8FA4C3FB -- C:\Windows\SysNative\api-ms-win-security-sddl-l1-1-0.dll
[2009/07/13 20:24:53 | 000,003,072 | -H-- | M] (Microsoft Corporation) MD5=F3B3E3370C767D623B35FEDC8FA4C3FB -- C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-security-sddl-l1-1-0.dll

< MD5 for: API-MS-WIN-SERVICE-CORE-L1-1-0.DLL >
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=7FDFD0AF74C84A34A5EF289EB6044F32 -- C:\Windows\SysNative\api-ms-win-service-core-l1-1-0.dll
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=7FDFD0AF74C84A34A5EF289EB6044F32 -- C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-core-l1-1-0.dll
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=993473C994254709A7E6DC20C9981F0D -- C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=993473C994254709A7E6DC20C9981F0D -- C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-core-l1-1-0.dll

< MD5 for: API-MS-WIN-SERVICE-MANAGEMENT-L1-1-0.DLL >
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=35215454C753D42BBD161BAF14DF7408 -- C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=35215454C753D42BBD161BAF14DF7408 -- C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l1-1-0.dll
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=B492E85A40741A77C5B5D438381F5474 -- C:\Windows\SysNative\api-ms-win-service-management-l1-1-0.dll
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=B492E85A40741A77C5B5D438381F5474 -- C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l1-1-0.dll

< MD5 for: API-MS-WIN-SERVICE-MANAGEMENT-L2-1-0.DLL >
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=4A44C3838CB7724019E18593FE97686A -- C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll
[2009/07/13 20:03:49 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=4A44C3838CB7724019E18593FE97686A -- C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l2-1-0.dll
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=F74D145F733EF4ACE3E1BF38EC4E4418 -- C:\Windows\SysNative\api-ms-win-service-management-l2-1-0.dll
[2009/07/13 20:24:53 | 000,002,560 | -H-- | M] (Microsoft Corporation) MD5=F74D145F733EF4ACE3E1BF38EC4E4418 -- C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l2-1-0.dll

< MD5 for: API-MS-WIN-SERVICE-WINSVC-L1-1-0.DLL >
[2009/07/13 20:24:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) MD5=9E229D60DA2FAB875C6A6AA451E6D028 -- C:\Windows\SysNative\api-ms-win-service-winsvc-l1-1-0.dll
[2009/07/13 20:24:53 | 000,003,584 | -H-- | M] (Microsoft Corporation) MD5=9E229D60DA2FAB875C6A6AA451E6D028 -- C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-winsvc-l1-1-0.dll
[2009/07/13 20:03:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) MD5=EA03D6CB2A8974DD1360861E06AF688A -- C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll
[2009/07/13 20:03:49 | 000,003,584 | -H-- | M] (Microsoft Corporation) MD5=EA03D6CB2A8974DD1360861E06AF688A -- C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-winsvc-l1-1-0.dll

< MD5 for: ASACPI.SYS >
[2005/03/29 03:30:38 | 000,008,192 | ---- | M] () MD5=03B7145C889603537E9FFEABB1AD1089 -- C:\Windows\SysNative\DriverStore\FileRepository\atk2000.inf_amd64_neutral_a91abe245a6c41c8\ASACPI.sys
[2009/07/15 22:38:40 | 000,015,416 | ---- | M] () MD5=19B006B181E3875FD254F7B67ACF1E7C -- C:\Windows\SysNative\drivers\ASACPI.sys
[2009/07/15 22:38:40 | 000,015,416 | ---- | M] () MD5=19B006B181E3875FD254F7B67ACF1E7C -- C:\Windows\SysNative\DriverStore\FileRepository\asacpi.inf_amd64_neutral_527c82778c06a3c4\ASACPI.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2004/08/10 06:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\Windows.old\Windows\system32\csrss.exe
[2004/08/10 06:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\Windows.old\Windows\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Windows.old\Windows\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: KERNEL32.DLL >
[2011/07/16 00:21:15 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=06835B46D9676BEDD80AF25ACF6845FD -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011/05/14 02:20:00 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=0E1B2E16235AA7F89F064EE75DFC905E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011/05/14 01:22:22 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=166116134C58DC36400DE59ACD64FB39 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2012/08/20 14:02:39 | 001,163,776 | ---- | M] (Microsoft Corporation) MD5=1BDA5DB0C493B390C2DFD09139140DE1 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_f093daaf88d88568\kernel32.dll
[2011/07/15 23:21:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=2113248DB2D1AF9CA790B09F3E6C6E85 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011/07/16 00:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2012/08/20 12:31:14 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=305681B4B695D4A888B941965FFC2C17 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[2012/08/18 06:17:55 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=33616DACC75C9E105DAE944120DB4274 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_fa5fe69aa41ac3c9\kernel32.dll
[2011/05/14 01:32:33 | 000,837,120 | ---- | M] (Microsoft Corporation) MD5=40EACEE0B6432CBE2459A11B298E9D88 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011/07/15 23:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) MD5=4EA99F1644627B1EBAD99D0B93CDEE1C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[2009/07/13 20:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5B4B379AD10DEDA4EDA01B8C6961B193 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009/07/13 20:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2012/08/20 13:24:09 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=624B34180C79D67C470C155DB81FFB8E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[2011/05/14 02:11:10 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=6743E8705A96FCBF71279B5AE2CCFDBC -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011/06/03 00:58:27 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6EB2AEE15C20681E323E9A3E334FE6CF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2010/11/20 08:26:42 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/06/03 01:54:47 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=8225958BAC83EAFCDB6BAB6EE5EDF6E6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2012/08/20 12:51:24 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=85660067ECD49B6E302347EFCC2F72A5 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21306_none_fae88501bd394763\kernel32.dll
[2004/08/10 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\Windows.old\Windows\system32\dllcache\kernel32.dll
[2004/08/10 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\Windows.old\Windows\system32\kernel32.dll
[2012/08/18 10:37:49 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=8E7F88A62E1AA28F15C0D6784E4C78B6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.17107_none_f00b3c486fba01ce\kernel32.dll
[2011/05/14 02:36:24 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=98DA1B7572DAD6BA10296E0DF0950B37 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011/07/15 23:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2012/08/20 12:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9B98D47916EAD4F69EF51B56B0C2323C -- C:\Windows\SysWOW64\kernel32.dll
[2012/08/20 12:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9B98D47916EAD4F69EF51B56B0C2323C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[2011/07/16 00:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/05/14 02:33:36 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=CC5CBC069944E7EA70D8674478A70A37 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011/07/15 23:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011/07/16 00:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=DDBD24DC04DA5FD0EDF45CF72B7C01E2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[2010/11/20 07:08:56 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2012/08/20 13:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=EAF41CFBA5281834CBC383C710AC7965 -- C:\Windows\SysNative\kernel32.dll
[2012/08/20 13:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=EAF41CFBA5281834CBC383C710AC7965 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll

< MD5 for: MSVCRT.DLL >
[1999/05/05 22:22:00 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=0B9C183D1565B48FA6E5D1D3D4B86BCC -- C:\CanoScan\CNQL20\CNQSG70\MSVCRT.DLL
[1999/05/05 22:22:00 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=0B9C183D1565B48FA6E5D1D3D4B86BCC -- C:\CanoScan\CNQL30\CNQSG70\MSVCRT.DLL
[2011/12/16 02:49:23 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=10142C1975202A767C0EDB3BC066FD88 -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll
[2008/08/26 01:33:40 | 000,278,581 | ---- | M] (Microsoft Corporation) MD5=1E7D17A025E1503E4BAC906AA3DE3F3E -- C:\Program Files (x86)\Adobe\Adobe Media Encoder CS4\MSVCRT.DLL
[2010/09/23 09:35:04 | 000,254,005 | ---- | M] (Microsoft Corporation) MD5=242932CACF55F067793CAD819C8C73EE -- C:\ProgramData\WebEx\webex\926\msvcrt.dll
[2010/09/23 09:35:04 | 000,254,005 | ---- | M] (Microsoft Corporation) MD5=242932CACF55F067793CAD819C8C73EE -- C:\Users\All Users\WebEx\webex\926\msvcrt.dll
[2010/09/23 09:34:52 | 000,254,005 | ---- | M] (Microsoft Corporation) MD5=242932CACF55F067793CAD819C8C73EE -- C:\Users\CowTip\AppData\LocalLow\WebEx\WebEx\926\msvcrt.dll
[2011/12/16 03:58:30 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=2F740C4B458331357E825E94AFB0953A -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[2004/08/10 06:00:00 | 000,322,560 | R--- | M] (Microsoft Corporation) MD5=4200BE3808F6406DBE45A7B88DAE5035 -- C:\Windows.old\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[2011/12/16 03:42:13 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=579F6AFC6A6561951FA2202EFC3FE485 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_2d7b4155b87308d6\msvcrt.dll
[2008/09/10 17:25:26 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\JVM\bin\msvcrt.dll
[2009/07/13 20:41:32 | 000,634,880 | ---- | M] (Microsoft Corporation) MD5=7319BB10FA1F86E49E3DCF4136F6C957 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[2011/12/16 03:38:18 | 000,634,880 | ---- | M] (Microsoft Corporation) MD5=7D8B505E35AB89D3C3E9AE54A2C95DD2 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_2e2d2856d17152c7\msvcrt.dll
[2004/08/10 06:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=98EC447E00229AFD88D5161A25D065DA -- C:\Windows.old\Windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[2011/12/16 02:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=9DC80A8AAAAAC397BDAB3C67165A824E -- C:\Windows\SysWOW64\msvcrt.dll
[2011/12/16 02:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=9DC80A8AAAAAC397BDAB3C67165A824E -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[2004/08/10 06:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=B0FEFA816D61EC66AA765DDF534EAB5E -- C:\Windows.old\Windows\system32\dllcache\msvcrt.dll
[2004/08/10 06:00:00 | 000,343,040 | ---- | M] (Microsoft Corporation) MD5=B0FEFA816D61EC66AA765DDF534EAB5E -- C:\Windows.old\Windows\system32\msvcrt.dll
[2011/12/16 03:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) MD5=C391FC68282A000CDF953F8B6B55D2EF -- C:\Windows\SysNative\msvcrt.dll
[2011/12/16 03:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) MD5=C391FC68282A000CDF953F8B6B55D2EF -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[2010/06/02 16:25:16 | 000,271,760 | ---- | M] (Microsoft Corporation) MD5=E0E23C7046F6522CDB7D6D4DCD525F0E -- C:\Program Files (x86)\Quicken\Convert03\msvcrt.dll
[2009/07/13 20:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=E46D48A7FE961401F1CBF85531CDF05D -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
[2011/12/16 02:59:17 | 000,690,688 | ---- | M] (Microsoft Corporation) MD5=F8A61B2E713309B4616D107919BDAB6E -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll
[2011/12/16 03:39:13 | 000,634,880 | ---- | M] (Microsoft Corporation) MD5=F9A4C695C86CC32048FE2C987A0BD387 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll

< MD5 for: NTDLL.DLL >
[2010/03/24 02:34:10 | 001,737,120 | ---- | M] (Microsoft Corporation) MD5=2172954ED66F4B7B99EBEDDC831A9942 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20676_none_b56140b62ef34a3b\ntdll.dll
[2010/03/24 01:59:44 | 001,736,608 | ---- | M] (Microsoft Corporation) MD5=26AA6DF4C9ADCE650FD87EAF8DA7601C -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16559_none_b4f044a115c2be94\ntdll.dll
[2010/11/20 08:28:37 | 001,731,936 | ---- | M] (Microsoft Corporation) MD5=3556D5A8BF2CC508BDAB51DEC38D7C61 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_b6fce3b112cd3657\ntdll.dll
[2010/03/24 01:30:14 | 001,290,064 | ---- | M] (Microsoft Corporation) MD5=4F1D202E27753DD2AC4056961A1113AF -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20676_none_bfb5eb0863540c36\ntdll.dll
[2010/10/27 00:21:52 | 001,739,176 | ---- | M] (Microsoft Corporation) MD5=50392ADDD57A8EBBA345E205AA49FE8C -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20826_none_b597541e2ecab8d4\ntdll.dll
[2011/11/17 01:53:22 | 001,747,400 | ---- | M] (Microsoft Corporation) MD5=56905D1F244981BAE418ED3096E8F544 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.21092_none_b5477d8a2f074778\ntdll.dll
[2010/10/26 23:40:22 | 001,293,120 | ---- | M] (Microsoft Corporation) MD5=5ED76A46EFF78575F99D3BF3302889CF -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_bf15b0014a47881e\ntdll.dll
[2010/10/27 00:16:01 | 001,739,176 | ---- | M] (Microsoft Corporation) MD5=678084C231715CB38A23D7326D6839BA -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_b4c105af15e6c623\ntdll.dll
[2011/11/17 02:14:10 | 001,739,160 | ---- | M] (Microsoft Corporation) MD5=68DB778AC4FD7896CE2F153353BA15C8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16915_none_b5178ac115a5de10\ntdll.dll
[2011/11/17 01:30:03 | 001,740,160 | ---- | M] (Microsoft Corporation) MD5=90D3125EE1268D1EEE7751ED54BA41C9 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.21861_none_b74d73ce2c16101f\ntdll.dll
[2011/11/17 02:17:33 | 001,297,224 | ---- | M] (Microsoft Corporation) MD5=A0145206D9B6C9270D139ADB10CDDCF0 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.21092_none_bf9c27dc63680973\ntdll.dll
[2004/08/10 06:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\Windows.old\Windows\system32\dllcache\ntdll.dll
[2004/08/10 06:00:00 | 000,708,096 | ---- | M] (Microsoft Corporation) MD5=BB5CBFFC096497506167BCE1D9690EF2 -- C:\Windows.old\Windows\system32\ntdll.dll
[2009/07/13 20:43:10 | 001,736,792 | ---- | M] (Microsoft Corporation) MD5=BC8E5D3038E2CA27AFE8B692907BFD9A -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16385_none_b4cbcfe915deb2bd\ntdll.dll
[2011/11/17 01:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) MD5=CF95B85FF8D128385ABD411C8CA74DED -- C:\Windows\SysNative\ntdll.dll
[2011/11/17 01:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) MD5=CF95B85FF8D128385ABD411C8CA74DED -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_b6f317db12d465ed\ntdll.dll
[2011/11/17 00:31:42 | 001,296,200 | ---- | M] (Microsoft Corporation) MD5=D090CC80116EBA8F4852DFE6D05684FD -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.21861_none_c1a21e206076d21a\ntdll.dll
[2010/10/26 23:30:45 | 001,293,632 | ---- | M] (Microsoft Corporation) MD5=D0987BB5FA4155F5998985AE9F5D9994 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20826_none_bfebfe70632b7acf\ntdll.dll
[2009/07/13 20:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) MD5=D0B2C365CAB344F1BED8A0DADD507D96 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16385_none_bf207a3b4a3f74b8\ntdll.dll
[2010/11/20 07:24:35 | 001,292,096 | ---- | M] (Microsoft Corporation) MD5=D124F55B9393C976963407DFF51FFA79 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_c1518e03472df852\ntdll.dll
[2011/11/17 00:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) MD5=DB6DD54A93522CA3572D04B56C5DB890 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16915_none_bf6c35134a06a00b\ntdll.dll
[2010/03/24 01:37:04 | 001,289,528 | ---- | M] (Microsoft Corporation) MD5=E4F1F370395B5E8E58191896D64129C4 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16559_none_bf44eef34a23808f\ntdll.dll
[2011/11/17 00:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) MD5=E73B0F1819602CB6EF176FB78D76A47B -- C:\Windows\SysWOW64\ntdll.dll
[2011/11/17 00:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) MD5=E73B0F1819602CB6EF176FB78D76A47B -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_c147c22d473527e8\ntdll.dll

< MD5 for: OLE32.DLL >
[2010/06/28 23:56:22 | 001,414,144 | ---- | M] (Microsoft Corporation) MD5=40E6BF57F6A923038B94C07387118089 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[2010/06/29 00:37:52 | 002,085,376 | ---- | M] (Microsoft Corporation) MD5=49401892E8305914A9E7F64C7000D6A6 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll
[2009/07/13 20:16:12 | 001,412,608 | ---- | M] (Microsoft Corporation) MD5=4ACB903AD1693858A918907358CBD9E4 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
[2009/07/13 20:41:53 | 002,084,352 | ---- | M] (Microsoft Corporation) MD5=4B25DDE615AC2CABAB73169CA7DA96E6 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_081299030c02672b\ole32.dll
[2004/08/10 06:00:00 | 001,281,536 | ---- | M] (Microsoft Corporation) MD5=4FE9D9FA62D020E35E0AC6D1AEEB96F0 -- C:\Windows.old\Windows\system32\dllcache\ole32.dll
[2004/08/10 06:00:00 | 001,281,536 | ---- | M] (Microsoft Corporation) MD5=4FE9D9FA62D020E35E0AC6D1AEEB96F0 -- C:\Windows.old\Windows\system32\ole32.dll
[2010/11/20 08:27:23 | 002,086,912 | ---- | M] (Microsoft Corporation) MD5=6C60B5ACA7442EFB794082CDACFC001C -- C:\Windows\SysNative\ole32.dll
[2010/11/20 08:27:23 | 002,086,912 | ---- | M] (Microsoft Corporation) MD5=6C60B5ACA7442EFB794082CDACFC001C -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[2010/11/20 07:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) MD5=928CF7268086631F54C3D8E17238C6DD -- C:\Windows\SysWOW64\ole32.dll
[2010/11/20 07:20:49 | 001,414,144 | ---- | M] (Microsoft Corporation) MD5=928CF7268086631F54C3D8E17238C6DD -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
[2010/06/29 00:39:12 | 002,085,376 | ---- | M] (Microsoft Corporation) MD5=AC8F79017C5C1FB316930EDEAD0AF517 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
[2010/06/29 00:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) MD5=E2C2D8C982316C8ABF800C6CE3F28FAB -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll

< MD5 for: OLEAUT32.DLL >
[2010/11/20 07:20:49 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=028D74F61952756C9DFFF7969162BB39 -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17514_none_257ada4f467a7f64\oleaut32.dll
[2010/12/18 00:31:23 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=06333B8D05D4F3A2AF25EB14FC0A1DFF -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_2387acc9495dfcbb\oleaut32.dll
[2011/02/25 00:34:36 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=1CBAEDC5448CD922DCF82283383AD68B -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17567_none_2547cb9146a0571e\oleaut32.dll
[2011/08/27 00:41:28 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=1FD44975AAD8267F483B3F7EDB200496 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.21036_none_19b5aa862e1f8c40\oleaut32.dll
[2011/08/27 00:40:28 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=2A46451EE42BCD2C842D8AA4923FAC16 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16872_none_18fcf4c11525c39c\oleaut32.dll
[2009/07/13 20:41:53 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=2EC1645863B2C0598227D99C13E231DB -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16385_none_18f51c35152b39cf\oleaut32.dll
[2010/04/07 02:37:39 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=354EA1B942109DF050FCF3FCED00BF13 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16567_none_190cc06d15192ee9\oleaut32.dll
[2011/08/27 00:32:58 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=3FF788A8B5A1AEDDEEB668E192804A22 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21802_none_1bb89fec2b3108e2\oleaut32.dll
[2010/11/20 08:27:23 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=42F05F980F164E084DB65B2E8CD8430F -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17514_none_1b262ffd1219bd69\oleaut32.dll
[2011/02/26 01:19:35 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=437BA31239626D89CFC09C895017B788 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21669_none_1b7ebe9e2b5b679b\oleaut32.dll
[2010/04/07 02:33:45 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=4B14EDC2BA8A485A4B42878C46021C6A -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20685_none_23d3671e62a995e2\oleaut32.dll
[2011/02/25 01:22:22 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=628E31A35C9FEB92CB11133497603ECE -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17567_none_1af3213f123f9523\oleaut32.dll
[2011/08/27 00:41:59 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=6AF714B44B582D6600AB34778948B74B -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21802_none_260d4a3e5f91cadd\oleaut32.dll
[2011/08/26 23:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=6C765E82B57F2E66CE9C54AC238471D9 -- C:\Windows\SysWOW64\oleaut32.dll
[2011/08/26 23:26:27 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=6C765E82B57F2E66CE9C54AC238471D9 -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_253bfd4146a956df\oleaut32.dll
[2011/08/26 23:43:07 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=705C210EFC5564BE49EB026BD7AFF27A -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16872_none_23519f1349868597\oleaut32.dll
[2011/02/26 00:24:33 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=845EAC47A1D69CF2FA5FCD2DF320C02C -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.21669_none_25d368f05fbc2996\oleaut32.dll
[2010/12/18 00:30:26 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=8BB4D5AB47AA6960AEE3CD758ECA01ED -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20861_none_23e5099a629cf2f2\oleaut32.dll
[2010/12/18 01:13:53 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=8F6C92F275CB489D4EC28C3CB419485D -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16722_none_1933027714fd3ac0\oleaut32.dll
[2010/04/07 02:46:32 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=920309DB5A13E87804EDE14FF9024F3F -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20685_none_197ebccc2e48d3e7\oleaut32.dll
[2010/04/07 02:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=A07DA8434B12B2CD0AD2994F05D1129E -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16567_none_23616abf4979f0e4\oleaut32.dll
[2010/12/18 01:09:35 | 000,861,184 | ---- | M] (Microsoft Corporation) MD5=AA0F564958C66A7E37D68C009AA7A25D -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.20861_none_19905f482e3c30f7\oleaut32.dll
[2004/08/10 06:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) MD5=B3742DEE858B243E77C73D2B8F7C8223 -- C:\Windows.old\Windows\system32\dllcache\oleaut32.dll
[2004/08/10 06:00:00 | 000,553,472 | ---- | M] (Microsoft Corporation) MD5=B3742DEE858B243E77C73D2B8F7C8223 -- C:\Windows.old\Windows\system32\oleaut32.dll
[2011/08/27 00:37:49 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=C06B32165E23A72A898B7A89679AD754 -- C:\Windows\SysNative\oleaut32.dll
[2011/08/27 00:37:49 | 000,861,696 | ---- | M] (Microsoft Corporation) MD5=C06B32165E23A72A898B7A89679AD754 -- C:\Windows\winsxs\amd64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7601.17676_none_1ae752ef124894e4\oleaut32.dll
[2011/08/26 23:41:24 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=D91B8D9F154929130900A8BEEC697D41 -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.21036_none_240a54d862804e3b\oleaut32.dll
[2009/07/13 20:16:12 | 000,571,904 | ---- | M] (Microsoft Corporation) MD5=FADBB267FE9846233ED486DE6EEAAEB9 -- C:\Windows\winsxs\wow64_microsoft-windows-ole-automation_31bf3856ad364e35_6.1.7600.16385_none_2349c687498bfbca\oleaut32.dll

< MD5 for: RPCRT4.DLL >
[2010/11/20 08:27:24 | 001,219,584 | ---- | M] (Microsoft Corporation) MD5=0611473C1AD9E2D991CD9482068417F7 -- C:\Windows\SysNative\rpcrt4.dll
[2010/11/20 08:27:24 | 001,219,584 | ---- | M] (Microsoft Corporation) MD5=0611473C1AD9E2D991CD9482068417F7 -- C:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.17514_none_1220a4865bb3d9a0\rpcrt4.dll
[2009/07/13 20:41:53 | 001,221,632 | ---- | M] (Microsoft Corporation) MD5=48C903068B6BDAB5EF650B9CBEE85295 -- C:\Windows\winsxs\amd64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7600.16385_none_0fef90be5ec55606\rpcrt4.dll
[2004/08/10 06:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) MD5=857AE842E5779194595C1AA6428690A2 -- C:\Windows.old\Windows\system32\dllcache\rpcrt4.dll
[2004/08/10 06:00:00 | 000,581,120 | ---- | M] (Microsoft Corporation) MD5=857AE842E5779194595C1AA6428690A2 -- C:\Windows.old\Windows\system32\rpcrt4.dll
[2009/07/13 20:11:23 | 000,662,528 | ---- | M] (Microsoft Corporation) MD5=90385551B6B3793E949DF310A11D64E7 -- C:\Windows\winsxs\wow64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7600.16385_none_1a443b1093261801\rpcrt4.dll
[2010/11/20 07:08:57 | 000,663,040 | ---- | M] (Microsoft Corporation) MD5=C5AD8083CF94201F1F8084ECC696A8B7 -- C:\Windows\SysWOW64\rpcrt4.dll
[2010/11/20 07:08:57 | 000,663,040 | ---- | M] (Microsoft Corporation) MD5=C5AD8083CF94201F1F8084ECC696A8B7 -- C:\Windows\winsxs\wow64_microsoft-windows-rpc-local_31bf3856ad364e35_6.1.7601.17514_none_1c754ed890149b9b\rpcrt4.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\Windows.old\Windows\system32\dllcache\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\Windows.old\Windows\system32\services.exe

< MD5 for: SETUPAPI.DLL >
[2010/11/20 07:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) MD5=10FB16B50AFFDA6D44588F3C445DC273 -- C:\Windows\SysWOW64\setupapi.dll
[2010/11/20 07:21:14 | 001,667,584 | ---- | M] (Microsoft Corporation) MD5=10FB16B50AFFDA6D44588F3C445DC273 -- C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\setupapi.dll
[2009/07/13 20:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) MD5=41323AB614A2B66AD77B1121D24AC895 -- C:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_9b3ef5aa144fa2f7\setupapi.dll
[2010/11/20 08:27:25 | 001,900,544 | ---- | M] (Microsoft Corporation) MD5=5D8E6C95156ED1F79A63D1EADE6F9ED5 -- C:\Windows\SysNative\setupapi.dll
[2010/11/20 08:27:25 | 001,900,544 | ---- | M] (Microsoft Corporation) MD5=5D8E6C95156ED1F79A63D1EADE6F9ED5 -- C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_931b5f1fdcdd6496\setupapi.dll
[2009/07/13 20:41:54 | 001,899,520 | ---- | M] (Microsoft Corporation) MD5=6A4EA4C29FBF78112AE20013FB71E9C1 -- C:\Windows\winsxs\amd64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7600.16385_none_90ea4b57dfeee0fc\setupapi.dll
[2004/08/10 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=7808313CBC634EE08346D5DDFEF1CC5F -- C:\Windows.old\Windows\system32\dllcache\setupapi.dll
[2004/08/10 06:00:00 | 000,983,552 | ---- | M] (Microsoft Corporation) MD5=7808313CBC634EE08346D5DDFEF1CC5F -- C:\Windows.old\Windows\system32\setupapi.dll

< MD5 for: SHELL32.DLL >
[2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) MD5=0E35B943F6583380981C69CCB97A56D2 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17755_none_ca24f4b328bafb69\shell32.dll
[2012/01/04 04:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation) MD5=11535B22CFCC1F4D16C8D11289682BA3 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16941_none_d29a10c35ff0d02b\shell32.dll
[2010/07/27 09:42:00 | 014,167,552 | ---- | M] (Microsoft Corporation) MD5=13B107DC96AD457032F4443A73F18613 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20765_none_c8bd5eda44ba53c3\shell32.dll
[2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation) MD5=16AB4BD2ACC52109F43739BF0E89E18F -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_d4a3da9f5cfc39fb\shell32.dll
[2012/06/09 00:28:25 | 014,171,648 | ---- | M] (Microsoft Corporation) MD5=25692CDAB89CA24FD13735129317A6AB -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.21230_none_c8d8ace644a6a91b\shell32.dll
[2010/11/20 08:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation) MD5=26E716ED95DC48CF6E5AC046089366AF -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17514_none_ca4f304d289b7800\shell32.dll
[2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) MD5=29E9794708DF51DB5DC89FB2E903A0F6 -- C:\Windows\SysWOW64\shell32.dll
[2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) MD5=29E9794708DF51DB5DC89FB2E903A0F6 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17859_none_d47da2135d181fe7\shell32.dll
[2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) MD5=2CBC35E872BA9B46474890135B56DD66 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.17038_none_d2abbad75fe298dd\shell32.dll
[2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) MD5=358FC25391C6733EAF49DB480AFDFD8C -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17755_none_d4799f055d1bbd64\shell32.dll
[2012/06/08 23:42:16 | 012,872,192 | ---- | M] (Microsoft Corporation) MD5=3EAF68E4CB279B790AFC8527B6CEABFE -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.21230_none_d32d573879076b16\shell32.dll
[2010/02/18 03:11:22 | 014,166,528 | ---- | M] (Microsoft Corporation) MD5=3FC7A245D61DF208C4C22CE10A621543 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20647_none_c8d4fd6044a85168\shell32.dll
[2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) MD5=48CC125A6AB6C72A13E3D3E9C39AD9D9 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.17038_none_c85710852b81d6e2\shell32.dll
[2012/06/09 00:23:17 | 014,175,232 | ---- | M] (Microsoft Corporation) MD5=494935A017905BEBDAA56490FCAF683B -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.22015_none_cad9ab3641b85bd8\shell32.dll
[2010/02/18 03:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation) MD5=4E0E44728E34C504F16275FE0398A579 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16532_none_c8512f0f2b8716fa\shell32.dll
[2009/07/13 20:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation) MD5=4EE609BFBD4D5316F662832680828FA6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16385_none_c81e1c852bacf466\shell32.dll
[2009/07/13 20:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) MD5=518C6116079414E7074E726925D07A41 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16385_none_d272c6d7600db661\shell32.dll
[2012/01/04 03:53:35 | 012,871,680 | ---- | M] (Microsoft Corporation) MD5=53DE6FE5930269935DD3A55955A3B9AA -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.21119_none_d34bf7c478ef1a1c\shell32.dll
[2010/02/18 02:32:54 | 012,868,096 | ---- | M] (Microsoft Corporation) MD5=7C2452DC91FB83BEE4AB4CBD4C62F707 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20647_none_d329a7b279091363\shell32.dll
[2012/01/04 03:48:52 | 012,873,728 | ---- | M] (Microsoft Corporation) MD5=7F25B8EBDE5D470B79D9EFB144FB1A9A -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.21890_none_d4d2faae765e4e3f\shell32.dll
[2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) MD5=8679917A54A08CE5B923A2D0A511BABD -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_d29d0bef5fee24bb\shell32.dll
[2012/01/04 04:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation) MD5=8F25CF7A9FAF1538C47291771C32D0ED -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16941_none_c84566712b900e30\shell32.dll
[2012/01/04 04:58:08 | 014,172,672 | ---- | M] (Microsoft Corporation) MD5=957791C315AC55574F1786A3C2634C40 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.21119_none_c8f74d72448e5821\shell32.dll
[2010/02/18 02:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation) MD5=A42D7CF85643157C0722B873C433E5A4 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16532_none_d2a5d9615fe7d8f5\shell32.dll
[2012/01/04 04:52:58 | 014,173,184 | ---- | M] (Microsoft Corporation) MD5=C4BC46BC14AC1F285D199BEEBE366F2E -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.21890_none_ca7e505c41fd8c44\shell32.dll
[2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) MD5=C6689007B3A749C49A5438DCF36E0CE4 -- C:\Windows\SysNative\shell32.dll
[2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) MD5=C6689007B3A749C49A5438DCF36E0CE4 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17859_none_ca28f7c128b75dec\shell32.dll
[2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) MD5=CA34F2478B2B0EA172CFC8A97B2DC4C5 -- C:\Windows\winsxs\amd64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.16644_none_c848619d2b8d62c0\shell32.dll
[2012/06/08 23:24:45 | 012,874,752 | ---- | M] (Microsoft Corporation) MD5=D0961EA39C6472D9D27922ECE168808E -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.22015_none_d52e558876191dd3\shell32.dll
[2004/08/10 06:00:00 | 008,384,000 | ---- | M] (Microsoft Corporation) MD5=D5988A5048E4DC7175BCA9F29FC144AE -- C:\Windows.old\Windows\system32\dllcache\shell32.dll
[2004/08/10 06:00:00 | 008,384,000 | ---- | M] (Microsoft Corporation) MD5=D5988A5048E4DC7175BCA9F29FC144AE -- C:\Windows.old\Windows\system32\shell32.dll
[2010/07/27 08:59:50 | 012,869,120 | ---- | M] (Microsoft Corporation) MD5=E7BED39B2B28D726E3DFB898817A01D1 -- C:\Windows\winsxs\wow64_microsoft-windows-shell32_31bf3856ad364e35_6.1.7600.20765_none_d312092c791b15be\shell32.dll

< MD5 for: SHLWAPI.DLL >
[2009/07/13 20:41:54 | 000,449,536 | ---- | M] (Microsoft Corporation) MD5=15BDC173EB5FA4F92B67D9FFB269A6EA -- C:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7600.16385_none_55cea3abbe5ff1f1\shlwapi.dll
[2004/08/10 06:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation) MD5=5C201E9741BB40AF60A7C66D2B3AFCC4 -- C:\Windows.old\Windows\system32\dllcache\shlwapi.dll
[2004/08/10 06:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation) MD5=5C201E9741BB40AF60A7C66D2B3AFCC4 -- C:\Windows.old\Windows\system32\shlwapi.dll
[2010/11/20 07:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) MD5=8CC3C111D653E96F3EA1590891491D71 -- C:\Windows\SysWOW64\shlwapi.dll
[2010/11/20 07:21:19 | 000,350,208 | ---- | M] (Microsoft Corporation) MD5=8CC3C111D653E96F3EA1590891491D71 -- C:\Windows\winsxs\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_fbe11bf002f10455\shlwapi.dll
[2010/11/20 08:27:25 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=EAF32CB8C1F810E4715B4DFBE785C7FF -- C:\Windows\SysNative\shlwapi.dll
[2010/11/20 08:27:25 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=EAF32CB8C1F810E4715B4DFBE785C7FF -- C:\Windows\winsxs\amd64_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7601.17514_none_57ffb773bb4e758b\shlwapi.dll
[2009/07/13 20:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) MD5=F037DB14CF6165C62F4A64D12A25B07C -- C:\Windows\winsxs\x86_microsoft-windows-shlwapi_31bf3856ad364e35_6.1.7600.16385_none_f9b00828060280bb\shlwapi.dll

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Windows.old\Windows\system32\dllcache\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Windows.old\Windows\system32\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: SYSMAIN.DLL >
[2009/07/13 20:41:54 | 001,780,736 | ---- | M] (Microsoft Corporation) MD5=3C1284516A62078FB68F768DE4F1A7BE -- C:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7600.16385_none_9942e3f1f9e8597e\sysmain.dll
[2010/11/20 08:27:26 | 001,743,360 | ---- | M] (Microsoft Corporation) MD5=BF9CCC0BF39B418C8D0AE8B05CF95B7D -- C:\Windows\SysNative\sysmain.dll
[2010/11/20 08:27:26 | 001,743,360 | ---- | M] (Microsoft Corporation) MD5=BF9CCC0BF39B418C8D0AE8B05CF95B7D -- C:\Windows\winsxs\amd64_microsoft-windows-s..mmaintenanceservice_31bf3856ad364e35_6.1.7601.17514_none_9b73f7b9f6d6dd18\sysmain.dll

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2004/08/10 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2004/08/10 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WTSAPI32.DLL >
[2004/08/10 06:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=67F2D109AB373FECEB819F420DB11F03 -- C:\Windows.old\Windows\system32\dllcache\wtsapi32.dll
[2004/08/10 06:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=67F2D109AB373FECEB819F420DB11F03 -- C:\Windows.old\Windows\system32\wtsapi32.dll
[2010/11/20 07:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) MD5=6A6B2EE4565A178035BE2A4FF6F2C968 -- C:\Windows\SysWOW64\wtsapi32.dll
[2010/11/20 07:21:39 | 000,040,448 | ---- | M] (Microsoft Corporation) MD5=6A6B2EE4565A178035BE2A4FF6F2C968 -- C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7601.17514_none_c938554924975526\wtsapi32.dll
[2009/07/13 20:41:58 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=BD3674BE7FC9D8D3732C83E8499576ED -- C:\Windows\SysNative\wtsapi32.dll
[2009/07/13 20:41:58 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=BD3674BE7FC9D8D3732C83E8499576ED -- C:\Windows\winsxs\amd64_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_2325dd04e00642c2\wtsapi32.dll
[2009/07/13 20:16:20 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=E30E5BB0DBA49EFE5BBBAFEA440CFBD9 -- C:\Windows\winsxs\x86_microsoft-windows-t..services-publicapis_31bf3856ad364e35_6.1.7600.16385_none_c707418127a8d18c\wtsapi32.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/14 07:10:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/14 07:10:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/14 07:10:05 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/09/07 20:23:17 | 000,883,896 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/09/07 20:23:17 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/14 07:10:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/14 07:10:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/14 07:10:03 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< End of report >

#5
RKinner

Posted 12 October 2012 - 10:28 AM

Malware Expert

Expert
24,625 posts

sfc /scannow
Windows Resource Protection found corrupt files but was unable to fix some of them.

This is unusual on Win 7 (but common on Vista). Let's see if we can find out what is happening:

Copy the next line:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Attach the file c:\junk.txt to your next post.

It's possible that you are having memory problems so run the builtin memory test and let's see if it finds anything:

Open Memory Diagnostics Tool by clicking the Start button Picture of the Start button, and then clicking Control Panel. In the search box, type Memory, and then click Diagnose your computer's memory problems.‌ Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

When the Memory Diagnostics Tool starts, press F1.

You can adjust the following settings:

Test mix. Choose what type of test you want to run: Basic, Standard, or Extended. The choices are described in the tool. Use Extended

Cache. Choose the cache setting you want for each test: Default, On, or Off. I'm not sure about this. I expect the default is On so I would run it that way first then if it found nothing, try it again with it Off.

Pass count. Type the number of times you want to repeat the test. I'd try 3.

Choose when to run the tool. It's best to run this tool when the PC is warm so I would let it reboot immediately.

#6
Aristazi

Posted 14 October 2012 - 12:17 AM

Member

Topic Starter
Member
266 posts

I ran the Windows Memory Diagnostic tool, running it with Caching "On" detected no problems. So I ran it again with Caching "Off" but, well I let it run for 15 hours today and it only got through 5% of the first pass. So since it was looking like it would take more than a month to complete, I cancelled it. I tried it a couple times with "Off" but the same slow progress happened every time - so maybe that is an indication of a problem in and of itself? One thing about the test with setting to "Off" is that even the test screen loaded VERY slowly, one line displayed at a time, then the status said _ of _ tests for a long time, it was only after a few hours that anything displayed at all - very strange.

Here's the content from the junk.txt file.

2012-10-12 06:50:55, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:55, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:56, Info CSI 0000000c [SR] Verify complete
2012-10-12 06:50:56, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:56, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:57, Info CSI 00000010 [SR] Verify complete
2012-10-12 06:50:58, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:58, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:59, Info CSI 00000014 [SR] Verify complete
2012-10-12 06:50:59, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:59, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:00, Info CSI 00000018 [SR] Verify complete
2012-10-12 06:51:00, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:00, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:03, Info CSI 0000001c [SR] Verify complete
2012-10-12 06:51:03, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:03, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:04, Info CSI 00000020 [SR] Verify complete
2012-10-12 06:51:04, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:04, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:06, Info CSI 00000024 [SR] Verify complete
2012-10-12 06:51:06, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:06, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:08, Info CSI 00000028 [SR] Verify complete
2012-10-12 06:51:08, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:08, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:10, Info CSI 0000002c [SR] Verify complete
2012-10-12 06:51:10, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:10, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:11, Info CSI 00000030 [SR] Verify complete
2012-10-12 06:51:11, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:11, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:13, Info CSI 00000034 [SR] Verify complete
2012-10-12 06:51:13, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:13, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:16, Info CSI 00000039 [SR] Verify complete
2012-10-12 06:51:16, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:16, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:20, Info CSI 00000040 [SR] Verify complete
2012-10-12 06:51:21, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:21, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:23, Info CSI 00000045 [SR] Verify complete
2012-10-12 06:51:24, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:24, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:26, Info CSI 00000049 [SR] Verify complete
2012-10-12 06:51:26, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:26, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:30, Info CSI 0000005a [SR] Verify complete
2012-10-12 06:51:30, Info CSI 0000005b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:30, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:34, Info CSI 00000074 [SR] Verify complete
2012-10-12 06:51:34, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:34, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:47, Info CSI 00000078 [SR] Verify complete
2012-10-12 06:51:47, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:47, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:50, Info CSI 0000007c [SR] Verify complete
2012-10-12 06:51:50, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:50, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:55, Info CSI 00000080 [SR] Verify complete
2012-10-12 06:51:55, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:55, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:58, Info CSI 00000084 [SR] Verify complete
2012-10-12 06:51:58, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:58, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:02, Info CSI 00000088 [SR] Verify complete
2012-10-12 06:52:02, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:02, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:07, Info CSI 000000ad [SR] Verify complete
2012-10-12 06:52:08, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:08, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:13, Info CSI 000000b1 [SR] Verify complete
2012-10-12 06:52:13, Info CSI 000000b2 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:13, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:21, Info CSI 000000b5 [SR] Verify complete
2012-10-12 06:52:22, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:22, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:28, Info CSI 000000bb [SR] Verify complete
2012-10-12 06:52:28, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:28, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:30, Info CSI 000000bf [SR] Verify complete
2012-10-12 06:52:30, Info CSI 000000c0 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:30, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:31, Info CSI 000000c3 [SR] Verify complete
2012-10-12 06:52:31, Info CSI 000000c4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:31, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:32, Info CSI 000000c7 [SR] Verify complete
2012-10-12 06:52:32, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:32, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:38, Info CSI 000000dc [SR] Verify complete
2012-10-12 06:52:38, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:38, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:40, Info CSI 000000e0 [SR] Verify complete
2012-10-12 06:52:40, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:40, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:41, Info CSI 000000e4 [SR] Verify complete
2012-10-12 06:52:41, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:41, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:43, Info CSI 000000e8 [SR] Verify complete
2012-10-12 06:52:43, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:43, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:49, Info CSI 000000ed [SR] Verify complete
2012-10-12 06:52:49, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:49, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:56, Info CSI 000000f2 [SR] Verify complete
2012-10-12 06:52:56, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:56, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:59, Info CSI 000000f6 [SR] Verify complete
2012-10-12 06:52:59, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:59, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:02, Info CSI 000000fa [SR] Verify complete
2012-10-12 06:53:02, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:02, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:06, Info CSI 000000fe [SR] Verify complete
2012-10-12 06:53:07, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:07, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:11, Info CSI 00000102 [SR] Verify complete
2012-10-12 06:53:11, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:11, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:15, Info CSI 00000106 [SR] Verify complete
2012-10-12 06:53:15, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:15, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:23, Info CSI 0000011c [SR] Verify complete
2012-10-12 06:53:23, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:23, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:27, Info CSI 00000124 [SR] Verify complete
2012-10-12 06:53:27, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:27, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:38, Info CSI 00000128 [SR] Verify complete
2012-10-12 06:53:38, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:38, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:42, Info CSI 0000012c [SR] Verify complete
2012-10-12 06:53:43, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:43, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:48, Info CSI 00000132 [SR] Could not reproject corrupted file [ml:520{260},l:110{55}]"\??\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy"\[l:64{32}]"BabyBoyMainToNotesBackground.wmv"; source file in store is also corrupted
2012-10-12 06:53:50, Info CSI 00000134 [SR] Verify complete
2012-10-12 06:53:50, Info CSI 00000135 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:50, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:56, Info CSI 00000138 [SR] Verify complete
2012-10-12 06:53:57, Info CSI 00000139 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:57, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:01, Info CSI 0000013c [SR] Verify complete
2012-10-12 06:54:01, Info CSI 0000013d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:01, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:05, Info CSI 00000140 [SR] Verify complete
2012-10-12 06:54:05, Info CSI 00000141 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:05, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:09, Info CSI 00000146 [SR] Verify complete
2012-10-12 06:54:09, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:09, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:12, Info CSI 0000014a [SR] Verify complete
2012-10-12 06:54:12, Info CSI 0000014b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:12, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:21, Info CSI 0000014e [SR] Verify complete
2012-10-12 06:54:21, Info CSI 0000014f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:21, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:25, Info CSI 00000153 [SR] Verify complete
2012-10-12 06:54:25, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:25, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:29, Info CSI 00000158 [SR] Verify complete
2012-10-12 06:54:29, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:29, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:34, Info CSI 0000015d [SR] Verify complete
2012-10-12 06:54:34, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:34, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:39, Info CSI 00000161 [SR] Verify complete
2012-10-12 06:54:39, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:39, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:43, Info CSI 00000165 [SR] Verify complete
2012-10-12 06:54:43, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:43, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:47, Info CSI 00000169 [SR] Verify complete
2012-10-12 06:54:47, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:47, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:51, Info CSI 0000016e [SR] Verify complete
2012-10-12 06:54:51, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:51, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:55, Info CSI 00000172 [SR] Verify complete
2012-10-12 06:54:56, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:56, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:58, Info CSI 00000176 [SR] Verify complete
2012-10-12 06:54:59, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:59, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:02, Info CSI 0000017b [SR] Verify complete
2012-10-12 06:55:03, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:03, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:07, Info CSI 0000017f [SR] Verify complete
2012-10-12 06:55:07, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:07, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:11, Info CSI 00000185 [SR] Verify complete
2012-10-12 06:55:11, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:11, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:15, Info CSI 00000189 [SR] Verify complete
2012-10-12 06:55:15, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:15, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:20, Info CSI 0000018e [SR] Verify complete
2012-10-12 06:55:20, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:20, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:24, Info CSI 00000192 [SR] Verify complete
2012-10-12 06:55:24, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:24, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:25, Info CSI 00000196 [SR] Verify complete
2012-10-12 06:55:25, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:25, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:28, Info CSI 0000019a [SR] Verify complete
2012-10-12 06:55:29, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:29, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:31, Info CSI 0000019e [SR] Verify complete
2012-10-12 06:55:31, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:31, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:35, Info CSI 000001a2 [SR] Verify complete
2012-10-12 06:55:35, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:35, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:37, Info CSI 000001a6 [SR] Verify complete
2012-10-12 06:55:38, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:38, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:40, Info CSI 000001aa [SR] Verify complete
2012-10-12 06:55:40, Info CSI 000001ab [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:40, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:47, Info CSI 000001ae [SR] Verify complete
2012-10-12 06:55:47, Info CSI 000001af [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:47, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:57, Info CSI 000001b2 [SR] Verify complete
2012-10-12 06:55:57, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:57, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:00, Info CSI 000001b6 [SR] Verify complete
2012-10-12 06:56:00, Info CSI 000001b7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:00, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:03, Info CSI 000001ba [SR] Verify complete
2012-10-12 06:56:03, Info CSI 000001bb [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:03, Info CSI 000001bc [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:04, Info CSI 000001be [SR] Verify complete
2012-10-12 06:56:04, Info CSI 000001bf [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:04, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:07, Info CSI 000001c2 [SR] Verify complete
2012-10-12 06:56:07, Info CSI 000001c3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:07, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:09, Info CSI 000001c6 [SR] Verify complete
2012-10-12 06:56:09, Info CSI 000001c7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:09, Info CSI 000001c8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:14, Info CSI 000001d0 [SR] Verify complete
2012-10-12 06:56:14, Info CSI 000001d1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:14, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:18, Info CSI 000001d4 [SR] Verify complete
2012-10-12 06:56:18, Info CSI 000001d5 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:18, Info CSI 000001d6 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:20, Info CSI 000001d8 [SR] Verify complete
2012-10-12 06:56:21, Info CSI 000001d9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:21, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:23, Info CSI 000001dc [SR] Verify complete
2012-10-12 06:56:23, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:23, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:27, Info CSI 000001e0 [SR] Verify complete
2012-10-12 06:56:27, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:27, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:32, Info CSI 000001e5 [SR] Verify complete
2012-10-12 06:56:32, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:32, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:35, Info CSI 000001e9 [SR] Verify complete
2012-10-12 06:56:35, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:35, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:36, Info CSI 000001ed [SR] Verify complete
2012-10-12 06:56:36, Info CSI 000001ee [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:36, Info CSI 000001ef [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:43, Info CSI 000001f2 [SR] Verify complete
2012-10-12 06:56:43, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:43, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:51, Info CSI 000001f8 [SR] Verify complete
2012-10-12 06:56:52, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:52, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:56, Info CSI 000001ff [SR] Verify complete
2012-10-12 06:56:56, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:56, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:01, Info CSI 00000209 [SR] Verify complete
2012-10-12 06:57:01, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:01, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:07, Info CSI 00000212 [SR] Verify complete
2012-10-12 06:57:07, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:07, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:11, Info CSI 00000219 [SR] Verify complete
2012-10-12 06:57:11, Info CSI 0000021a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:11, Info CSI 0000021b [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:15, Info CSI 0000021f [SR] Verify complete
2012-10-12 06:57:15, Info CSI 00000220 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:15, Info CSI 00000221 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:18, Info CSI 00000223 [SR] Verify complete
2012-10-12 06:57:18, Info CSI 00000224 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:18, Info CSI 00000225 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:23, Info CSI 00000244 [SR] Verify complete
2012-10-12 06:57:23, Info CSI 00000245 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:23, Info CSI 00000246 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:26, Info CSI 0000024e [SR] Verify complete
2012-10-12 06:57:26, Info CSI 0000024f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:26, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:30, Info CSI 00000252 [SR] Verify complete
2012-10-12 06:57:30, Info CSI 00000253 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:30, Info CSI 00000254 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:33, Info CSI 00000256 [SR] Verify complete
2012-10-12 06:57:33, Info CSI 00000257 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:33, Info CSI 00000258 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:36, Info CSI 00000266 [SR] Verify complete
2012-10-12 06:57:36, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:36, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:43, Info CSI 0000026a [SR] Verify complete
2012-10-12 06:57:43, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:43, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:48, Info CSI 0000027a [SR] Verify complete
2012-10-12 06:57:48, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:48, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:49, Info CSI 0000027e [SR] Verify complete
2012-10-12 06:57:50, Info CSI 0000027f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:50, Info CSI 00000280 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:52, Info CSI 00000282 [SR] Verify complete
2012-10-12 06:57:52, Info CSI 00000283 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:52, Info CSI 00000284 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:57, Info CSI 00000287 [SR] Verify complete
2012-10-12 06:57:57, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:57, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:00, Info CSI 0000028b [SR] Verify complete
2012-10-12 06:58:00, Info CSI 0000028c [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:00, Info CSI 0000028d [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:04, Info CSI 0000028f [SR] Verify complete
2012-10-12 06:58:04, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:04, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:07, Info CSI 00000293 [SR] Verify complete
2012-10-12 06:58:07, Info CSI 00000294 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:07, Info CSI 00000295 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:13, Info CSI 00000297 [SR] Verify complete
2012-10-12 06:58:13, Info CSI 00000298 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:13, Info CSI 00000299 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:17, Info CSI 000002b3 [SR] Verify complete
2012-10-12 06:58:17, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:17, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:28, Info CSI 000002b7 [SR] Verify complete
2012-10-12 06:58:28, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:28, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:31, Info CSI 000002bb [SR] Verify complete
2012-10-12 06:58:31, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:31, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:34, Info CSI 000002c0 [SR] Verify complete
2012-10-12 06:58:34, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:34, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:36, Info CSI 000002c5 [SR] Verify complete
2012-10-12 06:58:36, Info CSI 000002c6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:36, Info CSI 000002c7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:39, Info CSI 000002c9 [SR] Verify complete
2012-10-12 06:58:39, Info CSI 000002ca [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:39, Info CSI 000002cb [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:43, Info CSI 000002cd [SR] Verify complete
2012-10-12 06:58:43, Info CSI 000002ce [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:43, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:46, Info CSI 000002d2 [SR] Verify complete
2012-10-12 06:58:47, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:47, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:50, Info CSI 000002d6 [SR] Verify complete
2012-10-12 06:58:50, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:50, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:53, Info CSI 000002da [SR] Verify complete
2012-10-12 06:58:53, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:53, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:56, Info CSI 000002de [SR] Verify complete
2012-10-12 06:58:56, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:56, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:00, Info CSI 000002e3 [SR] Verify complete
2012-10-12 06:59:00, Info CSI 000002e4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:00, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:04, Info CSI 000002e7 [SR] Verify complete
2012-10-12 06:59:04, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:04, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:07, Info CSI 000002eb [SR] Verify complete
2012-10-12 06:59:07, Info CSI 000002ec [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:07, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:10, Info CSI 000002ef [SR] Verify complete
2012-10-12 06:59:10, Info CSI 000002f0 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:10, Info CSI 000002f1 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:14, Info CSI 000002f3 [SR] Verify complete
2012-10-12 06:59:14, Info CSI 000002f4 [SR] Verifying 66 (0x0000000000000042) components
2012-10-12 06:59:14, Info CSI 000002f5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:16, Info CSI 000002f7 [SR] Verify complete
2012-10-12 06:59:16, Info CSI 000002f8 [SR] Repairing 1 components
2012-10-12 06:59:16, Info CSI 000002f9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:16, Info CSI 000002fb [SR] Repair complete
2012-10-12 06:59:16, Info CSI 000002fc [SR] Committing transaction
2012-10-12 06:59:16, Info CSI 00000300 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

#7
Aristazi

Posted 14 October 2012 - 12:32 AM

Member

Topic Starter
Member
266 posts

I've also run some of the virus scans so far.

I tried to run aswMBR, but I didn't see the Quickscan option at first, just tried it again now and figured out what I was doing wrong so I'll run it tonight.

ComboFix
ComboFix 12-10-12.01 - CowTip 10/12/2012 22:01:44.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.4630 [GMT -5:00]
Running from: c:\users\CowTip\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\CowTip\AppData\Local\._Revolution_
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 03:08 . 2012-10-13 03:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-12 03:11 . 2012-10-12 03:11 -------- d-----w- c:\program files (x86)\NirSoft
2012-10-11 02:27 . 2012-10-11 02:27 -------- d-----w- c:\users\CowTip\AppData\Roaming\Malwarebytes
2012-10-11 02:27 . 2012-10-11 02:27 -------- d-----w- c:\programdata\Malwarebytes
2012-10-11 02:27 . 2012-10-11 02:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 02:27 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 21:23 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 21:23 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-09 21:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 21:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-09 21:23 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 21:23 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 21:23 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 21:23 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-09 21:23 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-09 21:23 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-29 20:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 05:22 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 05:22 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-22 05:22 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 05:22 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 05:22 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-22 05:22 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-22 05:22 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-09-22 05:22 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-21 03:03 . 2012-09-21 03:03 -------- d--h--w- c:\programdata\CanonIJEGV
2012-09-14 03:22 . 2012-09-14 03:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-13 12:31 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 12:31 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 12:31 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 12:31 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 12:31 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-13 12:31 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 12:31 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 08:03 . 2010-09-05 22:43 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 18:55 . 2012-04-01 20:14 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 18:55 . 2011-05-15 04:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 18:50 . 2012-09-01 18:50 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 18:50 . 2012-05-18 11:36 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-01 18:50 . 2011-12-24 05:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-20 17:38 . 2012-10-09 21:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-07-18 18:15 . 2012-08-14 23:09 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Greenshot"="c:\program files (x86)\Greenshot\Greenshot.exe" [2010-07-12 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
.
c:\users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-18 1038088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1255736]
R3 X6va005;X6va005;c:\users\CowTip\AppData\Local\Temp\005C07.tmp [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121011.001\IDSvia64.sys [2012-10-09 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 copperhd;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2006-05-24 13824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-12 138912]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\CowTip\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
FF - ProfilePath - c:\users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\CowTip\AppData\Local\Temp\005C07.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-441340149-1040430775-2970640810-1000\Software\SecuROM\License information*]
"datasecu"=hex:f1,b0,c5,56,d0,af,98,1a,af,96,6d,04,c1,16,1b,95,a6,c6,9c,ad,41,
38,cc,6e,64,f1,61,e4,fc,6f,c8,39,f1,2e,f7,78,3e,31,a4,59,b7,25,c8,18,18,9b,\
"rkeysecu"=hex:cf,cd,cf,88,11,8e,3c,75,f3,2a,df,62,e5,64,44,3d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlDbg10.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-12 22:52:13
ComboFix-quarantined-files.txt 2012-10-13 03:52
.
Pre-Run: 749,423,316,992 bytes free
Post-Run: 749,326,446,592 bytes free
.
- - End Of File - - FFE7E79CA81FA6A562BD6D0F4E82F3F2

TDSSkiller
Below is the log, but I didn't see it mention in the log the one thing it found suspicious.
Forged File: Service: iaStorV
Suspicious object, medium risk
Service type: Kernel driver (0x1)
Service start: Demand (0x3)
File: C:\Windows\system32\drivers\iaStorV.sys
MD5: AAAF44DB3BD0B9D1FB6969823ECC8366
MD5(forged): A967AFB553D28226EB218860443335D67
Default action: Skip

So I skipped it but kept that info.

22:55:54.0323 4936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:55:54.0619 4936 ============================================================
22:55:54.0619 4936 Current date / time: 2012/10/12 22:55:54.0619
22:55:54.0619 4936 SystemInfo:
22:55:54.0619 4936
22:55:54.0619 4936 OS Version: 6.1.7601 ServicePack: 1.0
22:55:54.0619 4936 Product type: Workstation
22:55:54.0619 4936 ComputerName: COWTIP-PC
22:55:54.0619 4936 UserName: CowTip
22:55:54.0619 4936 Windows directory: C:\Windows
22:55:54.0619 4936 System windows directory: C:\Windows
22:55:54.0619 4936 Running under WOW64
22:55:54.0619 4936 Processor architecture: Intel x64
22:55:54.0619 4936 Number of processors: 8
22:55:54.0619 4936 Page size: 0x1000
22:55:54.0619 4936 Boot type: Normal boot
22:55:54.0619 4936 ============================================================
22:55:57.0552 4936 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:55:57.0552 4936 ============================================================
22:55:57.0552 4936 \Device\Harddisk0\DR0:
22:55:57.0630 4936 MBR partitions:
22:55:57.0630 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
22:55:57.0630 4936 ============================================================
22:55:57.0661 4936 C: <-> \Device\Harddisk0\DR0\Partition1
22:55:57.0661 4936 ============================================================
22:55:57.0661 4936 Initialize success
22:55:57.0661 4936 ============================================================
22:55:59.0642 4796 ============================================================
22:55:59.0642 4796 Scan started
22:55:59.0642 4796 Mode: Manual;
22:55:59.0642 4796 ============================================================
22:56:00.0921 4796 ================ Scan system memory ========================
22:56:00.0921 4796 System memory - ok
22:56:00.0921 4796 ================ Scan services =============================
22:56:01.0062 4796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:56:01.0062 4796 1394ohci - ok
22:56:01.0109 4796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:56:01.0124 4796 ACPI - ok
22:56:01.0140 4796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:56:01.0140 4796 AcpiPmi - ok
22:56:01.0187 4796 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:56:01.0187 4796 adfs - ok
22:56:01.0327 4796 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
22:56:01.0327 4796 Adobe Version Cue CS4 - ok
22:56:01.0436 4796 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:56:01.0436 4796 AdobeFlashPlayerUpdateSvc - ok
22:56:01.0467 4796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:56:01.0483 4796 adp94xx - ok
22:56:01.0499 4796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:56:01.0499 4796 adpahci - ok
22:56:01.0514 4796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:56:01.0514 4796 adpu320 - ok
22:56:01.0545 4796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:56:01.0545 4796 AeLookupSvc - ok
22:56:01.0592 4796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:56:01.0592 4796 AFD - ok
22:56:01.0592 4796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:56:01.0592 4796 agp440 - ok
22:56:01.0623 4796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:56:01.0623 4796 ALG - ok
22:56:01.0639 4796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:56:01.0639 4796 aliide - ok
22:56:01.0639 4796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:56:01.0639 4796 amdide - ok
22:56:01.0655 4796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:56:01.0655 4796 AmdK8 - ok
22:56:01.0655 4796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:56:01.0655 4796 AmdPPM - ok
22:56:01.0717 4796 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:56:01.0717 4796 amdsata - ok
22:56:01.0733 4796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:56:01.0733 4796 amdsbs - ok
22:56:01.0748 4796 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:56:01.0748 4796 amdxata - ok
22:56:01.0779 4796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:56:01.0779 4796 AppID - ok
22:56:01.0795 4796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:56:01.0795 4796 AppIDSvc - ok
22:56:01.0826 4796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:56:01.0826 4796 Appinfo - ok
22:56:01.0842 4796 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:56:01.0842 4796 AppMgmt - ok
22:56:01.0857 4796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:56:01.0857 4796 arc - ok
22:56:01.0857 4796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:56:01.0857 4796 arcsas - ok
22:56:01.0920 4796 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:56:01.0920 4796 AsIO - ok
22:56:01.0998 4796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:56:02.0013 4796 aspnet_state - ok
22:56:02.0013 4796 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
22:56:02.0013 4796 AsUpIO - ok
22:56:02.0029 4796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:56:02.0029 4796 AsyncMac - ok
22:56:02.0045 4796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:56:02.0045 4796 atapi - ok
22:56:02.0107 4796 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:56:02.0107 4796 athr - ok
22:56:02.0138 4796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:56:02.0154 4796 AudioEndpointBuilder - ok
22:56:02.0154 4796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:56:02.0169 4796 AudioSrv - ok
22:56:02.0201 4796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:56:02.0201 4796 AxInstSV - ok
22:56:02.0247 4796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:56:02.0247 4796 b06bdrv - ok
22:56:02.0263 4796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:56:02.0263 4796 b57nd60a - ok
22:56:02.0279 4796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:56:02.0279 4796 BDESVC - ok
22:56:02.0294 4796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:56:02.0294 4796 Beep - ok
22:56:02.0341 4796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:56:02.0341 4796 BFE - ok
22:56:02.0544 4796 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
22:56:02.0544 4796 BHDrvx64 - ok
22:56:02.0575 4796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:56:02.0575 4796 BITS - ok
22:56:02.0575 4796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:56:02.0575 4796 blbdrive - ok
22:56:02.0606 4796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:56:02.0606 4796 bowser - ok
22:56:02.0622 4796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:56:02.0622 4796 BrFiltLo - ok
22:56:02.0622 4796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:56:02.0622 4796 BrFiltUp - ok
22:56:02.0669 4796 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:56:02.0669 4796 BridgeMP - ok
22:56:02.0700 4796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:56:02.0700 4796 Browser - ok
22:56:02.0715 4796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:56:02.0715 4796 Brserid - ok
22:56:02.0731 4796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:56:02.0731 4796 BrSerWdm - ok
22:56:02.0747 4796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:56:02.0747 4796 BrUsbMdm - ok
22:56:02.0747 4796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:56:02.0747 4796 BrUsbSer - ok
22:56:02.0762 4796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:56:02.0762 4796 BTHMODEM - ok
22:56:02.0778 4796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:56:02.0778 4796 bthserv - ok
22:56:02.0793 4796 catchme - ok
22:56:02.0809 4796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:56:02.0809 4796 cdfs - ok
22:56:02.0840 4796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:56:02.0840 4796 cdrom - ok
22:56:02.0887 4796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:56:02.0887 4796 CertPropSvc - ok
22:56:02.0887 4796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:56:02.0887 4796 circlass - ok
22:56:02.0918 4796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:56:02.0918 4796 CLFS - ok
22:56:02.0996 4796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:56:02.0996 4796 clr_optimization_v2.0.50727_32 - ok
22:56:03.0043 4796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:56:03.0043 4796 clr_optimization_v2.0.50727_64 - ok
22:56:03.0137 4796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:56:03.0137 4796 clr_optimization_v4.0.30319_32 - ok
22:56:03.0168 4796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:56:03.0183 4796 clr_optimization_v4.0.30319_64 - ok
22:56:03.0183 4796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:56:03.0183 4796 CmBatt - ok
22:56:03.0199 4796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:56:03.0199 4796 cmdide - ok
22:56:03.0246 4796 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:56:03.0246 4796 CNG - ok
22:56:03.0261 4796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:56:03.0261 4796 Compbatt - ok
22:56:03.0277 4796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:56:03.0277 4796 CompositeBus - ok
22:56:03.0293 4796 COMSysApp - ok
22:56:03.0308 4796 [ 71879A4AB90D21BCCF9E3CFCF0BB5F4A ] copperhd C:\Windows\system32\drivers\copperhd.sys
22:56:03.0308 4796 copperhd - ok
22:56:03.0355 4796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:56:03.0355 4796 crcdisk - ok
22:56:03.0386 4796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:56:03.0386 4796 CryptSvc - ok
22:56:03.0417 4796 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:56:03.0417 4796 CSC - ok
22:56:03.0449 4796 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:56:03.0464 4796 CscService - ok
22:56:03.0480 4796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:56:03.0480 4796 DcomLaunch - ok
22:56:03.0511 4796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:56:03.0511 4796 defragsvc - ok
22:56:03.0542 4796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:56:03.0542 4796 DfsC - ok
22:56:03.0558 4796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:56:03.0558 4796 Dhcp - ok
22:56:03.0573 4796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:56:03.0573 4796 discache - ok
22:56:03.0605 4796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:56:03.0605 4796 Disk - ok
22:56:03.0636 4796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:56:03.0636 4796 Dnscache - ok
22:56:03.0667 4796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:56:03.0667 4796 dot3svc - ok
22:56:03.0698 4796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:56:03.0714 4796 DPS - ok
22:56:03.0745 4796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:56:03.0745 4796 drmkaud - ok
22:56:03.0761 4796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:56:03.0776 4796 DXGKrnl - ok
22:56:03.0776 4796 EagleX64 - ok
22:56:03.0807 4796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:56:03.0807 4796 EapHost - ok
22:56:03.0854 4796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:56:03.0885 4796 ebdrv - ok
22:56:03.0932 4796 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:56:03.0932 4796 eeCtrl - ok
22:56:03.0979 4796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:56:03.0979 4796 EFS - ok
22:56:04.0010 4796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:56:04.0026 4796 ehRecvr - ok
22:56:04.0041 4796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:56:04.0041 4796 ehSched - ok
22:56:04.0073 4796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:56:04.0073 4796 elxstor - ok
22:56:04.0119 4796 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:56:04.0119 4796 EraserUtilRebootDrv - ok
22:56:04.0135 4796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:56:04.0135 4796 ErrDev - ok
22:56:04.0166 4796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:56:04.0166 4796 EventSystem - ok
22:56:04.0166 4796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:56:04.0182 4796 exfat - ok
22:56:04.0182 4796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:56:04.0182 4796 fastfat - ok
22:56:04.0244 4796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:56:04.0244 4796 Fax - ok
22:56:04.0260 4796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:56:04.0260 4796 fdc - ok
22:56:04.0275 4796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:56:04.0275 4796 fdPHost - ok
22:56:04.0291 4796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:56:04.0291 4796 FDResPub - ok
22:56:04.0307 4796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:56:04.0322 4796 FileInfo - ok
22:56:04.0322 4796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:56:04.0322 4796 Filetrace - ok
22:56:04.0353 4796 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:56:04.0369 4796 FLEXnet Licensing Service - ok
22:56:04.0431 4796 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:56:04.0431 4796 FLEXnet Licensing Service 64 - ok
22:56:04.0447 4796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:56:04.0447 4796 flpydisk - ok
22:56:04.0478 4796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:56:04.0478 4796 FltMgr - ok
22:56:04.0525 4796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:56:04.0541 4796 FontCache - ok
22:56:04.0587 4796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:56:04.0587 4796 FontCache3.0.0.0 - ok
22:56:04.0603 4796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:56:04.0603 4796 FsDepends - ok
22:56:04.0634 4796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:56:04.0634 4796 Fs_Rec - ok
22:56:04.0665 4796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:56:04.0665 4796 fvevol - ok
22:56:04.0681 4796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:56:04.0681 4796 gagp30kx - ok
22:56:04.0728 4796 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:56:04.0728 4796 GEARAspiWDM - ok
22:56:04.0775 4796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:56:04.0790 4796 gpsvc - ok
22:56:04.0837 4796 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:56:04.0837 4796 gusvc - ok
22:56:04.0837 4796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:56:04.0837 4796 hcw85cir - ok
22:56:04.0899 4796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:56:04.0899 4796 HdAudAddService - ok
22:56:04.0915 4796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:56:04.0915 4796 HDAudBus - ok
22:56:04.0931 4796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:56:04.0931 4796 HidBatt - ok
22:56:04.0946 4796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:56:04.0946 4796 HidBth - ok
22:56:04.0962 4796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:56:04.0962 4796 HidIr - ok
22:56:04.0977 4796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:56:04.0977 4796 hidserv - ok
22:56:05.0024 4796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:56:05.0024 4796 HidUsb - ok
22:56:05.0087 4796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:56:05.0087 4796 hkmsvc - ok
22:56:05.0165 4796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:56:05.0165 4796 HomeGroupListener - ok
22:56:05.0211 4796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:56:05.0211 4796 HomeGroupProvider - ok
22:56:05.0305 4796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:56:05.0305 4796 HpSAMD - ok
22:56:05.0352 4796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:56:05.0352 4796 HTTP - ok
22:56:05.0368 4796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:56:05.0368 4796 hwpolicy - ok
22:56:05.0399 4796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:56:05.0399 4796 i8042prt - ok
22:56:05.0430 4796 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:56:05.0430 4796 Suspicious file (Forged): C:\Windows\system32\drivers\iaStorV.sys. Real md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, Fake md5: A967AFB553D28226EB21886044335D67
22:56:05.0430 4796 iaStorV ( ForgedFile.Multi.Generic ) - warning
22:56:05.0430 4796 iaStorV - detected ForgedFile.Multi.Generic (1)
22:56:05.0477 4796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:56:05.0477 4796 idsvc - ok
22:56:05.0586 4796 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121011.001\IDSvia64.sys
22:56:05.0586 4796 IDSVia64 - ok
22:56:05.0633 4796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:56:05.0633 4796 iirsp - ok
22:56:05.0726 4796 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:56:05.0726 4796 IJPLMSVC - ok
22:56:05.0758 4796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:56:05.0758 4796 IKEEXT - ok
22:56:05.0773 4796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:56:05.0773 4796 intelide - ok
22:56:05.0789 4796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:56:05.0789 4796 intelppm - ok
22:56:05.0804 4796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:56:05.0820 4796 IPBusEnum - ok
22:56:05.0851 4796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:56:05.0851 4796 IpFilterDriver - ok
22:56:05.0851 4796 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:56:05.0867 4796 iphlpsvc - ok
22:56:05.0867 4796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:56:05.0867 4796 IPMIDRV - ok
22:56:05.0882 4796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:56:05.0882 4796 IPNAT - ok
22:56:05.0898 4796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:56:05.0898 4796 IRENUM - ok
22:56:05.0929 4796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:56:05.0929 4796 isapnp - ok
22:56:05.0945 4796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:56:05.0960 4796 iScsiPrt - ok
22:56:05.0960 4796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:56:05.0960 4796 kbdclass - ok
22:56:05.0976 4796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:56:05.0976 4796 kbdhid - ok
22:56:05.0976 4796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:56:05.0976 4796 KeyIso - ok
22:56:06.0007 4796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:56:06.0023 4796 KSecDD - ok
22:56:06.0054 4796 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:56:06.0054 4796 KSecPkg - ok
22:56:06.0054 4796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:56:06.0054 4796 ksthunk - ok
22:56:06.0085 4796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:56:06.0085 4796 KtmRm - ok
22:56:06.0116 4796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:56:06.0116 4796 LanmanServer - ok
22:56:06.0148 4796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:56:06.0148 4796 LanmanWorkstation - ok
22:56:06.0163 4796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:56:06.0163 4796 lltdio - ok
22:56:06.0179 4796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:56:06.0194 4796 lltdsvc - ok
22:56:06.0210 4796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:56:06.0210 4796 lmhosts - ok
22:56:06.0210 4796 lmimirr - ok
22:56:06.0241 4796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:56:06.0241 4796 LSI_FC - ok
22:56:06.0257 4796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:56:06.0257 4796 LSI_SAS - ok
22:56:06.0272 4796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:56:06.0272 4796 LSI_SAS2 - ok
22:56:06.0272 4796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:56:06.0272 4796 LSI_SCSI - ok
22:56:06.0288 4796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:56:06.0288 4796 luafv - ok
22:56:06.0319 4796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:56:06.0319 4796 Mcx2Svc - ok
22:56:06.0335 4796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:56:06.0335 4796 megasas - ok
22:56:06.0366 4796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:56:06.0366 4796 MegaSR - ok
22:56:06.0366 4796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:56:06.0382 4796 MMCSS - ok
22:56:06.0382 4796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:56:06.0382 4796 Modem - ok
22:56:06.0397 4796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:56:06.0397 4796 monitor - ok
22:56:06.0413 4796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:56:06.0413 4796 mouclass - ok
22:56:06.0428 4796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:56:06.0428 4796 mouhid - ok
22:56:06.0460 4796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:56:06.0460 4796 mountmgr - ok
22:56:06.0538 4796 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:56:06.0538 4796 MozillaMaintenance - ok
22:56:06.0569 4796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:56:06.0569 4796 mpio - ok
22:56:06.0600 4796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:56:06.0600 4796 mpsdrv - ok
22:56:06.0631 4796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:56:06.0647 4796 MpsSvc - ok
22:56:06.0678 4796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:56:06.0678 4796 MRxDAV - ok
22:56:06.0709 4796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:56:06.0709 4796 mrxsmb - ok
22:56:06.0740 4796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:56:06.0740 4796 mrxsmb10 - ok
22:56:06.0756 4796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:56:06.0756 4796 mrxsmb20 - ok
22:56:06.0787 4796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:56:06.0787 4796 msahci - ok
22:56:06.0803 4796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:56:06.0803 4796 msdsm - ok
22:56:06.0818 4796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:56:06.0818 4796 MSDTC - ok
22:56:06.0834 4796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:56:06.0834 4796 Msfs - ok
22:56:06.0850 4796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:56:06.0850 4796 mshidkmdf - ok
22:56:06.0850 4796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:56:06.0850 4796 msisadrv - ok
22:56:06.0881 4796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:56:06.0881 4796 MSiSCSI - ok
22:56:06.0881 4796 msiserver - ok
22:56:06.0896 4796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:56:06.0912 4796 MSKSSRV - ok
22:56:06.0912 4796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:56:06.0912 4796 MSPCLOCK - ok
22:56:06.0928 4796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:56:06.0928 4796 MSPQM - ok
22:56:06.0959 4796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:56:06.0959 4796 MsRPC - ok
22:56:06.0959 4796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:56:06.0959 4796 mssmbios - ok
22:56:06.0974 4796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:56:06.0974 4796 MSTEE - ok
22:56:06.0990 4796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:56:06.0990 4796 MTConfig - ok
22:56:07.0052 4796 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:56:07.0052 4796 MTsensor - ok
22:56:07.0084 4796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:56:07.0084 4796 Mup - ok
22:56:07.0146 4796 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:56:07.0146 4796 N360 - ok
22:56:07.0177 4796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:56:07.0177 4796 napagent - ok
22:56:07.0224 4796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:56:07.0224 4796 NativeWifiP - ok
22:56:07.0318 4796 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121012.002\ENG64.SYS
22:56:07.0318 4796 NAVENG - ok
22:56:07.0396 4796 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121012.002\EX64.SYS
22:56:07.0411 4796 NAVEX15 - ok
22:56:07.0458 4796 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:56:07.0458 4796 NDIS - ok
22:56:07.0474 4796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:56:07.0474 4796 NdisCap - ok
22:56:07.0505 4796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:56:07.0505 4796 NdisTapi - ok
22:56:07.0536 4796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:56:07.0536 4796 Ndisuio - ok
22:56:07.0567 4796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:56:07.0567 4796 NdisWan - ok
22:56:07.0598 4796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:56:07.0598 4796 NDProxy - ok
22:56:07.0614 4796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:56:07.0614 4796 NetBIOS - ok
22:56:07.0630 4796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:56:07.0630 4796 NetBT - ok
22:56:07.0645 4796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:56:07.0645 4796 Netlogon - ok
22:56:07.0692 4796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:56:07.0692 4796 Netman - ok
22:56:07.0708 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:07.0723 4796 NetMsmqActivator - ok
22:56:07.0723 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:07.0723 4796 NetPipeActivator - ok
22:56:07.0739 4796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:56:07.0739 4796 netprofm - ok
22:56:07.0739 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:07.0754 4796 NetTcpActivator - ok
22:56:07.0754 4796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:56:07.0754 4796 NetTcpPortSharing - ok
22:56:07.0770 4796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:56:07.0770 4796 nfrd960 - ok
22:56:07.0786 4796 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:56:07.0786 4796 NlaSvc - ok
22:56:07.0801 4796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:56:07.0801 4796 Npfs - ok
22:56:07.0817 4796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:56:07.0817 4796 nsi - ok
22:56:07.0832 4796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:56:07.0832 4796 nsiproxy - ok
22:56:07.0879 4796 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:56:07.0895 4796 Ntfs - ok
22:56:07.0910 4796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:56:07.0910 4796 Null - ok
22:56:07.0942 4796 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:56:07.0942 4796 nusb3hub - ok
22:56:07.0988 4796 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:56:07.0988 4796 nusb3xhc - ok
22:56:08.0035 4796 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:56:08.0035 4796 NVHDA - ok
22:56:08.0222 4796 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:56:08.0269 4796 nvlddmkm - ok
22:56:08.0316 4796 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:56:08.0316 4796 nvraid - ok
22:56:08.0316 4796 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:56:08.0316 4796 nvstor - ok
22:56:08.0363 4796 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:56:08.0363 4796 nvsvc - ok
22:56:08.0456 4796 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:56:08.0472 4796 nvUpdatusService - ok
22:56:08.0503 4796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:56:08.0503 4796 nv_agp - ok
22:56:08.0534 4796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:56:08.0534 4796 ohci1394 - ok
22:56:08.0597 4796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:56:08.0597 4796 ose - ok
22:56:08.0706 4796 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:56:08.0722 4796 osppsvc - ok
22:56:08.0753 4796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:56:08.0753 4796 p2pimsvc - ok
22:56:08.0768 4796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:56:08.0768 4796 p2psvc - ok
22:56:08.0784 4796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:56:08.0784 4796 Parport - ok
22:56:08.0815 4796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:56:08.0815 4796 partmgr - ok
22:56:08.0815 4796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:56:08.0831 4796 PcaSvc - ok
22:56:08.0831 4796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:56:08.0831 4796 pci - ok
22:56:08.0846 4796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:56:08.0846 4796 pciide - ok
22:56:08.0862 4796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:56:08.0862 4796 pcmcia - ok
22:56:08.0878 4796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:56:08.0878 4796 pcw - ok
22:56:08.0893 4796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:56:08.0893 4796 PEAUTH - ok
22:56:08.0940 4796 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:56:08.0940 4796 PeerDistSvc - ok
22:56:09.0002 4796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:56:09.0002 4796 PerfHost - ok
22:56:09.0065 4796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:56:09.0065 4796 pla - ok
22:56:09.0112 4796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:56:09.0127 4796 PlugPlay - ok
22:56:09.0127 4796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:56:09.0127 4796 PNRPAutoReg - ok
22:56:09.0143 4796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:56:09.0143 4796 PNRPsvc - ok
22:56:09.0158 4796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:56:09.0158 4796 PolicyAgent - ok
22:56:09.0190 4796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:56:09.0190 4796 Power - ok
22:56:09.0221 4796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:56:09.0221 4796 PptpMiniport - ok
22:56:09.0236 4796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:56:09.0236 4796 Processor - ok
22:56:09.0268 4796 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:56:09.0283 4796 ProfSvc - ok
22:56:09.0283 4796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:56:09.0283 4796 ProtectedStorage - ok
22:56:09.0330 4796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:56:09.0330 4796 Psched - ok
22:56:09.0361 4796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:56:09.0377 4796 ql2300 - ok
22:56:09.0377 4796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:56:09.0377 4796 ql40xx - ok
22:56:09.0408 4796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:56:09.0408 4796 QWAVE - ok
22:56:09.0424 4796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:56:09.0424 4796 QWAVEdrv - ok
22:56:09.0439 4796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:56:09.0439 4796 RasAcd - ok
22:56:09.0455 4796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:56:09.0455 4796 RasAgileVpn - ok
22:56:09.0455 4796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:56:09.0455 4796 RasAuto - ok
22:56:09.0502 4796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:56:09.0502 4796 Rasl2tp - ok
22:56:09.0548 4796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:56:09.0548 4796 RasMan - ok
22:56:09.0564 4796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:56:09.0564 4796 RasPppoe - ok
22:56:09.0564 4796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:56:09.0564 4796 RasSstp - ok
22:56:09.0611 4796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:56:09.0611 4796 rdbss - ok
22:56:09.0626 4796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:56:09.0626 4796 rdpbus - ok
22:56:09.0626 4796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:56:09.0626 4796 RDPCDD - ok
22:56:09.0673 4796 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:56:09.0673 4796 RDPDR - ok
22:56:09.0673 4796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:56:09.0673 4796 RDPENCDD - ok
22:56:09.0689 4796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:56:09.0689 4796 RDPREFMP - ok
22:56:09.0704 4796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:56:09.0704 4796 RDPWD - ok
22:56:09.0736 4796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:56:09.0736 4796 rdyboost - ok
22:56:09.0751 4796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:56:09.0751 4796 RemoteAccess - ok
22:56:09.0767 4796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:56:09.0782 4796 RemoteRegistry - ok
22:56:09.0798 4796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:56:09.0814 4796 RpcEptMapper - ok
22:56:09.0814 4796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:56:09.0814 4796 RpcLocator - ok
22:56:09.0860 4796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:56:09.0860 4796 RpcSs - ok
22:56:09.0876 4796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:56:09.0876 4796 rspndr - ok
22:56:09.0907 4796 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:56:09.0907 4796 s3cap - ok
22:56:09.0907 4796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:56:09.0907 4796 SamSs - ok
22:56:09.0923 4796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:56:09.0923 4796 sbp2port - ok
22:56:09.0938 4796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:56:09.0954 4796 SCardSvr - ok
22:56:09.0985 4796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:56:09.0985 4796 scfilter - ok
22:56:10.0016 4796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:56:10.0032 4796 Schedule - ok
22:56:10.0063 4796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:56:10.0063 4796 SCPolicySvc - ok
22:56:10.0079 4796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:56:10.0079 4796 SDRSVC - ok
22:56:10.0079 4796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:56:10.0079 4796 secdrv - ok
22:56:10.0110 4796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:56:10.0126 4796 seclogon - ok
22:56:10.0126 4796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:56:10.0126 4796 SENS - ok
22:56:10.0141 4796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:56:10.0141 4796 SensrSvc - ok
22:56:10.0157 4796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:56:10.0157 4796 Serenum - ok
22:56:10.0172 4796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:56:10.0172 4796 Serial - ok
22:56:10.0204 4796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:56:10.0204 4796 sermouse - ok
22:56:10.0235 4796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:56:10.0235 4796 SessionEnv - ok
22:56:10.0266 4796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:56:10.0266 4796 sffdisk - ok
22:56:10.0282 4796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:56:10.0282 4796 sffp_mmc - ok
22:56:10.0282 4796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:56:10.0282 4796 sffp_sd - ok
22:56:10.0282 4796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:56:10.0282 4796 sfloppy - ok
22:56:10.0313 4796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:56:10.0313 4796 SharedAccess - ok
22:56:10.0375 4796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:56:10.0375 4796 ShellHWDetection - ok
22:56:10.0391 4796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:56:10.0391 4796 SiSRaid2 - ok
22:56:10.0406 4796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:56:10.0406 4796 SiSRaid4 - ok
22:56:10.0469 4796 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:56:10.0469 4796 SkypeUpdate - ok
22:56:10.0484 4796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:56:10.0500 4796 Smb - ok
22:56:10.0516 4796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:56:10.0516 4796 SNMPTRAP - ok
22:56:10.0531 4796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:56:10.0531 4796 spldr - ok
22:56:10.0562 4796 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:56:10.0578 4796 Spooler - ok
22:56:10.0640 4796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:56:10.0656 4796 sppsvc - ok
22:56:10.0672 4796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:56:10.0672 4796 sppuinotify - ok
22:56:10.0765 4796 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
22:56:10.0765 4796 SRTSP - ok
22:56:10.0765 4796 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
22:56:10.0765 4796 SRTSPX - ok
22:56:10.0812 4796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:56:10.0828 4796 srv - ok
22:56:10.0843 4796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:56:10.0843 4796 srv2 - ok
22:56:10.0859 4796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:56:10.0859 4796 srvnet - ok
22:56:10.0890 4796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:56:10.0890 4796 SSDPSRV - ok
22:56:10.0906 4796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:56:10.0906 4796 SstpSvc - ok
22:56:10.0968 4796 Steam Client Service - ok
22:56:11.0030 4796 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:56:11.0030 4796 Stereo Service - ok
22:56:11.0046 4796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:56:11.0046 4796 stexstor - ok
22:56:11.0108 4796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:56:11.0108 4796 stisvc - ok
22:56:11.0233 4796 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:56:11.0233 4796 storflt - ok
22:56:11.0280 4796 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:56:11.0280 4796 StorSvc - ok
22:56:11.0311 4796 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:56:11.0311 4796 storvsc - ok
22:56:11.0342 4796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:56:11.0342 4796 swenum - ok
22:56:11.0358 4796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:56:11.0374 4796 swprv - ok
22:56:11.0389 4796 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
22:56:11.0389 4796 SymDS - ok
22:56:11.0420 4796 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
22:56:11.0420 4796 SymEFA - ok
22:56:11.0452 4796 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:56:11.0452 4796 SymEvent - ok
22:56:11.0467 4796 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
22:56:11.0467 4796 SymIRON - ok
22:56:11.0483 4796 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
22:56:11.0483 4796 SymNetS - ok
22:56:11.0530 4796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:56:11.0545 4796 SysMain - ok
22:56:11.0576 4796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:56:11.0576 4796 TabletInputService - ok
22:56:11.0732 4796 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
22:56:11.0764 4796 TabletServicePen - ok
22:56:11.0795 4796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:56:11.0795 4796 TapiSrv - ok
22:56:11.0810 4796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:56:11.0810 4796 TBS - ok
22:56:11.0857 4796 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:56:11.0873 4796 Tcpip - ok
22:56:11.0904 4796 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:56:11.0904 4796 TCPIP6 - ok
22:56:11.0935 4796 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:56:11.0935 4796 tcpipreg - ok
22:56:11.0951 4796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:56:11.0951 4796 TDPIPE - ok
22:56:11.0982 4796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:56:11.0982 4796 TDTCP - ok
22:56:12.0029 4796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:56:12.0029 4796 tdx - ok
22:56:12.0060 4796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:56:12.0060 4796 TermDD - ok
22:56:12.0107 4796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:56:12.0107 4796 TermService - ok
22:56:12.0122 4796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:56:12.0122 4796 Themes - ok
22:56:12.0138 4796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:56:12.0138 4796 THREADORDER - ok
22:56:12.0169 4796 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
22:56:12.0185 4796 TouchServicePen - ok
22:56:12.0200 4796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:56:12.0200 4796 TrkWks - ok
22:56:12.0247 4796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:56:12.0247 4796 TrustedInstaller - ok
22:56:12.0341 4796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:56:12.0341 4796 tssecsrv - ok
22:56:12.0372 4796 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:56:12.0372 4796 TsUsbFlt - ok
22:56:12.0403 4796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:56:12.0403 4796 tunnel - ok
22:56:12.0419 4796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:56:12.0419 4796 uagp35 - ok
22:56:12.0450 4796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:56:12.0450 4796 udfs - ok
22:56:12.0481 4796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:56:12.0481 4796 UI0Detect - ok
22:56:12.0481 4796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:56:12.0481 4796 uliagpkx - ok
22:56:12.0528 4796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:56:12.0528 4796 umbus - ok
22:56:12.0544 4796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:56:12.0544 4796 UmPass - ok
22:56:12.0559 4796 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:56:12.0559 4796 UmRdpService - ok
22:56:12.0606 4796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:56:12.0606 4796 upnphost - ok
22:56:12.0653 4796 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:56:12.0653 4796 usbaudio - ok
22:56:12.0684 4796 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:56:12.0684 4796 usbccgp - ok
22:56:12.0700 4796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:56:12.0700 4796 usbcir - ok
22:56:12.0715 4796 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:56:12.0715 4796 usbehci - ok
22:56:12.0731 4796 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:56:12.0731 4796 usbhub - ok
22:56:12.0746 4796 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:56:12.0746 4796 usbohci - ok
22:56:12.0762 4796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:56:12.0762 4796 usbprint - ok
22:56:12.0793 4796 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:56:12.0809 4796 usbscan - ok
22:56:12.0809 4796 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:56:12.0809 4796 USBSTOR - ok
22:56:12.0824 4796 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:56:12.0824 4796 usbuhci - ok
22:56:12.0840 4796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:56:12.0840 4796 UxSms - ok
22:56:12.0856 4796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:56:12.0856 4796 VaultSvc - ok
22:56:12.0856 4796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:56:12.0856 4796 vdrvroot - ok
22:56:12.0902 4796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:56:12.0902 4796 vds - ok
22:56:12.0918 4796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:56:12.0918 4796 vga - ok
22:56:12.0934 4796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:56:12.0934 4796 VgaSave - ok
22:56:12.0949 4796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:56:12.0949 4796 vhdmp - ok
22:56:12.0996 4796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:56:12.0996 4796 viaide - ok
22:56:13.0012 4796 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:56:13.0012 4796 vmbus - ok
22:56:13.0012 4796 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:56:13.0012 4796 VMBusHID - ok
22:56:13.0027 4796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:56:13.0027 4796 volmgr - ok
22:56:13.0058 4796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:56:13.0058 4796 volmgrx - ok
22:56:13.0074 4796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:56:13.0090 4796 volsnap - ok
22:56:13.0105 4796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:56:13.0121 4796 vsmraid - ok
22:56:13.0168 4796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:56:13.0183 4796 VSS - ok
22:56:13.0183 4796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:56:13.0183 4796 vwifibus - ok
22:56:13.0214 4796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:56:13.0214 4796 vwififlt - ok
22:56:13.0230 4796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:56:13.0230 4796 W32Time - ok
22:56:13.0277 4796 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:56:13.0277 4796 wacommousefilter - ok
22:56:13.0277 4796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:56:13.0292 4796 WacomPen - ok
22:56:13.0292 4796 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
22:56:13.0292 4796 wacomvhid - ok
22:56:13.0308 4796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:56:13.0308 4796 WANARP - ok
22:56:13.0324 4796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:56:13.0324 4796 Wanarpv6 - ok
22:56:13.0370 4796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:56:13.0370 4796 WatAdminSvc - ok
22:56:13.0417 4796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:56:13.0433 4796 wbengine - ok
22:56:13.0433 4796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:56:13.0448 4796 WbioSrvc - ok
22:56:13.0464 4796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:56:13.0480 4796 wcncsvc - ok
22:56:13.0480 4796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:56:13.0480 4796 WcsPlugInService - ok
22:56:13.0495 4796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:56:13.0495 4796 Wd - ok
22:56:13.0511 4796 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:56:13.0511 4796 Wdf01000 - ok
22:56:13.0526 4796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:56:13.0526 4796 WdiServiceHost - ok
22:56:13.0542 4796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:56:13.0542 4796 WdiSystemHost - ok
22:56:13.0558 4796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:56:13.0558 4796 WebClient - ok
22:56:13.0573 4796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:56:13.0589 4796 Wecsvc - ok
22:56:13.0604 4796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:56:13.0604 4796 wercplsupport - ok
22:56:13.0620 4796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:56:13.0620 4796 WerSvc - ok
22:56:13.0620 4796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:56:13.0620 4796 WfpLwf - ok
22:56:13.0636 4796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:56:13.0636 4796 WIMMount - ok
22:56:13.0636 4796 WinDefend - ok
22:56:13.0651 4796 WinHttpAutoProxySvc - ok
22:56:13.0698 4796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:56:13.0698 4796 Winmgmt - ok
22:56:13.0745 4796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:56:13.0760 4796 WinRM - ok
22:56:13.0807 4796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:56:13.0807 4796 WinUsb - ok
22:56:13.0854 4796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:56:13.0854 4796 Wlansvc - ok
22:56:13.0901 4796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:56:13.0901 4796 WmiAcpi - ok
22:56:13.0916 4796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:56:13.0916 4796 wmiApSrv - ok
22:56:13.0948 4796 WMPNetworkSvc - ok
22:56:13.0948 4796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:56:13.0963 4796 WPCSvc - ok
22:56:13.0963 4796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:56:13.0963 4796 WPDBusEnum - ok
22:56:13.0979 4796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:56:13.0979 4796 ws2ifsl - ok
22:56:13.0994 4796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:56:13.0994 4796 wscsvc - ok
22:56:13.0994 4796 WSearch - ok
22:56:14.0072 4796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:56:14.0088 4796 wuauserv - ok
22:56:14.0119 4796 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:56:14.0119 4796 WudfPf - ok
22:56:14.0150 4796 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:56:14.0150 4796 WUDFRd - ok
22:56:14.0182 4796 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:56:14.0182 4796 wudfsvc - ok
22:56:14.0213 4796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:56:14.0213 4796 WwanSvc - ok
22:56:14.0244 4796 X6va005 - ok
22:56:14.0291 4796 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:56:14.0291 4796 xusb21 - ok
22:56:14.0322 4796 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:56:14.0322 4796 yukonw7 - ok
22:56:14.0338 4796 ================ Scan global ===============================
22:56:14.0353 4796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:56:14.0384 4796 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:56:14.0384 4796 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:56:14.0400 4796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:56:14.0447 4796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:56:14.0447 4796 [Global] - ok
22:56:14.0447 4796 ================ Scan MBR ==================================
22:56:14.0447 4796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:56:14.0587 4796 \Device\Harddisk0\DR0 - ok
22:56:14.0587 4796 ================ Scan VBR ==================================
22:56:14.0587 4796 [ E7F29EC74C4C62FCAE8844409DA53BE0 ] \Device\Harddisk0\DR0\Partition1
22:56:14.0587 4796 \Device\Harddisk0\DR0\Partition1 - ok
22:56:14.0587 4796 ============================================================
22:56:14.0587 4796 Scan finished
22:56:14.0587 4796 ============================================================
22:56:14.0603 2824 Detected object count: 1
22:56:14.0603 2824 Actual detected object count: 1
22:59:10.0711 2824 iaStorV ( ForgedFile.Multi.Generic ) - skipped by user
22:59:10.0711 2824 iaStorV ( ForgedFile.Multi.Generic ) - User select action: Skip
22:59:31.0116 1876 ============================================================
22:59:31.0116 1876 Scan started
22:59:31.0116 1876 Mode: Manual; SigCheck; TDLFS;
22:59:31.0116 1876 ============================================================
22:59:31.0647 1876 ================ Scan system memory ========================
22:59:31.0647 1876 System memory - ok
22:59:31.0647 1876 ================ Scan services =============================
22:59:31.0756 1876 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:59:31.0834 1876 1394ohci - ok
22:59:31.0927 1876 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:59:31.0959 1876 ACPI - ok
22:59:31.0990 1876 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:59:32.0130 1876 AcpiPmi - ok
22:59:32.0193 1876 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:59:32.0224 1876 adfs - ok
22:59:32.0520 1876 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
22:59:32.0536 1876 Adobe Version Cue CS4 - ok
22:59:32.0723 1876 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:59:32.0739 1876 AdobeFlashPlayerUpdateSvc - ok
22:59:32.0817 1876 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:59:32.0832 1876 adp94xx - ok
22:59:32.0863 1876 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:59:32.0879 1876 adpahci - ok
22:59:32.0910 1876 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:59:32.0926 1876 adpu320 - ok
22:59:32.0973 1876 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:59:33.0066 1876 AeLookupSvc - ok
22:59:33.0191 1876 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:59:33.0253 1876 AFD - ok
22:59:33.0285 1876 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:59:33.0300 1876 agp440 - ok
22:59:33.0347 1876 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:59:33.0409 1876 ALG - ok
22:59:33.0456 1876 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:59:33.0472 1876 aliide - ok
22:59:33.0503 1876 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:59:33.0503 1876 amdide - ok
22:59:33.0550 1876 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:59:33.0706 1876 AmdK8 - ok
22:59:33.0753 1876 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:59:33.0753 1876 AmdPPM - ok
22:59:33.0799 1876 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:59:33.0815 1876 amdsata - ok
22:59:33.0877 1876 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:59:33.0893 1876 amdsbs - ok
22:59:33.0924 1876 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:59:33.0940 1876 amdxata - ok
22:59:33.0987 1876 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:59:34.0423 1876 AppID - ok
22:59:34.0455 1876 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:59:34.0533 1876 AppIDSvc - ok
22:59:34.0611 1876 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:59:34.0642 1876 Appinfo - ok
22:59:34.0673 1876 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:59:34.0735 1876 AppMgmt - ok
22:59:34.0767 1876 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:59:34.0782 1876 arc - ok
22:59:34.0813 1876 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:59:34.0829 1876 arcsas - ok
22:59:34.0891 1876 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:59:34.0907 1876 AsIO - ok
22:59:35.0172 1876 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:59:35.0188 1876 aspnet_state - ok
22:59:35.0219 1876 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
22:59:35.0235 1876 AsUpIO - ok
22:59:35.0266 1876 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:59:35.0297 1876 AsyncMac - ok
22:59:35.0359 1876 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:59:35.0375 1876 atapi - ok
22:59:35.0500 1876 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:59:35.0749 1876 athr - ok
22:59:35.0827 1876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:59:35.0921 1876 AudioEndpointBuilder - ok
22:59:35.0937 1876 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:59:35.0968 1876 AudioSrv - ok
22:59:36.0046 1876 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:59:36.0093 1876 AxInstSV - ok
22:59:36.0186 1876 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:59:36.0233 1876 b06bdrv - ok
22:59:36.0264 1876 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:59:36.0327 1876 b57nd60a - ok
22:59:36.0358 1876 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:59:36.0389 1876 BDESVC - ok
22:59:36.0451 1876 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:59:36.0545 1876 Beep - ok
22:59:36.0654 1876 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:59:36.0717 1876 BFE - ok
22:59:36.0951 1876 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
22:59:36.0982 1876 BHDrvx64 - ok
22:59:36.0997 1876 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:59:37.0029 1876 BITS - ok
22:59:37.0044 1876 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:59:37.0060 1876 blbdrive - ok
22:59:37.0091 1876 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:59:37.0107 1876 bowser - ok
22:59:37.0107 1876 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:59:37.0122 1876 BrFiltLo - ok
22:59:37.0138 1876 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:59:37.0138 1876 BrFiltUp - ok
22:59:37.0153 1876 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:59:37.0169 1876 BridgeMP - ok
22:59:37.0200 1876 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:59:37.0216 1876 Browser - ok
22:59:37.0231 1876 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:59:37.0263 1876 Brserid - ok
22:59:37.0278 1876 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:59:37.0294 1876 BrSerWdm - ok
22:59:37.0294 1876 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:59:37.0309 1876 BrUsbMdm - ok
22:59:37.0325 1876 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:59:37.0341 1876 BrUsbSer - ok
22:59:37.0341 1876 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:59:37.0356 1876 BTHMODEM - ok
22:59:37.0372 1876 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:59:37.0403 1876 bthserv - ok
22:59:37.0403 1876 catchme - ok
22:59:37.0419 1876 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:59:37.0450 1876 cdfs - ok
22:59:37.0481 1876 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:59:37.0497 1876 cdrom - ok
22:59:37.0528 1876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:59:37.0559 1876 CertPropSvc - ok
22:59:37.0575 1876 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:59:37.0575 1876 circlass - ok
22:59:37.0606 1876 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:59:37.0606 1876 CLFS - ok
22:59:37.0653 1876 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:59:37.0653 1876 clr_optimization_v2.0.50727_32 - ok
22:59:37.0684 1876 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:59:37.0699 1876 clr_optimization_v2.0.50727_64 - ok
22:59:37.0762 1876 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:59:37.0777 1876 clr_optimization_v4.0.30319_32 - ok
22:59:37.0793 1876 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:59:37.0809 1876 clr_optimization_v4.0.30319_64 - ok
22:59:37.0824 1876 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:59:37.0840 1876 CmBatt - ok
22:59:37.0855 1876 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:59:37.0855 1876 cmdide - ok
22:59:37.0887 1876 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:59:37.0902 1876 CNG - ok
22:59:37.0918 1876 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:59:37.0933 1876 Compbatt - ok
22:59:37.0980 1876 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:59:38.0011 1876 CompositeBus - ok
22:59:38.0011 1876 COMSysApp - ok
22:59:38.0043 1876 [ 71879A4AB90D21BCCF9E3CFCF0BB5F4A ] copperhd C:\Windows\system32\drivers\copperhd.sys
22:59:38.0121 1876 copperhd - ok
22:59:38.0167 1876 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:59:38.0183 1876 crcdisk - ok
22:59:38.0214 1876 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:59:38.0230 1876 CryptSvc - ok
22:59:38.0261 1876 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:59:38.0308 1876 CSC - ok
22:59:38.0339 1876 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:59:38.0370 1876 CscService - ok
22:59:38.0401 1876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:59:38.0417 1876 DcomLaunch - ok
22:59:38.0433 1876 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:59:38.0464 1876 defragsvc - ok
22:59:38.0495 1876 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:59:38.0542 1876 DfsC - ok
22:59:38.0557 1876 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:59:38.0573 1876 Dhcp - ok
22:59:38.0589 1876 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:59:38.0620 1876 discache - ok
22:59:38.0635 1876 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:59:38.0635 1876 Disk - ok
22:59:38.0667 1876 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:59:38.0682 1876 Dnscache - ok
22:59:38.0713 1876 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:59:38.0776 1876 dot3svc - ok
22:59:38.0807 1876 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:59:38.0854 1876 DPS - ok
22:59:38.0885 1876 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:59:38.0916 1876 drmkaud - ok
22:59:38.0932 1876 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:59:38.0963 1876 DXGKrnl - ok
22:59:38.0963 1876 EagleX64 - ok
22:59:38.0979 1876 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:59:39.0025 1876 EapHost - ok
22:59:39.0057 1876 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:59:39.0103 1876 ebdrv - ok
22:59:39.0150 1876 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:59:39.0166 1876 eeCtrl - ok
22:59:39.0197 1876 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:59:39.0213 1876 EFS - ok
22:59:39.0259 1876 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:59:39.0291 1876 ehRecvr - ok
22:59:39.0306 1876 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:59:39.0337 1876 ehSched - ok
22:59:39.0353 1876 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:59:39.0369 1876 elxstor - ok
22:59:39.0400 1876 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:59:39.0415 1876 EraserUtilRebootDrv - ok
22:59:39.0415 1876 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:59:39.0431 1876 ErrDev - ok
22:59:39.0462 1876 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:59:39.0493 1876 EventSystem - ok
22:59:39.0493 1876 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:59:39.0525 1876 exfat - ok
22:59:39.0540 1876 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:59:39.0571 1876 fastfat - ok
22:59:39.0603 1876 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:59:39.0618 1876 Fax - ok
22:59:39.0634 1876 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:59:39.0649 1876 fdc - ok
22:59:39.0665 1876 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:59:39.0696 1876 fdPHost - ok
22:59:39.0712 1876 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:59:39.0743 1876 FDResPub - ok
22:59:39.0759 1876 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:59:39.0774 1876 FileInfo - ok
22:59:39.0774 1876 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:59:39.0805 1876 Filetrace - ok
22:59:39.0837 1876 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:59:39.0852 1876 FLEXnet Licensing Service - ok
22:59:39.0915 1876 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:59:39.0946 1876 FLEXnet Licensing Service 64 - ok
22:59:39.0946 1876 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:59:39.0961 1876 flpydisk - ok
22:59:39.0993 1876 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:59:40.0008 1876 FltMgr - ok
22:59:40.0055 1876 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:59:40.0086 1876 FontCache - ok
22:59:40.0133 1876 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:59:40.0149 1876 FontCache3.0.0.0 - ok
22:59:40.0164 1876 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:59:40.0180 1876 FsDepends - ok
22:59:40.0195 1876 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:59:40.0211 1876 Fs_Rec - ok
22:59:40.0258 1876 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:59:40.0273 1876 fvevol - ok
22:59:40.0289 1876 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:59:40.0305 1876 gagp30kx - ok
22:59:40.0336 1876 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:59:40.0336 1876 GEARAspiWDM - ok
22:59:40.0383 1876 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:59:40.0429 1876 gpsvc - ok
22:59:40.0461 1876 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:59:40.0476 1876 gusvc - ok
22:59:40.0492 1876 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:59:40.0507 1876 hcw85cir - ok
22:59:40.0539 1876 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:59:40.0570 1876 HdAudAddService - ok
22:59:40.0585 1876 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:59:40.0617 1876 HDAudBus - ok
22:59:40.0632 1876 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:59:40.0648 1876 HidBatt - ok
22:59:40.0663 1876 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:59:40.0695 1876 HidBth - ok
22:59:40.0710 1876 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:59:40.0726 1876 HidIr - ok
22:59:40.0741 1876 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:59:40.0773 1876 hidserv - ok
22:59:40.0804 1876 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:59:40.0804 1876 HidUsb - ok
22:59:40.0835 1876 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:59:40.0882 1876 hkmsvc - ok
22:59:40.0913 1876 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:59:40.0929 1876 HomeGroupListener - ok
22:59:40.0960 1876 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:59:40.0975 1876 HomeGroupProvider - ok
22:59:41.0007 1876 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:59:41.0022 1876 HpSAMD - ok
22:59:41.0038 1876 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:59:41.0069 1876 HTTP - ok
22:59:41.0069 1876 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:59:41.0085 1876 hwpolicy - ok
22:59:41.0100 1876 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:59:41.0116 1876 i8042prt - ok
22:59:41.0163 1876 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:59:41.0178 1876 iaStorV - ok
22:59:41.0209 1876 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:59:41.0241 1876 idsvc - ok
22:59:41.0319 1876 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121011.001\IDSvia64.sys
22:59:41.0350 1876 IDSVia64 - ok
22:59:41.0365 1876 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:59:41.0365 1876 iirsp - ok
22:59:41.0459 1876 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:59:41.0475 1876 IJPLMSVC - ok
22:59:41.0490 1876 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:59:41.0537 1876 IKEEXT - ok
22:59:41.0537 1876 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:59:41.0553 1876 intelide - ok
22:59:41.0568 1876 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:59:41.0584 1876 intelppm - ok
22:59:41.0584 1876 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:59:41.0615 1876 IPBusEnum - ok
22:59:41.0646 1876 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:59:41.0677 1876 IpFilterDriver - ok
22:59:41.0693 1876 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:59:41.0740 1876 iphlpsvc - ok
22:59:41.0755 1876 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:59:41.0771 1876 IPMIDRV - ok
22:59:41.0771 1876 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:59:41.0802 1876 IPNAT - ok
22:59:41.0818 1876 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:59:41.0865 1876 IRENUM - ok
22:59:41.0865 1876 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:59:41.0880 1876 isapnp - ok
22:59:41.0880 1876 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:59:41.0896 1876 iScsiPrt - ok
22:59:41.0911 1876 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:59:41.0911 1876 kbdclass - ok
22:59:41.0927 1876 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:59:41.0943 1876 kbdhid - ok
22:59:41.0943 1876 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:59:41.0958 1876 KeyIso - ok
22:59:41.0989 1876 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:59:42.0005 1876 KSecDD - ok
22:59:42.0021 1876 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:59:42.0036 1876 KSecPkg - ok
22:59:42.0036 1876 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:59:42.0083 1876 ksthunk - ok
22:59:42.0114 1876 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:59:42.0161 1876 KtmRm - ok
22:59:42.0192 1876 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:59:42.0223 1876 LanmanServer - ok
22:59:42.0255 1876 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:59:42.0286 1876 LanmanWorkstation - ok
22:59:42.0286 1876 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:59:42.0317 1876 lltdio - ok
22:59:42.0333 1876 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:59:42.0379 1876 lltdsvc - ok
22:59:42.0379 1876 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:59:42.0395 1876 lmhosts - ok
22:59:42.0395 1876 lmimirr - ok
22:59:42.0411 1876 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:59:42.0426 1876 LSI_FC - ok
22:59:42.0426 1876 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:59:42.0442 1876 LSI_SAS - ok
22:59:42.0457 1876 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:59:42.0457 1876 LSI_SAS2 - ok
22:59:42.0473 1876 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:59:42.0473 1876 LSI_SCSI - ok
22:59:42.0489 1876 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:59:42.0520 1876 luafv - ok
22:59:42.0551 1876 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:59:42.0567 1876 Mcx2Svc - ok
22:59:42.0582 1876 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:59:42.0598 1876 megasas - ok
22:59:42.0598 1876 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:59:42.0613 1876 MegaSR - ok
22:59:42.0629 1876 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:59:42.0660 1876 MMCSS - ok
22:59:42.0676 1876 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:59:42.0691 1876 Modem - ok
22:59:42.0707 1876 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:59:42.0723 1876 monitor - ok
22:59:42.0738 1876 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:59:42.0754 1876 mouclass - ok
22:59:42.0754 1876 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:59:42.0769 1876 mouhid - ok
22:59:42.0801 1876 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:59:42.0801 1876 mountmgr - ok
22:59:42.0863 1876 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:59:42.0879 1876 MozillaMaintenance - ok
22:59:42.0910 1876 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:59:42.0925 1876 mpio - ok
22:59:42.0925 1876 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:59:42.0972 1876 mpsdrv - ok
22:59:43.0003 1876 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:59:43.0066 1876 MpsSvc - ok
22:59:43.0097 1876 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:59:43.0128 1876 MRxDAV - ok
22:59:43.0144 1876 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:59:43.0191 1876 mrxsmb - ok
22:59:43.0237 1876 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:59:43.0269 1876 mrxsmb10 - ok
22:59:43.0315 1876 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:59:43.0331 1876 mrxsmb20 - ok
22:59:43.0362 1876 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:59:43.0378 1876 msahci - ok
22:59:43.0409 1876 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:59:43.0425 1876 msdsm - ok
22:59:43.0440 1876 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:59:43.0471 1876 MSDTC - ok
22:59:43.0487 1876 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:59:43.0518 1876 Msfs - ok
22:59:43.0518 1876 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:59:43.0565 1876 mshidkmdf - ok
22:59:43.0565 1876 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:59:43.0581 1876 msisadrv - ok
22:59:43.0596 1876 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:59:43.0627 1876 MSiSCSI - ok
22:59:43.0627 1876 msiserver - ok
22:59:43.0643 1876 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:59:43.0674 1876 MSKSSRV - ok
22:59:43.0674 1876 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:59:43.0705 1876 MSPCLOCK - ok
22:59:43.0705 1876 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:59:43.0737 1876 MSPQM - ok
22:59:43.0768 1876 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:59:43.0783 1876 MsRPC - ok
22:59:43.0783 1876 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:59:43.0799 1876 mssmbios - ok
22:59:43.0799 1876 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:59:43.0830 1876 MSTEE - ok
22:59:43.0830 1876 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:59:43.0861 1876 MTConfig - ok
22:59:43.0877 1876 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:59:43.0893 1876 MTsensor - ok
22:59:43.0893 1876 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:59:43.0908 1876 Mup - ok
22:59:43.0971 1876 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:59:43.0986 1876 N360 - ok
22:59:44.0033 1876 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:59:44.0064 1876 napagent - ok
22:59:44.0080 1876 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:59:44.0111 1876 NativeWifiP - ok
22:59:44.0173 1876 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121012.002\ENG64.SYS
22:59:44.0189 1876 NAVENG - ok
22:59:44.0236 1876 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121012.002\EX64.SYS
22:59:44.0267 1876 NAVEX15 - ok
22:59:44.0298 1876 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:59:44.0314 1876 NDIS - ok
22:59:44.0329 1876 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:59:44.0361 1876 NdisCap - ok
22:59:44.0361 1876 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:59:44.0392 1876 NdisTapi - ok
22:59:44.0407 1876 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:59:44.0454 1876 Ndisuio - ok
22:59:44.0485 1876 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:59:44.0532 1876 NdisWan - ok
22:59:44.0563 1876 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:59:44.0595 1876 NDProxy - ok
22:59:44.0610 1876 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:59:44.0641 1876 NetBIOS - ok
22:59:44.0673 1876 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:59:44.0719 1876 NetBT - ok
22:59:44.0735 1876 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:59:44.0735 1876 Netlogon - ok
22:59:44.0766 1876 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:59:44.0813 1876 Netman - ok
22:59:44.0844 1876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:44.0844 1876 NetMsmqActivator - ok
22:59:44.0860 1876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:44.0860 1876 NetPipeActivator - ok
22:59:44.0860 1876 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:59:44.0891 1876 netprofm - ok
22:59:44.0891 1876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:44.0907 1876 NetTcpActivator - ok
22:59:44.0907 1876 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:59:44.0922 1876 NetTcpPortSharing - ok
22:59:44.0922 1876 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:59:44.0938 1876 nfrd960 - ok
22:59:44.0953 1876 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:59:44.0985 1876 NlaSvc - ok
22:59:45.0031 1876 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:59:45.0047 1876 Npfs - ok
22:59:45.0063 1876 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:59:45.0109 1876 nsi - ok
22:59:45.0109 1876 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:59:45.0141 1876 nsiproxy - ok
22:59:45.0187 1876 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:59:45.0203 1876 Ntfs - ok
22:59:45.0219 1876 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:59:45.0250 1876 Null - ok
22:59:45.0281 1876 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:59:45.0297 1876 nusb3hub - ok
22:59:45.0312 1876 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:59:45.0328 1876 nusb3xhc - ok
22:59:45.0359 1876 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:59:45.0375 1876 NVHDA - ok
22:59:45.0577 1876 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:59:45.0718 1876 nvlddmkm - ok
22:59:45.0749 1876 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:59:45.0765 1876 nvraid - ok
22:59:45.0765 1876 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:59:45.0780 1876 nvstor - ok
22:59:45.0827 1876 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:59:45.0858 1876 nvsvc - ok
22:59:45.0936 1876 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:59:45.0967 1876 nvUpdatusService - ok
22:59:45.0999 1876 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:59:46.0014 1876 nv_agp - ok
22:59:46.0045 1876 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:59:46.0061 1876 ohci1394 - ok
22:59:46.0108 1876 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:59:46.0123 1876 ose - ok
22:59:46.0233 1876 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:59:46.0295 1876 osppsvc - ok
22:59:46.0311 1876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:59:46.0326 1876 p2pimsvc - ok
22:59:46.0342 1876 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:59:46.0357 1876 p2psvc - ok
22:59:46.0373 1876 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:59:46.0389 1876 Parport - ok
22:59:46.0420 1876 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:59:46.0435 1876 partmgr - ok
22:59:46.0451 1876 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:59:46.0482 1876 PcaSvc - ok
22:59:46.0498 1876 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:59:46.0513 1876 pci - ok
22:59:46.0513 1876 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:59:46.0529 1876 pciide - ok
22:59:46.0529 1876 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:59:46.0545 1876 pcmcia - ok
22:59:46.0560 1876 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:59:46.0560 1876 pcw - ok
22:59:46.0576 1876 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:59:46.0607 1876 PEAUTH - ok
22:59:46.0638 1876 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:59:46.0669 1876 PeerDistSvc - ok
22:59:46.0716 1876 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:59:46.0732 1876 PerfHost - ok
22:59:46.0779 1876 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:59:46.0841 1876 pla - ok
22:59:46.0872 1876 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:59:46.0903 1876 PlugPlay - ok
22:59:46.0903 1876 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:59:46.0919 1876 PNRPAutoReg - ok
22:59:46.0919 1876 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:59:46.0935 1876 PNRPsvc - ok
22:59:46.0966 1876 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:59:47.0013 1876 PolicyAgent - ok
22:59:47.0044 1876 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:59:47.0091 1876 Power - ok
22:59:47.0122 1876 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:59:47.0153 1876 PptpMiniport - ok
22:59:47.0169 1876 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:59:47.0184 1876 Processor - ok
22:59:47.0200 1876 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:59:47.0231 1876 ProfSvc - ok
22:59:47.0247 1876 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:59:47.0247 1876 ProtectedStorage - ok
22:59:47.0278 1876 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:59:47.0325 1876 Psched - ok
22:59:47.0356 1876 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:59:47.0371 1876 ql2300 - ok
22:59:47.0387 1876 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:59:47.0387 1876 ql40xx - ok
22:59:47.0418 1876 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:59:47.0418 1876 QWAVE - ok
22:59:47.0449 1876 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:59:47.0465 1876 QWAVEdrv - ok
22:59:47.0465 1876 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:59:47.0496 1876 RasAcd - ok
22:59:47.0512 1876 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:59:47.0543 1876 RasAgileVpn - ok
22:59:47.0543 1876 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:59:47.0574 1876 RasAuto - ok
22:59:47.0605 1876 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:59:47.0652 1876 Rasl2tp - ok
22:59:47.0683 1876 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:59:47.0715 1876 RasMan - ok
22:59:47.0715 1876 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:59:47.0746 1876 RasPppoe - ok
22:59:47.0761 1876 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:59:47.0777 1876 RasSstp - ok
22:59:47.0793 1876 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:59:47.0824 1876 rdbss - ok
22:59:47.0839 1876 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:59:47.0855 1876 rdpbus - ok
22:59:47.0871 1876 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:59:47.0902 1876 RDPCDD - ok
22:59:47.0917 1876 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:59:47.0933 1876 RDPDR - ok
22:59:47.0933 1876 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:59:47.0980 1876 RDPENCDD - ok
22:59:47.0980 1876 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:59:47.0995 1876 RDPREFMP - ok
22:59:48.0011 1876 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:59:48.0027 1876 RDPWD - ok
22:59:48.0058 1876 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:59:48.0073 1876 rdyboost - ok
22:59:48.0105 1876 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:59:48.0136 1876 RemoteAccess - ok
22:59:48.0151 1876 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:59:48.0183 1876 RemoteRegistry - ok
22:59:48.0198 1876 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:59:48.0261 1876 RpcEptMapper - ok
22:59:48.0261 1876 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:59:48.0276 1876 RpcLocator - ok
22:59:48.0307 1876 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:59:48.0339 1876 RpcSs - ok
22:59:48.0354 1876 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:59:48.0370 1876 rspndr - ok
22:59:48.0417 1876 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:59:48.0417 1876 s3cap - ok
22:59:48.0417 1876 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:59:48.0432 1876 SamSs - ok
22:59:48.0432 1876 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:59:48.0448 1876 sbp2port - ok
22:59:48.0463 1876 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:59:48.0495 1876 SCardSvr - ok
22:59:48.0526 1876 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:59:48.0557 1876 scfilter - ok
22:59:48.0604 1876 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:59:48.0635 1876 Schedule - ok
22:59:48.0666 1876 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:59:48.0697 1876 SCPolicySvc - ok
22:59:48.0729 1876 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:59:48.0744 1876 SDRSVC - ok
22:59:48.0760 1876 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:59:48.0791 1876 secdrv - ok
22:59:48.0822 1876 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:59:48.0853 1876 seclogon - ok
22:59:48.0869 1876 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:59:48.0916 1876 SENS - ok
22:59:48.0916 1876 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:59:48.0931 1876 SensrSvc - ok
22:59:48.0947 1876 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:59:48.0963 1876 Serenum - ok
22:59:48.0978 1876 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:59:48.0994 1876 Serial - ok
22:59:49.0025 1876 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:59:49.0041 1876 sermouse - ok
22:59:49.0087 1876 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:59:49.0119 1876 SessionEnv - ok
22:59:49.0150 1876 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:59:49.0181 1876 sffdisk - ok
22:59:49.0181 1876 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:59:49.0197 1876 sffp_mmc - ok
22:59:49.0212 1876 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:59:49.0212 1876 sffp_sd - ok
22:59:49.0212 1876 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:59:49.0228 1876 sfloppy - ok
22:59:49.0259 1876 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:59:49.0306 1876 SharedAccess - ok
22:59:49.0337 1876 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:59:49.0368 1876 ShellHWDetection - ok
22:59:49.0368 1876 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:59:49.0384 1876 SiSRaid2 - ok
22:59:49.0384 1876 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:59:49.0399 1876 SiSRaid4 - ok
22:59:49.0431 1876 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:59:49.0446 1876 SkypeUpdate - ok
22:59:49.0446 1876 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:59:49.0477 1876 Smb - ok
22:59:49.0493 1876 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:59:49.0509 1876 SNMPTRAP - ok
22:59:49.0509 1876 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:59:49.0524 1876 spldr - ok
22:59:49.0555 1876 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:59:49.0571 1876 Spooler - ok
22:59:49.0633 1876 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:59:49.0696 1876 sppsvc - ok
22:59:49.0711 1876 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:59:49.0743 1876 sppuinotify - ok
22:59:49.0821 1876 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
22:59:49.0836 1876 SRTSP - ok
22:59:49.0852 1876 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
22:59:49.0852 1876 SRTSPX - ok
22:59:49.0883 1876 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:59:49.0914 1876 srv - ok
22:59:49.0930 1876 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:59:49.0945 1876 srv2 - ok
22:59:49.0945 1876 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:59:49.0961 1876 srvnet - ok
22:59:49.0977 1876 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:59:50.0008 1876 SSDPSRV - ok
22:59:50.0023 1876 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:59:50.0039 1876 SstpSvc - ok
22:59:50.0070 1876 Steam Client Service - ok
22:59:50.0133 1876 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:59:50.0148 1876 Stereo Service - ok
22:59:50.0164 1876 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:59:50.0179 1876 stexstor - ok
22:59:50.0195 1876 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:59:50.0226 1876 stisvc - ok
22:59:50.0257 1876 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:59:50.0257 1876 storflt - ok
22:59:50.0273 1876 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:59:50.0289 1876 StorSvc - ok
22:59:50.0304 1876 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:59:50.0320 1876 storvsc - ok
22:59:50.0351 1876 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:59:50.0367 1876 swenum - ok
22:59:50.0382 1876 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:59:50.0429 1876 swprv - ok
22:59:50.0445 1876 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
22:59:50.0445 1876 SymDS - ok
22:59:50.0476 1876 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
22:59:50.0491 1876 SymEFA - ok
22:59:50.0523 1876 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:59:50.0523 1876 SymEvent - ok
22:59:50.0569 1876 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
22:59:50.0585 1876 SymIRON - ok
22:59:50.0601 1876 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
22:59:50.0616 1876 SymNetS - ok
22:59:50.0679 1876 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:59:50.0725 1876 SysMain - ok
22:59:50.0757 1876 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:59:50.0772 1876 TabletInputService - ok
22:59:50.0913 1876 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
22:59:50.0991 1876 TabletServicePen - ok
22:59:51.0006 1876 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:59:51.0022 1876 TapiSrv - ok
22:59:51.0037 1876 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:59:51.0069 1876 TBS - ok
22:59:51.0115 1876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:59:51.0147 1876 Tcpip - ok
22:59:51.0162 1876 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:59:51.0193 1876 TCPIP6 - ok
22:59:51.0225 1876 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:59:51.0256 1876 tcpipreg - ok
22:59:51.0271 1876 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:59:51.0287 1876 TDPIPE - ok
22:59:51.0318 1876 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:59:51.0334 1876 TDTCP - ok
22:59:51.0381 1876 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:59:51.0412 1876 tdx - ok
22:59:51.0443 1876 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:59:51.0443 1876 TermDD - ok
22:59:51.0490 1876 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:59:51.0521 1876 TermService - ok
22:59:51.0537 1876 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:59:51.0552 1876 Themes - ok
22:59:51.0568 1876 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:59:51.0599 1876 THREADORDER - ok
22:59:51.0615 1876 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
22:59:51.0615 1876 TouchServicePen - ok
22:59:51.0646 1876 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:59:51.0677 1876 TrkWks - ok
22:59:51.0724 1876 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:59:51.0771 1876 TrustedInstaller - ok
22:59:51.0802 1876 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:59:51.0833 1876 tssecsrv - ok
22:59:51.0849 1876 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:59:51.0864 1876 TsUsbFlt - ok
22:59:51.0895 1876 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:59:51.0942 1876 tunnel - ok
22:59:51.0942 1876 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:59:51.0958 1876 uagp35 - ok
22:59:51.0989 1876 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:59:52.0036 1876 udfs - ok
22:59:52.0036 1876 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:59:52.0067 1876 UI0Detect - ok
22:59:52.0083 1876 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:59:52.0083 1876 uliagpkx - ok
22:59:52.0114 1876 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:59:52.0145 1876 umbus - ok
22:59:52.0145 1876 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:59:52.0176 1876 UmPass - ok
22:59:52.0192 1876 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:59:52.0207 1876 UmRdpService - ok
22:59:52.0254 1876 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:59:52.0301 1876 upnphost - ok
22:59:52.0301 1876 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:59:52.0317 1876 usbaudio - ok
22:59:52.0348 1876 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:59:52.0363 1876 usbccgp - ok
22:59:52.0379 1876 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:59:52.0410 1876 usbcir - ok
22:59:52.0410 1876 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:59:52.0441 1876 usbehci - ok
22:59:52.0441 1876 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:59:52.0473 1876 usbhub - ok
22:59:52.0473 1876 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:59:52.0488 1876 usbohci - ok
22:59:52.0504 1876 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:59:52.0519 1876 usbprint - ok
22:59:52.0551 1876 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:59:52.0566 1876 usbscan - ok
22:59:52.0582 1876 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:59:52.0613 1876 USBSTOR - ok
22:59:52.0629 1876 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:59:52.0644 1876 usbuhci - ok
22:59:52.0660 1876 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:59:52.0707 1876 UxSms - ok
22:59:52.0722 1876 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:59:52.0738 1876 VaultSvc - ok
22:59:52.0738 1876 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:59:52.0753 1876 vdrvroot - ok
22:59:52.0785 1876 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:59:52.0816 1876 vds - ok
22:59:52.0847 1876 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:59:52.0847 1876 vga - ok
22:59:52.0863 1876 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:59:52.0894 1876 VgaSave - ok
22:59:52.0909 1876 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:59:52.0925 1876 vhdmp - ok
22:59:52.0956 1876 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:59:52.0956 1876 viaide - ok
22:59:52.0972 1876 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:59:52.0987 1876 vmbus - ok
22:59:53.0003 1876 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:59:53.0019 1876 VMBusHID - ok
22:59:53.0050 1876 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:59:53.0066 1876 volmgr - ok
22:59:53.0097 1876 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:59:53.0128 1876 volmgrx - ok
22:59:53.0144 1876 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:59:53.0144 1876 volsnap - ok
22:59:53.0159 1876 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:59:53.0175 1876 vsmraid - ok
22:59:53.0222 1876 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:59:53.0268 1876 VSS - ok
22:59:53.0284 1876 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:59:53.0300 1876 vwifibus - ok
22:59:53.0300 1876 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:59:53.0315 1876 vwififlt - ok
22:59:53.0331 1876 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:59:53.0362 1876 W32Time - ok
22:59:53.0393 1876 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:59:53.0409 1876 wacommousefilter - ok
22:59:53.0424 1876 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:59:53.0424 1876 WacomPen - ok
22:59:53.0440 1876 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
22:59:53.0440 1876 wacomvhid - ok
22:59:53.0456 1876 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:59:53.0487 1876 WANARP - ok
22:59:53.0487 1876 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:59:53.0518 1876 Wanarpv6 - ok
22:59:53.0643 1876 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:59:53.0658 1876 WatAdminSvc - ok
22:59:53.0705 1876 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:59:53.0736 1876 wbengine - ok
22:59:53.0752 1876 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:59:53.0752 1876 WbioSrvc - ok
22:59:53.0799 1876 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:59:53.0830 1876 wcncsvc - ok
22:59:53.0846 1876 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:59:53.0846 1876 WcsPlugInService - ok
22:59:53.0861 1876 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:59:53.0861 1876 Wd - ok
22:59:53.0892 1876 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:59:53.0908 1876 Wdf01000 - ok
22:59:53.0908 1876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:59:53.0939 1876 WdiServiceHost - ok
22:59:53.0939 1876 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:59:53.0955 1876 WdiSystemHost - ok
22:59:53.0986 1876 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:59:54.0002 1876 WebClient - ok
22:59:54.0017 1876 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:59:54.0064 1876 Wecsvc - ok
22:59:54.0064 1876 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:59:54.0095 1876 wercplsupport - ok
22:59:54.0111 1876 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:59:54.0142 1876 WerSvc - ok
22:59:54.0142 1876 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:59:54.0173 1876 WfpLwf - ok
22:59:54.0173 1876 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:59:54.0189 1876 WIMMount - ok
22:59:54.0204 1876 WinDefend - ok
22:59:54.0204 1876 WinHttpAutoProxySvc - ok
22:59:54.0251 1876 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:59:54.0282 1876 Winmgmt - ok
22:59:54.0329 1876 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:59:54.0376 1876 WinRM - ok
22:59:54.0407 1876 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:59:54.0407 1876 WinUsb - ok
22:59:54.0454 1876 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:59:54.0485 1876 Wlansvc - ok
22:59:54.0516 1876 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:59:54.0516 1876 WmiAcpi - ok
22:59:54.0548 1876 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:59:54.0579 1876 wmiApSrv - ok
22:59:54.0594 1876 WMPNetworkSvc - ok
22:59:54.0610 1876 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:59:54.0610 1876 WPCSvc - ok
22:59:54.0626 1876 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:59:54.0641 1876 WPDBusEnum - ok
22:59:54.0657 1876 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:59:54.0672 1876 ws2ifsl - ok
22:59:54.0688 1876 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:59:54.0704 1876 wscsvc - ok
22:59:54.0704 1876 WSearch - ok
22:59:54.0782 1876 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:59:54.0813 1876 wuauserv - ok
22:59:54.0844 1876 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:59:54.0891 1876 WudfPf - ok
22:59:54.0906 1876 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:59:54.0938 1876 WUDFRd - ok
22:59:54.0969 1876 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:59:54.0984 1876 wudfsvc - ok
22:59:55.0016 1876 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:59:55.0047 1876 WwanSvc - ok
22:59:55.0078 1876 X6va005 - ok
22:59:55.0109 1876 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:59:55.0125 1876 xusb21 - ok
22:59:55.0140 1876 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:59:55.0156 1876 yukonw7 - ok
22:59:55.0172 1876 ================ Scan global ===============================
22:59:55.0187 1876 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:59:55.0218 1876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:59:55.0218 1876 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:59:55.0250 1876 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:59:55.0281 1876 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:59:55.0281 1876 [Global] - ok
22:59:55.0296 1876 ================ Scan MBR ==================================
22:59:55.0296 1876 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:59:55.0468 1876 \Device\Harddisk0\DR0 - ok
22:59:55.0468 1876 ================ Scan VBR ==================================
22:59:55.0484 1876 [ E7F29EC74C4C62FCAE8844409DA53BE0 ] \Device\Harddisk0\DR0\Partition1
22:59:55.0484 1876 \Device\Harddisk0\DR0\Partition1 - ok
22:59:55.0484 1876 ============================================================
22:59:55.0484 1876 Scan finished
22:59:55.0484 1876 ============================================================
22:59:55.0484 2316 Detected object count: 0
22:59:55.0484 2316 Actual detected object count: 0
23:00:07.0308 2204 Deinitialize success

Thanks again so much for taking your time to look at this and help us troubleshoot the issue! :notworthy:

#8
Aristazi

Posted 14 October 2012 - 12:39 AM

Member

Topic Starter
Member
266 posts

P.S. Maybe it's obvious from the PC Specs but this is a PC the hubby and I built ourselves. And it was for the most part a first time for both of us. It has worked great for the most part for the last 2 or so years since we built it with primarily one exception: We can't let it hibernate because it almost never wakes up properly.
When we let it hibernate it would not sleep properly, either everything would appear to go to sleep but when you try to wake it up it would take a VERY long time to do so. Or the hard drive and fans wouldn't ever shut off, and the only way to wake the computer would be to hold the button to actually shut it down - and then turn it on again, at which point it would often act like it was waking from hibernation.
Just again in case that information is helpful at all. I don't expect you to solve all of our PC's problems

I'm just glad that it appears that we don't have malware.

Thank you!

#9
RKinner

Posted 14 October 2012 - 01:31 AM

Malware Expert

Expert
24,625 posts

2012-10-12 06:53:48, Info CSI 00000132 [SR] Could not reproject corrupted file [ml:520{260},l:110{55}]"\??\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy"\[l:64{32}]"BabyBoyMainToNotesBackground.wmv"; source file in store is also corrupted

I don't know why it cares about this file but you can try replacing the file at C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv

with the attached one from my Win 7. The forum wouldn't let me upload the file without zipping it so you will need to download, save and then right click on it and Extract All then copy the BabyBoyMainToNotesBackground.wmv
to C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy

Then see if sfc will run without complaining.

Have to admit I never tried it with cache off - you would think that all options would be possible but that is certainly too slow.

The thing TDSSKiller found is unusual so we may have something after all. Let's see if we have another iaStorV.sys

Copy the text in the code box:

/md5start
iaStorV.sys
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#10
Aristazi

Posted 14 October 2012 - 07:47 PM

Member

Topic Starter
Member
266 posts

I replaced the video file (had to modify ownership permissions to do so) and tried sfc again, looks like it still didn't like that file though.

2012-10-12 06:50:55, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:55, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:56, Info CSI 0000000c [SR] Verify complete
2012-10-12 06:50:56, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:56, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:57, Info CSI 00000010 [SR] Verify complete
2012-10-12 06:50:58, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:58, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-10-12 06:50:59, Info CSI 00000014 [SR] Verify complete
2012-10-12 06:50:59, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:50:59, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:00, Info CSI 00000018 [SR] Verify complete
2012-10-12 06:51:00, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:00, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:03, Info CSI 0000001c [SR] Verify complete
2012-10-12 06:51:03, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:03, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:04, Info CSI 00000020 [SR] Verify complete
2012-10-12 06:51:04, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:04, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:06, Info CSI 00000024 [SR] Verify complete
2012-10-12 06:51:06, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:06, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:08, Info CSI 00000028 [SR] Verify complete
2012-10-12 06:51:08, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:08, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:10, Info CSI 0000002c [SR] Verify complete
2012-10-12 06:51:10, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:10, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:11, Info CSI 00000030 [SR] Verify complete
2012-10-12 06:51:11, Info CSI 00000031 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:11, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:13, Info CSI 00000034 [SR] Verify complete
2012-10-12 06:51:13, Info CSI 00000035 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:13, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:16, Info CSI 00000039 [SR] Verify complete
2012-10-12 06:51:16, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:16, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:20, Info CSI 00000040 [SR] Verify complete
2012-10-12 06:51:21, Info CSI 00000041 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:21, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:23, Info CSI 00000045 [SR] Verify complete
2012-10-12 06:51:24, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:24, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:26, Info CSI 00000049 [SR] Verify complete
2012-10-12 06:51:26, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:26, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:30, Info CSI 0000005a [SR] Verify complete
2012-10-12 06:51:30, Info CSI 0000005b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:30, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:34, Info CSI 00000074 [SR] Verify complete
2012-10-12 06:51:34, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:34, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:47, Info CSI 00000078 [SR] Verify complete
2012-10-12 06:51:47, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:47, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:50, Info CSI 0000007c [SR] Verify complete
2012-10-12 06:51:50, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:50, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:55, Info CSI 00000080 [SR] Verify complete
2012-10-12 06:51:55, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:55, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-10-12 06:51:58, Info CSI 00000084 [SR] Verify complete
2012-10-12 06:51:58, Info CSI 00000085 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:51:58, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:02, Info CSI 00000088 [SR] Verify complete
2012-10-12 06:52:02, Info CSI 00000089 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:02, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:07, Info CSI 000000ad [SR] Verify complete
2012-10-12 06:52:08, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:08, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:13, Info CSI 000000b1 [SR] Verify complete
2012-10-12 06:52:13, Info CSI 000000b2 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:13, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:21, Info CSI 000000b5 [SR] Verify complete
2012-10-12 06:52:22, Info CSI 000000b6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:22, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:28, Info CSI 000000bb [SR] Verify complete
2012-10-12 06:52:28, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:28, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:30, Info CSI 000000bf [SR] Verify complete
2012-10-12 06:52:30, Info CSI 000000c0 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:30, Info CSI 000000c1 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:31, Info CSI 000000c3 [SR] Verify complete
2012-10-12 06:52:31, Info CSI 000000c4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:31, Info CSI 000000c5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:32, Info CSI 000000c7 [SR] Verify complete
2012-10-12 06:52:32, Info CSI 000000c8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:32, Info CSI 000000c9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:38, Info CSI 000000dc [SR] Verify complete
2012-10-12 06:52:38, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:38, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:40, Info CSI 000000e0 [SR] Verify complete
2012-10-12 06:52:40, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:40, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:41, Info CSI 000000e4 [SR] Verify complete
2012-10-12 06:52:41, Info CSI 000000e5 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:41, Info CSI 000000e6 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:43, Info CSI 000000e8 [SR] Verify complete
2012-10-12 06:52:43, Info CSI 000000e9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:43, Info CSI 000000ea [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:49, Info CSI 000000ed [SR] Verify complete
2012-10-12 06:52:49, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:49, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:56, Info CSI 000000f2 [SR] Verify complete
2012-10-12 06:52:56, Info CSI 000000f3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:56, Info CSI 000000f4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:52:59, Info CSI 000000f6 [SR] Verify complete
2012-10-12 06:52:59, Info CSI 000000f7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:52:59, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:02, Info CSI 000000fa [SR] Verify complete
2012-10-12 06:53:02, Info CSI 000000fb [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:02, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:06, Info CSI 000000fe [SR] Verify complete
2012-10-12 06:53:07, Info CSI 000000ff [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:07, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:11, Info CSI 00000102 [SR] Verify complete
2012-10-12 06:53:11, Info CSI 00000103 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:11, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:15, Info CSI 00000106 [SR] Verify complete
2012-10-12 06:53:15, Info CSI 00000107 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:15, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:23, Info CSI 0000011c [SR] Verify complete
2012-10-12 06:53:23, Info CSI 0000011d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:23, Info CSI 0000011e [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:27, Info CSI 00000124 [SR] Verify complete
2012-10-12 06:53:27, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:27, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:38, Info CSI 00000128 [SR] Verify complete
2012-10-12 06:53:38, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:38, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:42, Info CSI 0000012c [SR] Verify complete
2012-10-12 06:53:43, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:43, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:48, Info CSI 00000132 [SR] Could not reproject corrupted file [ml:520{260},l:110{55}]"\??\C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy"\[l:64{32}]"BabyBoyMainToNotesBackground.wmv"; source file in store is also corrupted
2012-10-12 06:53:50, Info CSI 00000134 [SR] Verify complete
2012-10-12 06:53:50, Info CSI 00000135 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:50, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2012-10-12 06:53:56, Info CSI 00000138 [SR] Verify complete
2012-10-12 06:53:57, Info CSI 00000139 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:53:57, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:01, Info CSI 0000013c [SR] Verify complete
2012-10-12 06:54:01, Info CSI 0000013d [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:01, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:05, Info CSI 00000140 [SR] Verify complete
2012-10-12 06:54:05, Info CSI 00000141 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:05, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:09, Info CSI 00000146 [SR] Verify complete
2012-10-12 06:54:09, Info CSI 00000147 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:09, Info CSI 00000148 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:12, Info CSI 0000014a [SR] Verify complete
2012-10-12 06:54:12, Info CSI 0000014b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:12, Info CSI 0000014c [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:21, Info CSI 0000014e [SR] Verify complete
2012-10-12 06:54:21, Info CSI 0000014f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:21, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:25, Info CSI 00000153 [SR] Verify complete
2012-10-12 06:54:25, Info CSI 00000154 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:25, Info CSI 00000155 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:29, Info CSI 00000158 [SR] Verify complete
2012-10-12 06:54:29, Info CSI 00000159 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:29, Info CSI 0000015a [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:34, Info CSI 0000015d [SR] Verify complete
2012-10-12 06:54:34, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:34, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:39, Info CSI 00000161 [SR] Verify complete
2012-10-12 06:54:39, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:39, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:43, Info CSI 00000165 [SR] Verify complete
2012-10-12 06:54:43, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:43, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:47, Info CSI 00000169 [SR] Verify complete
2012-10-12 06:54:47, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:47, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:51, Info CSI 0000016e [SR] Verify complete
2012-10-12 06:54:51, Info CSI 0000016f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:51, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:55, Info CSI 00000172 [SR] Verify complete
2012-10-12 06:54:56, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:56, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2012-10-12 06:54:58, Info CSI 00000176 [SR] Verify complete
2012-10-12 06:54:59, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:54:59, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:02, Info CSI 0000017b [SR] Verify complete
2012-10-12 06:55:03, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:03, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:07, Info CSI 0000017f [SR] Verify complete
2012-10-12 06:55:07, Info CSI 00000180 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:07, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:11, Info CSI 00000185 [SR] Verify complete
2012-10-12 06:55:11, Info CSI 00000186 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:11, Info CSI 00000187 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:15, Info CSI 00000189 [SR] Verify complete
2012-10-12 06:55:15, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:15, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:20, Info CSI 0000018e [SR] Verify complete
2012-10-12 06:55:20, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:20, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:24, Info CSI 00000192 [SR] Verify complete
2012-10-12 06:55:24, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:24, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:25, Info CSI 00000196 [SR] Verify complete
2012-10-12 06:55:25, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:25, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:28, Info CSI 0000019a [SR] Verify complete
2012-10-12 06:55:29, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:29, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:31, Info CSI 0000019e [SR] Verify complete
2012-10-12 06:55:31, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:31, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:35, Info CSI 000001a2 [SR] Verify complete
2012-10-12 06:55:35, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:35, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:37, Info CSI 000001a6 [SR] Verify complete
2012-10-12 06:55:38, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:38, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:40, Info CSI 000001aa [SR] Verify complete
2012-10-12 06:55:40, Info CSI 000001ab [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:40, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:47, Info CSI 000001ae [SR] Verify complete
2012-10-12 06:55:47, Info CSI 000001af [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:47, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:55:57, Info CSI 000001b2 [SR] Verify complete
2012-10-12 06:55:57, Info CSI 000001b3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:55:57, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:00, Info CSI 000001b6 [SR] Verify complete
2012-10-12 06:56:00, Info CSI 000001b7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:00, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:03, Info CSI 000001ba [SR] Verify complete
2012-10-12 06:56:03, Info CSI 000001bb [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:03, Info CSI 000001bc [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:04, Info CSI 000001be [SR] Verify complete
2012-10-12 06:56:04, Info CSI 000001bf [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:04, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:07, Info CSI 000001c2 [SR] Verify complete
2012-10-12 06:56:07, Info CSI 000001c3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:07, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:09, Info CSI 000001c6 [SR] Verify complete
2012-10-12 06:56:09, Info CSI 000001c7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:09, Info CSI 000001c8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:14, Info CSI 000001d0 [SR] Verify complete
2012-10-12 06:56:14, Info CSI 000001d1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:14, Info CSI 000001d2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:18, Info CSI 000001d4 [SR] Verify complete
2012-10-12 06:56:18, Info CSI 000001d5 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:18, Info CSI 000001d6 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:20, Info CSI 000001d8 [SR] Verify complete
2012-10-12 06:56:21, Info CSI 000001d9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:21, Info CSI 000001da [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:23, Info CSI 000001dc [SR] Verify complete
2012-10-12 06:56:23, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:23, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:27, Info CSI 000001e0 [SR] Verify complete
2012-10-12 06:56:27, Info CSI 000001e1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:27, Info CSI 000001e2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:32, Info CSI 000001e5 [SR] Verify complete
2012-10-12 06:56:32, Info CSI 000001e6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:32, Info CSI 000001e7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:35, Info CSI 000001e9 [SR] Verify complete
2012-10-12 06:56:35, Info CSI 000001ea [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:35, Info CSI 000001eb [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:36, Info CSI 000001ed [SR] Verify complete
2012-10-12 06:56:36, Info CSI 000001ee [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:36, Info CSI 000001ef [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:43, Info CSI 000001f2 [SR] Verify complete
2012-10-12 06:56:43, Info CSI 000001f3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:43, Info CSI 000001f4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:51, Info CSI 000001f8 [SR] Verify complete
2012-10-12 06:56:52, Info CSI 000001f9 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:52, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2012-10-12 06:56:56, Info CSI 000001ff [SR] Verify complete
2012-10-12 06:56:56, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:56:56, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:01, Info CSI 00000209 [SR] Verify complete
2012-10-12 06:57:01, Info CSI 0000020a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:01, Info CSI 0000020b [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:07, Info CSI 00000212 [SR] Verify complete
2012-10-12 06:57:07, Info CSI 00000213 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:07, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:11, Info CSI 00000219 [SR] Verify complete
2012-10-12 06:57:11, Info CSI 0000021a [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:11, Info CSI 0000021b [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:15, Info CSI 0000021f [SR] Verify complete
2012-10-12 06:57:15, Info CSI 00000220 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:15, Info CSI 00000221 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:18, Info CSI 00000223 [SR] Verify complete
2012-10-12 06:57:18, Info CSI 00000224 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:18, Info CSI 00000225 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:23, Info CSI 00000244 [SR] Verify complete
2012-10-12 06:57:23, Info CSI 00000245 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:23, Info CSI 00000246 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:26, Info CSI 0000024e [SR] Verify complete
2012-10-12 06:57:26, Info CSI 0000024f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:26, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:30, Info CSI 00000252 [SR] Verify complete
2012-10-12 06:57:30, Info CSI 00000253 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:30, Info CSI 00000254 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:33, Info CSI 00000256 [SR] Verify complete
2012-10-12 06:57:33, Info CSI 00000257 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:33, Info CSI 00000258 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:36, Info CSI 00000266 [SR] Verify complete
2012-10-12 06:57:36, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:36, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:43, Info CSI 0000026a [SR] Verify complete
2012-10-12 06:57:43, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:43, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:48, Info CSI 0000027a [SR] Verify complete
2012-10-12 06:57:48, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:48, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:49, Info CSI 0000027e [SR] Verify complete
2012-10-12 06:57:50, Info CSI 0000027f [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:50, Info CSI 00000280 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:52, Info CSI 00000282 [SR] Verify complete
2012-10-12 06:57:52, Info CSI 00000283 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:52, Info CSI 00000284 [SR] Beginning Verify and Repair transaction
2012-10-12 06:57:57, Info CSI 00000287 [SR] Verify complete
2012-10-12 06:57:57, Info CSI 00000288 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:57:57, Info CSI 00000289 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:00, Info CSI 0000028b [SR] Verify complete
2012-10-12 06:58:00, Info CSI 0000028c [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:00, Info CSI 0000028d [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:04, Info CSI 0000028f [SR] Verify complete
2012-10-12 06:58:04, Info CSI 00000290 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:04, Info CSI 00000291 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:07, Info CSI 00000293 [SR] Verify complete
2012-10-12 06:58:07, Info CSI 00000294 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:07, Info CSI 00000295 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:13, Info CSI 00000297 [SR] Verify complete
2012-10-12 06:58:13, Info CSI 00000298 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:13, Info CSI 00000299 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:17, Info CSI 000002b3 [SR] Verify complete
2012-10-12 06:58:17, Info CSI 000002b4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:17, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:28, Info CSI 000002b7 [SR] Verify complete
2012-10-12 06:58:28, Info CSI 000002b8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:28, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:31, Info CSI 000002bb [SR] Verify complete
2012-10-12 06:58:31, Info CSI 000002bc [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:31, Info CSI 000002bd [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:34, Info CSI 000002c0 [SR] Verify complete
2012-10-12 06:58:34, Info CSI 000002c1 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:34, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:36, Info CSI 000002c5 [SR] Verify complete
2012-10-12 06:58:36, Info CSI 000002c6 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:36, Info CSI 000002c7 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:39, Info CSI 000002c9 [SR] Verify complete
2012-10-12 06:58:39, Info CSI 000002ca [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:39, Info CSI 000002cb [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:43, Info CSI 000002cd [SR] Verify complete
2012-10-12 06:58:43, Info CSI 000002ce [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:43, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:46, Info CSI 000002d2 [SR] Verify complete
2012-10-12 06:58:47, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:47, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:50, Info CSI 000002d6 [SR] Verify complete
2012-10-12 06:58:50, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:50, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:53, Info CSI 000002da [SR] Verify complete
2012-10-12 06:58:53, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:53, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2012-10-12 06:58:56, Info CSI 000002de [SR] Verify complete
2012-10-12 06:58:56, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:58:56, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:00, Info CSI 000002e3 [SR] Verify complete
2012-10-12 06:59:00, Info CSI 000002e4 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:00, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:04, Info CSI 000002e7 [SR] Verify complete
2012-10-12 06:59:04, Info CSI 000002e8 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:04, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:07, Info CSI 000002eb [SR] Verify complete
2012-10-12 06:59:07, Info CSI 000002ec [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:07, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:10, Info CSI 000002ef [SR] Verify complete
2012-10-12 06:59:10, Info CSI 000002f0 [SR] Verifying 100 (0x0000000000000064) components
2012-10-12 06:59:10, Info CSI 000002f1 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:14, Info CSI 000002f3 [SR] Verify complete
2012-10-12 06:59:14, Info CSI 000002f4 [SR] Verifying 66 (0x0000000000000042) components
2012-10-12 06:59:14, Info CSI 000002f5 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:16, Info CSI 000002f7 [SR] Verify complete
2012-10-12 06:59:16, Info CSI 000002f8 [SR] Repairing 1 components
2012-10-12 06:59:16, Info CSI 000002f9 [SR] Beginning Verify and Repair transaction
2012-10-12 06:59:16, Info CSI 000002fb [SR] Repair complete
2012-10-12 06:59:16, Info CSI 000002fc [SR] Committing transaction
2012-10-12 06:59:16, Info CSI 00000300 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

OTL & Extras
OTL logfile created on: 10/14/2012 9:47:00 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CowTip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 50.30% Memory free
11.98 Gb Paging File | 9.11 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 694.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS

Computer Name: COWTIP-PC | User Name: CowTip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/14 01:23:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\CowTip\Desktop\aswMBR.exe
PRC - [2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
PRC - [2012/10/10 20:05:57 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2008/10/17 18:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/10 20:05:59 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 20:34:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/15 20:34:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 07:33:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 07:33:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 07:33:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 07:33:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/26 22:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files (x86)\Greenshot\Greenshot.exe
MOD - [2010/07/12 07:52:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

========== Services (SafeList) ==========

SRV:64bit: - [2011/09/08 18:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/09/08 18:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/09/18 17:19:04 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/10 20:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 13:55:17 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/09 23:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/12/22 14:46:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/09/18 17:17:55 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/17 07:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/10/11 13:17:51 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/09/08 18:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011/09/08 18:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/07/06 12:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/04/20 20:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2006/05/24 11:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2012/10/14 01:13:03 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121013.007\ex64.sys -- (NAVEX15)
DRV - [2012/10/14 01:13:03 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121013.007\eng64.sys -- (NAVENG)
DRV - [2012/10/12 16:34:08 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121012.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/12 03:51:52 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/31 17:09:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/11 21:27:23 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 99 24 50 F7 A8 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {28BD1E51-802C-47B1-B7EF-2BDFC68D5191}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{28BD1E51-802C-47B1-B7EF-2BDFC68D5191}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.0.932
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/18 13:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/14 01:00:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 22:55:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/11 21:57:16 | 000,000,000 | ---D | M]

[2010/09/01 04:01:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Extensions
[2012/10/09 14:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions
[2012/09/17 20:28:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/02 09:55:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\[email protected]
[2012/10/09 14:24:22 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/11 08:28:31 | 000,001,976 | ---- | M] () -- C:\Users\CowTip\AppData\Roaming\Mozilla\Firefox\Profiles\hv690qmx.default\searchplugins\duckduckgo.xml
[2012/10/12 22:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/19 16:04:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/10/10 20:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 20:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/10 20:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/12 22:08:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - Startup: C:\Users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\CowTip\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sdl.webex.co...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6287593-86CC-421A-A028-684EEE8F9434}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/31 14:37:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 01:23:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\CowTip\Desktop\aswMBR.exe
[2012/10/13 08:12:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/12 23:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/12 22:54:50 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\CowTip\Desktop\tdsskiller.exe
[2012/10/12 22:52:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/12 22:00:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/12 22:00:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/12 22:00:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/12 21:48:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/12 21:48:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/12 21:13:14 | 004,771,502 | R--- | C] (Swearware) -- C:\Users\CowTip\Desktop\ComboFix.exe
[2012/10/11 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\CowTip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012/10/11 22:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/10/11 06:57:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/10 21:27:44 | 000,000,000 | ---D | C] -- C:\Users\CowTip\AppData\Roaming\Malwarebytes
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/10 21:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/10 21:27:20 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/10 21:27:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/09 16:24:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 16:24:39 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 16:24:39 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 16:24:30 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 16:24:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 16:24:30 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 16:24:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 16:24:30 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 16:24:29 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 16:24:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 16:24:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 16:24:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 16:24:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 16:24:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 16:24:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 16:24:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 16:24:29 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 16:24:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 16:24:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 16:24:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 16:24:03 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 16:23:34 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 16:23:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/29 15:39:20 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/22 00:22:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 00:22:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 00:22:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 00:21:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 00:21:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 00:21:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 00:21:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 00:21:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 00:21:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 00:21:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 00:21:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 00:21:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 00:21:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 00:21:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 00:21:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 22:03:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/14 09:37:25 | 000,000,512 | ---- | M] () -- C:\Users\CowTip\Desktop\MBR.dat
[2012/10/14 08:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/14 01:23:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\CowTip\Desktop\aswMBR.exe
[2012/10/14 01:05:50 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 01:05:50 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 00:58:55 | 000,000,358 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/10/14 00:58:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 00:57:57 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/13 11:18:41 | 000,002,050 | -H-- | M] () -- C:\Users\CowTip\Documents\Default.rdp
[2012/10/12 22:59:07 | 000,055,644 | ---- | M] () -- C:\Users\CowTip\Desktop\IAStorv.sys_file.png
[2012/10/12 22:55:34 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/12 22:55:28 | 000,002,044 | ---- | M] () -- C:\Users\CowTip\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/12 22:54:53 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\CowTip\Desktop\tdsskiller.exe
[2012/10/12 22:08:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/12 21:45:31 | 566,702,096 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/12 21:13:37 | 004,771,502 | R--- | M] (Swearware) -- C:\Users\CowTip\Desktop\ComboFix.exe
[2012/10/12 07:05:33 | 000,061,440 | ---- | M] ( ) -- C:\Users\CowTip\Desktop\VEW.exe
[2012/10/11 06:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\CowTip\Desktop\OTL(1).exe
[2012/10/10 21:27:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/09 13:55:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 13:55:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 22:09:15 | 000,658,468 | ---- | M] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/09/18 20:37:46 | 000,783,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 20:37:46 | 000,663,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 20:37:46 | 000,122,068 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/14 09:37:25 | 000,000,512 | ---- | C] () -- C:\Users\CowTip\Desktop\MBR.dat
[2012/10/12 22:59:07 | 000,055,644 | ---- | C] () -- C:\Users\CowTip\Desktop\IAStorv.sys_file.png
[2012/10/12 22:00:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/12 22:00:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/12 22:00:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/12 22:00:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/12 22:00:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/12 07:05:32 | 000,061,440 | ---- | C] ( ) -- C:\Users\CowTip\Desktop\VEW.exe
[2012/10/10 21:27:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 22:09:15 | 000,658,468 | ---- | C] () -- C:\Users\CowTip\Desktop\EAP_General.pdf
[2012/08/01 20:02:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/03/24 14:59:46 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012/03/24 14:59:45 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/03/24 14:46:15 | 000,030,477 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/03/24 14:25:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/11 18:22:55 | 000,000,496 | ---- | C] () -- C:\Users\CowTip\AppData\Roaming\UserMetrics.osl
[2011/12/25 15:19:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/24 21:34:12 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/13 17:17:22 | 000,777,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/10 23:27:12 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
[2011/07/06 22:58:06 | 000,003,584 | ---- | C] () -- C:\Users\CowTip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 06:10:19 | 000,001,940 | ---- | C] () -- C:\Users\CowTip\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2010/10/08 10:54:52 | 000,000,008 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\date
[2010/10/08 10:54:52 | 000,000,002 | -HS- | C] () -- C:\Users\CowTip\AppData\Roaming\evf6

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: ATAPI.SYS >
[2004/08/10 06:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2004/08/10 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe
[2004/08/10 06:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\Windows.old\Windows\system32\csrss.exe
[2004/08/10 06:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\Windows.old\Windows\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Windows.old\Windows\explorer.exe
[2004/08/10 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 08:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 01:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 01:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 08:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2004/08/10 06:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\Windows.old\Windows\system32\dllcache\mswsock.dll
[2004/08/10 06:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\Windows.old\Windows\system32\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 20:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009/07/13 20:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009/07/13 20:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 20:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_cdcf91c058fc0e07\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010/11/20 07:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010/11/20 08:27:22 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll
[2009/07/13 20:41:52 | 000,070,144 | ---- | M] (Microsoft Corporation) MD5=86E3822A34D454032D8E88C72AE8CF2D -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_c37ae76e249b4c0c\nlaapi.dll

< MD5 for: NWPROVAU.DLL >
[2004/08/10 06:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\Windows.old\Windows\system32\dllcache\nwprovau.dll
[2004/08/10 06:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\Windows.old\Windows\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009/07/13 20:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009/07/13 20:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll
[2004/08/10 06:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\Windows.old\Windows\system32\dllcache\pnrpnsp.dll
[2004/08/10 06:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\Windows.old\Windows\system32\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009/07/13 20:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: RSVPSP.DLL >
[2004/08/10 06:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\Windows.old\Windows\system32\dllcache\rsvpsp.dll
[2004/08/10 06:00:00 | 000,090,112 | ---- | M] (Microsoft Corporation) MD5=90491683ABD587C702B16F181AB0D99D -- C:\Windows.old\Windows\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\Windows.old\Windows\system32\dllcache\services.exe
[2004/08/10 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\Windows.old\Windows\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Windows.old\Windows\system32\dllcache\svchost.exe
[2004/08/10 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\Windows.old\Windows\system32\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USER32.DLL >
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 07:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2004/08/10 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2004/08/10 06:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\user32.dll
[2009/07/13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 08:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< MD5 for: USERINIT.EXE >
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2004/08/10 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2004/08/10 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINRNR.DLL >
[2004/08/10 06:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\Windows.old\Windows\system32\dllcache\winrnr.dll
[2004/08/10 06:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\Windows.old\Windows\system32\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009/07/13 20:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009/07/13 20:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 20:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 20:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< End of report >

OTL Extras logfile created on: 10/14/2012 9:47:00 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\CowTip\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 50.30% Memory free
11.98 Gb Paging File | 9.11 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.50 Gb Total Space | 694.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS

Computer Name: COWTIP-PC | User Name: CowTip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066F207D-0F83-440D-9336-6E9395803092}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07F58A8E-C6A1-4DFE-829E-6C7679AE515C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{213C032B-D434-46A0-997C-666008D08D3A}" = lport=445 | protocol=6 | dir=in | app=system |
"{285264D1-C875-4A60-BF0F-E85739973B57}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{2DB99E6C-703B-46D3-BB31-97BBA83E9773}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F83578C-FFC9-4AB5-9BD4-1E8C125B58CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FFF1D41-614A-4AC7-8A7A-670B5EE6A25E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{4D4A48D0-2BC1-4FC8-871B-92FC4654EFAA}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5380F753-FD84-479A-A636-4FCB50FE89DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{549774DE-3B71-4B78-A61A-E9008F05EBAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61F7C53D-4C69-475D-BECC-7FB1B181E1B8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C6EA12D-12A3-4C12-B38F-83E8E36AB674}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CD34CD6-7ED3-4959-B938-C44BD4B5109B}" = lport=137 | protocol=17 | dir=in | app=system |
"{753A9979-2FD0-4EA5-AB31-FF364D5A23B0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7BE3C0B6-8EE1-437F-8364-EDFC1054D623}" = rport=445 | protocol=6 | dir=out | app=system |
"{868DCAF0-1BBA-4B84-AAFB-97851F7D30E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8808E701-81BD-4C14-BF91-F37F21417353}" = lport=138 | protocol=17 | dir=in | app=system |
"{943928B0-AA32-4440-A7A6-E5D3557814D2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{98EB28EA-5F05-468F-B13A-DC3C91CC47CE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6360332-5B96-4A14-B0DF-F8E1D3CFFA6E}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A77A92CF-3DB6-4C27-AC88-93567BC4F9F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2E7F499-8E4E-4AFE-9303-D5CA52C1AC1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B70F824D-2744-4A0B-B2CC-436C095172F2}" = rport=138 | protocol=17 | dir=out | app=system |
"{B89C9DD2-23BD-4CFB-80EA-F8DD12749B9A}" = rport=139 | protocol=6 | dir=out | app=system |
"{C85A9A0B-9940-4B26-8EE3-2F5186F81772}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC96AB36-C300-4859-AE20-CE7976129BD3}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E00A71C4-B737-468B-86E8-57BEA0C98E6F}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{E7909799-19AA-4743-A9CD-6A613CE69ADF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE47F2F5-0845-447A-AD18-E62480CF31BF}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E5A0C2-A6A5-4672-B946-C79F15875344}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{0508E031-A321-4AFB-BEF6-2B9B2371F124}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{05F8E1A0-F620-4B85-94A8-F0AD52EC4BB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
"{0C751157-93B8-47FA-8F09-5E120BA6D442}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\azada\azada.exe |
"{0DB41D79-89E4-430E-9D09-DE5CDB21D0A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{0F360C1C-AC2F-495B-9A5B-6CE0D710C74E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{1093C89A-C832-414C-8B9C-7404D5A65067}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe |
"{16CEE715-CC7D-4651-87DE-5DBF5E61356A}" = protocol=58 | dir=out | [email protected],-28546 |
"{1A67916B-3756-4B01-953C-3B51F97AE72A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{1BFF2B2C-2D8C-4666-B2C6-B774DCBB0BCA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\windosill\windosill.exe |
"{1D405E59-0C4C-4EC4-B6CC-1B6FE540CE6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the tiny bang story\ttbs.exe |
"{200B1135-72D9-4030-B7B8-57B26B23C20F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{22752E0A-CAAF-4E6B-BD55-91203AF62799}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{2327D0A2-2DDA-402A-A513-DD411126EE16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe |
"{247EC005-E50D-426A-B325-A0AB742678A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25F21C8B-4FDB-4DF5-B873-D11AAECF9BA9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blueberry garden\blueberrygarden.exe |
"{276EB550-A17A-4625-967F-F890683B2979}" = protocol=6 | dir=in | app=c:\users\cowtip\appdata\roaming\dropbox\bin\dropbox.exe |
"{2931669F-137A-41F1-8B31-B375A8632273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E2C1E02-89BA-4E4F-B3EE-43DAAE68BBC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\azada\azada.exe |
"{3342BCAA-4596-48DB-85D3-373ECF04A3A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37E2C032-C745-460E-9A30-5DA695C23B11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe |
"{3A55E3F1-712A-4A0C-8687-70FF1A215D52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\djinni!.exe |
"{3CF0E490-0006-4963-B86F-6154CEF2B581}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D87788F-7B74-4BEC-AD69-F0047A9BF12B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FA6A831-9558-4280-997C-4ABD4EAB4837}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{40119815-F4DD-450D-89C9-D86E5531332A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{42063210-FEF7-4EFE-BE0A-3D1790CF173D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drawn the painted tower\drawn.exe |
"{43D5F135-ECE6-44D2-A835-E2D002B05400}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{48E6CF24-1B15-4491-B347-3198443521D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4932A5EE-4406-4A10-80C0-2529605FC21A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\windosill\windosill.exe |
"{4995A678-CE85-4811-A656-8B8D34B23C15}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{4ABA935E-3CEB-4698-AD9D-6E3E0F9FE41D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lume\lume.exe |
"{4D52A37D-C352-45CB-A5FA-0CF4153B5585}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{4EAFDE17-58EB-48FD-AC37-2D40FD3BB6C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{52099339-599B-4E45-B2B7-949588AC48A6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{52CC2A5C-3D71-4083-AC7C-31D20F2D3746}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{531D8764-55FE-498D-A11B-FB92EE322007}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{558B7D70-DD94-4AE3-AFE9-F489E30D1E7B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{55D91DBB-0B4A-4579-B3F9-634ED60BFFEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{56480CC6-9700-4D60-91F3-3D72CE1B704B}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{564A4ABA-EE20-4662-81B3-9A5A76EF8C17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\settings.exe |
"{59138125-6EC9-4CA4-866B-BC6DB6F0F521}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5CE4ED03-6F2A-4120-9C02-97492DDE68BB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{5DF4635C-FDE2-4E3A-8059-D46CFDD31823}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E25537C-40B2-4DAB-BC18-CE3CC8C1CA58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lume\lume.exe |
"{64DF736D-77A7-4E59-B61A-2AC1815F366C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\cnc4.exe |
"{682DEBF8-736D-4B06-BF10-C0A7E18E5E50}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lugaru hd\lugaru.exe |
"{6F8E9DD8-680F-4ED3-88F8-DD130BF6AA98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aquaria\aquaria.exe |
"{703D601C-E70D-4C1D-AEAE-63D39E768CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\your doodles are bugged!\yourdoodlesarebugged.exe |
"{7844F896-4451-4428-9A31-C35F131F446E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{7902382A-98FD-4A6E-B6F9-1462D40F801A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 3\gta3.exe |
"{7BCAAF5B-1089-4F93-8AE6-805FE781DF74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{7E5DC1AB-55B6-4DA3-B1C3-E1EFCD345478}" = protocol=1 | dir=out | [email protected],-28544 |
"{80278DDE-4DA3-4EA0-BDE3-418B3A69E546}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{831CEA31-0E0F-4AFC-AC4A-487233BB01C9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{88CF920D-EE7B-4F31-9519-D7750464F5FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8C4C8261-7AA2-4C25-A3AC-93339814F72D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{8C6659F0-192E-411E-A655-6FE01191D840}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{8E477F85-70D9-43A2-82D4-166F1B8F3EF6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
"{95C0D583-2E1E-4B7E-8DBB-14B18B5037C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the tiny bang story\ttbs.exe |
"{99EA464E-DE63-4CE0-8478-937E5B77DE4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saira\saira.exe |
"{9B3F0DC3-E280-46ED-942D-EDD4810DF11B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{9EE41256-41D7-4164-AA2C-D64F650E4B4A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer 4 tiberian twilight\support\ea help\electronic_arts_technical_support.htm |
"{A412114A-7CC0-4240-990A-35066248AE3B}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AAF1770C-B133-4174-A097-970E2FFAFBDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC93A26A-64A0-44B4-8536-1718353C0612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD4848FF-05E3-44AA-97A7-0DFC6C80292A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe |
"{AE04A1E7-F512-472E-BB14-6CDBD1E51378}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\drawn the painted tower\drawn.exe |
"{B0C4D556-BA97-42AD-8B75-DC800725091F}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{B4EE25B9-6BD7-4F9A-A86E-B64F0161C5EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the last remnant\binaries\tlr.exe |
"{B4FB6701-4F39-446A-A93A-449C4B8857E4}" = protocol=6 | dir=out | app=system |
"{B5D093D3-08B9-4960-ADB8-F25C7C66A381}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{B79F0DFA-F3DB-4DC1-9CDC-E71FDE0644CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA401F01-CEB1-4FCE-A0A6-B50BAB5076F2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BF0E68A4-7F73-4C29-B0A0-6F53F2CD24E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{C1D5353D-2CEC-4DED-BF5E-1C4F70A39B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{C5F5DCA8-AB0B-4DDC-A4F2-427519EAED0C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blueberry garden\blueberrygarden.exe |
"{C99E8579-1A2E-4170-9BBB-77191FA804A3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{CD326EA1-98BE-4EEE-829E-160FB7C554A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher enhanced edition\system\witcher.exe |
"{CD539DCC-8689-426B-8B8C-6B2111E6359F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{CE360500-45C2-42C6-B1DB-649BD82EE2F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lugaru hd\lugaru.exe |
"{CE65E9E2-36AD-4BBB-BE69-4208F5AB7671}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4AD2745-4895-4134-ACFD-2EE13F860771}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D946A010-6286-415D-B3E6-BBF0028D96C3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{DBF2E63F-7DD0-42E2-9D6C-246F83208B7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{DC083E28-ED2C-4805-B922-05C056856BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{E2722EC6-EFA3-4EDD-B2AB-B505748122CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{E30FAC15-1B11-465E-AB8E-BDD27040B38B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E4253633-DDAA-4305-9C5A-FBB33C13E2DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto 2\gta2.exe |
"{E5B6B1CF-E155-4A48-9A78-450252C31A78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED7815E1-10B2-4D78-A1C2-0F4D31B3C7CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gish\gish.exe |
"{EEC2F47B-A016-4FE1-BCCA-42D3E8C31FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{F2702B49-6D10-434D-A0C1-B450F9BAB416}" = protocol=58 | dir=in | [email protected],-28545 |
"{F2D61241-7477-43BA-A5E7-C6DF56363AC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{F31DBE62-55C3-4A29-A5AE-31907D3888D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto\wino\grand theft auto.exe |
"{F32391F4-2E33-4F2B-9417-E78AEBF6D4C6}" = protocol=17 | dir=in | app=c:\users\cowtip\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3DDB533-3528-419B-B3E9-BC35EBAC1F2E}" = protocol=1 | dir=in | [email protected],-28543 |
"{F98E4033-9A04-46C7-B0BF-831E7C9445CF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aquaria\aquaria.exe |
"{FD6D4F64-B0D4-4CA5-981A-1A3B649E94E4}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{FEC2E1E8-0146-44EA-89EA-1D17957B0BD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_cnq2414" = CanoScan LiDE 110 Scanner Driver
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{50EFE7D8-19B3-4FEB-901A-E6DAEBBF6196}" = Brother HL-2140
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E0C3C3D-CF8A-4AEC-AD6C-B4486A96BE8E}" = Bamboo Tablets Tutorial
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92F59AB3-8B11-4552-8F40-462270A8FD5E}" = PX5 Advanced Sound Editor
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor Platinum
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"AIM_7" = AIM 7
"Amazon Kindle" = Amazon Kindle
"Bamboo Dock" = Bamboo Dock
"BitTorrent" = BitTorrent
"CamStudio" = CamStudio
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ESET Online Scanner" = ESET Online Scanner v3
"Greenshot_is1" = Greenshot
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"N360" = Norton Security Suite
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 105100" = Lume
"Steam App 12100" = Grand Theft Auto III
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12170" = Grand Theft Auto
"Steam App 12180" = Grand Theft Auto 2
"Steam App 130" = Half-Life: Blue Shift
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 18700" = And Yet It Moves
"Steam App 200900" = Cave Story+
"Steam App 20900" = The Witcher: Enhanced Edition
"Steam App 220" = Half-Life 2
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 23310" = The Last Remnant
"Steam App 24420" = Aquaria
"Steam App 25010" = Lugaru HD
"Steam App 29160" = Blueberry Garden
"Steam App 29180" = Osmos
"Steam App 37600" = Windosill
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 40800" = Super Meat Boy
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 47700" = Command and Conquer 4: Tiberian Twilight
"Steam App 48900" = Saira
"Steam App 51060" = Drawn: The Painted Tower
"Steam App 65800" = Dungeon Defenders
"Steam App 70" = Half-Life
"Steam App 7340" = Azada
"Steam App 8190" = Just Cause 2
"Steam App 94200" = Jamestown
"Steam App 9500" = Gish
"Steam App 95500" = Your Doodles Are Bugged!
"Steam App 96000" = The Tiny Bang Story
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"World of Warcraft" = World of Warcraft
"ZillaTube" = ZillaTube 4.4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2012 3:09:23 AM | Computer Name = CowTip-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9db Exception code: 0xc0000005 Fault offset: 0x0000000000004e03
Faulting
process id: 0x698 Faulting application start time: 0x01cda844022334db Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: bf96d1ef-143b-11e2-9501-485b3986cf79

Error - 10/12/2012 3:20:19 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/12/2012 11:28:11 AM | Computer Name = CowTip-PC | Source = Application Error | ID = 1000
Description = Faulting application name: POWERPNT.EXE, version: 14.0.6009.1000,
time stamp: 0x4cc1a4ed Faulting module name: gfx.dll, version: 14.0.6019.1000, time
stamp: 0x4d55c29b Exception code: 0xc0000005 Fault offset: 0x0001c926 Faulting process
id: 0x6cc Faulting application start time: 0x01cda887edab6596 Faulting application
path: C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE Faulting module
path: C:\Program Files (x86)\Microsoft Office\Office14\gfx.dll Report Id: 6df7060a-1481-11e2-9501-485b3986cf79

Error - 10/12/2012 11:08:40 PM | Computer Name = CowTip-PC | Source = Application Error | ID = 1000
Description = Faulting application name: grep.3XE, version: 0.0.0.0, time stamp:
0x38a95b0a Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0x004011d4 Fault offset: 0x00039e89 Faulting process id:
0xbdc Faulting application start time: 0x01cda8f00a49d964 Faulting application path:
C:\ComboFix\grep.3XE Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id:
493a1f69-14e3-11e2-9528-485b3986cf79

Error - 10/13/2012 1:54:09 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/13/2012 1:55:09 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/14/2012 7:21:25 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/14/2012 7:22:33 AM | Computer Name = CowTip-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 10/12/2012 7:03:03 PM | Computer Name = COWTIP-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/12/2012 8:56:41 PM | Computer Name = CowTip-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:54:17 PM on ?10/?12/?2012 was unexpected.

Error - 10/12/2012 8:56:42 PM | Computer Name = COWTIP-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/12/2012 9:54:49 PM | Computer Name = CowTip-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{0DBA098A-FEC1-4A8F-B83A-8E087C7BB18C}
because another computer on the network has the same name. The server could not
start.

Error - 10/12/2012 10:45:42 PM | Computer Name = CowTip-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:43:17 PM on ?10/?12/?2012 was unexpected.

Error - 10/12/2012 10:45:42 PM | Computer Name = COWTIP-PC | Source = BugCheck | ID = 1001
Description =

Error - 10/12/2012 11:05:30 PM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/12/2012 11:07:50 PM | Computer Name = CowTip-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/12/2012 11:08:16 PM | Computer Name = CowTip-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/13/2012 11:50:39 AM | Computer Name = CowTip-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{0DBA098A-FEC1-4A8F-B83A-8E087C7BB18C}
because another computer on the network has the same name. The server could not
start.

< End of report >

**Good news is that the computer has been on all day today without crashing!** :cool:

#11
RKinner

Posted 14 October 2012 - 10:16 PM

Malware Expert

Expert
24,625 posts

I don't think it's worth worrying about the file that sfc doesn't like. Certainly not a critical file.

Let's see what happens if we replace the iaStorV.sys with its backup.

Copy the text in the code box by highlighting and Ctrl + c



:files
C:\Windows\SysNative\drivers\iaStorV.sys|C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys /replace

:Commands
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10142012-some number.log.

Then run TDSSKiller and let's see if it is still complaining about the forged md5.

#12
Aristazi

Posted 16 October 2012 - 09:16 PM

Member

Topic Starter
Member
266 posts

Looks like OTL couldn't replace the file, I ran TDSSKiller again anyway though and didn't get the popup about the file this time. (I installed the TDSSKiller updated version when it prompted me to.) Here are the logs:

========== FILES ==========
Unable to replace file: C:\Windows\SysNative\drivers\iaStorV.sys with C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10162012_220732

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) C:\Windows\SysNative\drivers\iaStorV.sys : MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366

Registry entries deleted on Reboot...

22:11:17.0354 4788 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:11:17.0807 4788 ============================================================
22:11:17.0807 4788 Current date / time: 2012/10/16 22:11:17.0807
22:11:17.0807 4788 SystemInfo:
22:11:17.0807 4788
22:11:17.0807 4788 OS Version: 6.1.7601 ServicePack: 1.0
22:11:17.0807 4788 Product type: Workstation
22:11:17.0807 4788 ComputerName: COWTIP-PC
22:11:17.0807 4788 UserName: CowTip
22:11:17.0807 4788 Windows directory: C:\Windows
22:11:17.0807 4788 System windows directory: C:\Windows
22:11:17.0807 4788 Running under WOW64
22:11:17.0807 4788 Processor architecture: Intel x64
22:11:17.0807 4788 Number of processors: 8
22:11:17.0807 4788 Page size: 0x1000
22:11:17.0807 4788 Boot type: Normal boot
22:11:17.0807 4788 ============================================================
22:11:18.0977 4788 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:11:18.0977 4788 ============================================================
22:11:18.0977 4788 \Device\Harddisk0\DR0:
22:11:18.0977 4788 MBR partitions:
22:11:18.0977 4788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
22:11:18.0977 4788 ============================================================
22:11:18.0992 4788 C: <-> \Device\Harddisk0\DR0\Partition1
22:11:18.0992 4788 ============================================================
22:11:18.0992 4788 Initialize success
22:11:18.0992 4788 ============================================================
22:11:22.0923 4712 ============================================================
22:11:22.0923 4712 Scan started
22:11:22.0923 4712 Mode: Manual;
22:11:22.0923 4712 ============================================================
22:11:24.0031 4712 ================ Scan system memory ========================
22:11:24.0031 4712 System memory - ok
22:11:24.0031 4712 ================ Scan services =============================
22:11:24.0156 4712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:11:24.0171 4712 1394ohci - ok
22:11:24.0203 4712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:11:24.0203 4712 ACPI - ok
22:11:24.0234 4712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:11:24.0234 4712 AcpiPmi - ok
22:11:24.0281 4712 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:11:24.0296 4712 adfs - ok
22:11:24.0421 4712 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
22:11:24.0421 4712 Adobe Version Cue CS4 - ok
22:11:24.0530 4712 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:24.0577 4712 AdobeFlashPlayerUpdateSvc - ok
22:11:24.0608 4712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:24.0608 4712 adp94xx - ok
22:11:24.0624 4712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:11:24.0624 4712 adpahci - ok
22:11:24.0639 4712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:11:24.0639 4712 adpu320 - ok
22:11:24.0671 4712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:11:24.0671 4712 AeLookupSvc - ok
22:11:24.0717 4712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:11:24.0717 4712 AFD - ok
22:11:24.0733 4712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:11:24.0749 4712 agp440 - ok
22:11:24.0764 4712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:11:24.0764 4712 ALG - ok
22:11:24.0780 4712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:11:24.0780 4712 aliide - ok
22:11:24.0795 4712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:11:24.0795 4712 amdide - ok
22:11:24.0795 4712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:11:24.0795 4712 AmdK8 - ok
22:11:24.0811 4712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:11:24.0811 4712 AmdPPM - ok
22:11:24.0827 4712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:11:24.0858 4712 amdsata - ok
22:11:24.0873 4712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:24.0873 4712 amdsbs - ok
22:11:24.0889 4712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:11:24.0905 4712 amdxata - ok
22:11:24.0936 4712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:11:24.0936 4712 AppID - ok
22:11:24.0951 4712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:11:24.0967 4712 AppIDSvc - ok
22:11:24.0983 4712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:11:24.0998 4712 Appinfo - ok
22:11:25.0029 4712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:11:25.0045 4712 AppMgmt - ok
22:11:25.0061 4712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:11:25.0061 4712 arc - ok
22:11:25.0076 4712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:11:25.0076 4712 arcsas - ok
22:11:25.0107 4712 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:11:25.0107 4712 AsIO - ok
22:11:25.0217 4712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:11:25.0248 4712 aspnet_state - ok
22:11:25.0263 4712 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
22:11:25.0279 4712 AsUpIO - ok
22:11:25.0295 4712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:25.0295 4712 AsyncMac - ok
22:11:25.0310 4712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:11:25.0310 4712 atapi - ok
22:11:25.0357 4712 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:11:25.0388 4712 athr - ok
22:11:25.0419 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:25.0419 4712 AudioEndpointBuilder - ok
22:11:25.0435 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:11:25.0435 4712 AudioSrv - ok
22:11:25.0466 4712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:11:25.0466 4712 AxInstSV - ok
22:11:25.0497 4712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:11:25.0497 4712 b06bdrv - ok
22:11:25.0529 4712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:11:25.0529 4712 b57nd60a - ok
22:11:25.0544 4712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:11:25.0560 4712 BDESVC - ok
22:11:25.0575 4712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:11:25.0575 4712 Beep - ok
22:11:25.0622 4712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:11:25.0638 4712 BFE - ok
22:11:25.0841 4712 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx64.sys
22:11:25.0856 4712 BHDrvx64 - ok
22:11:25.0887 4712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:11:25.0887 4712 BITS - ok
22:11:25.0903 4712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:25.0903 4712 blbdrive - ok
22:11:25.0950 4712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:11:25.0950 4712 bowser - ok
22:11:25.0965 4712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:25.0965 4712 BrFiltLo - ok
22:11:25.0981 4712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:25.0981 4712 BrFiltUp - ok
22:11:26.0012 4712 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:11:26.0028 4712 BridgeMP - ok
22:11:26.0059 4712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:11:26.0059 4712 Browser - ok
22:11:26.0075 4712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:11:26.0075 4712 Brserid - ok
22:11:26.0090 4712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:26.0090 4712 BrSerWdm - ok
22:11:26.0106 4712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:26.0106 4712 BrUsbMdm - ok
22:11:26.0106 4712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:26.0106 4712 BrUsbSer - ok
22:11:26.0121 4712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:26.0121 4712 BTHMODEM - ok
22:11:26.0137 4712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:11:26.0137 4712 bthserv - ok
22:11:26.0153 4712 catchme - ok
22:11:26.0168 4712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:11:26.0168 4712 cdfs - ok
22:11:26.0199 4712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:11:26.0199 4712 cdrom - ok
22:11:26.0231 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:11:26.0246 4712 CertPropSvc - ok
22:11:26.0246 4712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:11:26.0262 4712 circlass - ok
22:11:26.0277 4712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:11:26.0293 4712 CLFS - ok
22:11:26.0340 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:26.0355 4712 clr_optimization_v2.0.50727_32 - ok
22:11:26.0387 4712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:11:26.0387 4712 clr_optimization_v2.0.50727_64 - ok
22:11:26.0480 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:26.0589 4712 clr_optimization_v4.0.30319_32 - ok
22:11:26.0605 4712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:11:26.0621 4712 clr_optimization_v4.0.30319_64 - ok
22:11:26.0636 4712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:26.0636 4712 CmBatt - ok
22:11:26.0652 4712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:11:26.0667 4712 cmdide - ok
22:11:26.0699 4712 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:11:26.0714 4712 CNG - ok
22:11:26.0730 4712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:11:26.0730 4712 Compbatt - ok
22:11:26.0745 4712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:11:26.0745 4712 CompositeBus - ok
22:11:26.0761 4712 COMSysApp - ok
22:11:26.0792 4712 [ 71879A4AB90D21BCCF9E3CFCF0BB5F4A ] copperhd C:\Windows\system32\drivers\copperhd.sys
22:11:26.0792 4712 copperhd - ok
22:11:26.0808 4712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:26.0808 4712 crcdisk - ok
22:11:26.0839 4712 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:11:26.0855 4712 CryptSvc - ok
22:11:26.0870 4712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:11:26.0886 4712 CSC - ok
22:11:26.0917 4712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:11:26.0917 4712 CscService - ok
22:11:26.0933 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:11:26.0948 4712 DcomLaunch - ok
22:11:26.0964 4712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:11:26.0979 4712 defragsvc - ok
22:11:27.0026 4712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:11:27.0026 4712 DfsC - ok
22:11:27.0042 4712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:11:27.0042 4712 Dhcp - ok
22:11:27.0057 4712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:11:27.0057 4712 discache - ok
22:11:27.0089 4712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:11:27.0089 4712 Disk - ok
22:11:27.0120 4712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:11:27.0135 4712 Dnscache - ok
22:11:27.0167 4712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:11:27.0167 4712 dot3svc - ok
22:11:27.0198 4712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:11:27.0198 4712 DPS - ok
22:11:27.0229 4712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:11:27.0229 4712 drmkaud - ok
22:11:27.0260 4712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:11:27.0260 4712 DXGKrnl - ok
22:11:27.0276 4712 EagleX64 - ok
22:11:27.0307 4712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:11:27.0323 4712 EapHost - ok
22:11:27.0369 4712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:11:27.0416 4712 ebdrv - ok
22:11:27.0479 4712 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:11:27.0494 4712 eeCtrl - ok
22:11:27.0510 4712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:11:27.0510 4712 EFS - ok
22:11:27.0557 4712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:11:27.0557 4712 ehRecvr - ok
22:11:27.0572 4712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:11:27.0572 4712 ehSched - ok
22:11:27.0603 4712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:11:27.0619 4712 elxstor - ok
22:11:27.0666 4712 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:11:27.0666 4712 EraserUtilRebootDrv - ok
22:11:27.0681 4712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:11:27.0681 4712 ErrDev - ok
22:11:27.0697 4712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:11:27.0713 4712 EventSystem - ok
22:11:27.0713 4712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:11:27.0728 4712 exfat - ok
22:11:27.0744 4712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:11:27.0744 4712 fastfat - ok
22:11:27.0791 4712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:11:27.0791 4712 Fax - ok
22:11:27.0806 4712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:11:27.0806 4712 fdc - ok
22:11:27.0822 4712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:11:27.0822 4712 fdPHost - ok
22:11:27.0837 4712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:11:27.0837 4712 FDResPub - ok
22:11:27.0853 4712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:11:27.0853 4712 FileInfo - ok
22:11:27.0869 4712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:11:27.0869 4712 Filetrace - ok
22:11:27.0915 4712 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:11:27.0931 4712 FLEXnet Licensing Service - ok
22:11:28.0009 4712 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:11:28.0025 4712 FLEXnet Licensing Service 64 - ok
22:11:28.0040 4712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:28.0040 4712 flpydisk - ok
22:11:28.0071 4712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:11:28.0071 4712 FltMgr - ok
22:11:28.0118 4712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:11:28.0134 4712 FontCache - ok
22:11:28.0181 4712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:11:28.0181 4712 FontCache3.0.0.0 - ok
22:11:28.0196 4712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:11:28.0196 4712 FsDepends - ok
22:11:28.0227 4712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:11:28.0243 4712 Fs_Rec - ok
22:11:28.0274 4712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:11:28.0274 4712 fvevol - ok
22:11:28.0305 4712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:28.0305 4712 gagp30kx - ok
22:11:28.0352 4712 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:11:28.0368 4712 GEARAspiWDM - ok
22:11:28.0399 4712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:11:28.0399 4712 gpsvc - ok
22:11:28.0461 4712 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:11:28.0493 4712 gusvc - ok
22:11:28.0493 4712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:11:28.0493 4712 hcw85cir - ok
22:11:28.0539 4712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:28.0539 4712 HdAudAddService - ok
22:11:28.0571 4712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:11:28.0571 4712 HDAudBus - ok
22:11:28.0571 4712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:28.0571 4712 HidBatt - ok
22:11:28.0586 4712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:11:28.0586 4712 HidBth - ok
22:11:28.0602 4712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:11:28.0602 4712 HidIr - ok
22:11:28.0617 4712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:11:28.0617 4712 hidserv - ok
22:11:28.0664 4712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:11:28.0664 4712 HidUsb - ok
22:11:28.0695 4712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:11:28.0695 4712 hkmsvc - ok
22:11:28.0727 4712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:11:28.0742 4712 HomeGroupListener - ok
22:11:28.0773 4712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:11:28.0773 4712 HomeGroupProvider - ok
22:11:28.0805 4712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:11:28.0820 4712 HpSAMD - ok
22:11:28.0836 4712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:11:28.0851 4712 HTTP - ok
22:11:28.0867 4712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:11:28.0883 4712 hwpolicy - ok
22:11:28.0914 4712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:11:28.0914 4712 i8042prt - ok
22:11:28.0929 4712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:11:28.0929 4712 iaStorV - ok
22:11:28.0976 4712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:11:29.0007 4712 idsvc - ok
22:11:29.0085 4712 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121016.001\IDSvia64.sys
22:11:29.0085 4712 IDSVia64 - ok
22:11:29.0117 4712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:11:29.0117 4712 iirsp - ok
22:11:29.0210 4712 [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
22:11:29.0210 4712 IJPLMSVC - ok
22:11:29.0241 4712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:11:29.0241 4712 IKEEXT - ok
22:11:29.0257 4712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:11:29.0273 4712 intelide - ok
22:11:29.0273 4712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:11:29.0273 4712 intelppm - ok
22:11:29.0288 4712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:11:29.0304 4712 IPBusEnum - ok
22:11:29.0335 4712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:29.0351 4712 IpFilterDriver - ok
22:11:29.0382 4712 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:11:29.0382 4712 iphlpsvc - ok
22:11:29.0413 4712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:11:29.0429 4712 IPMIDRV - ok
22:11:29.0444 4712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:11:29.0444 4712 IPNAT - ok
22:11:29.0475 4712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:11:29.0475 4712 IRENUM - ok
22:11:29.0491 4712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:11:29.0491 4712 isapnp - ok
22:11:29.0507 4712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:11:29.0507 4712 iScsiPrt - ok
22:11:29.0522 4712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:29.0522 4712 kbdclass - ok
22:11:29.0522 4712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:11:29.0522 4712 kbdhid - ok
22:11:29.0538 4712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:11:29.0538 4712 KeyIso - ok
22:11:29.0569 4712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:11:29.0585 4712 KSecDD - ok
22:11:29.0616 4712 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:11:29.0616 4712 KSecPkg - ok
22:11:29.0616 4712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:11:29.0616 4712 ksthunk - ok
22:11:29.0631 4712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:11:29.0663 4712 KtmRm - ok
22:11:29.0678 4712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:11:29.0678 4712 LanmanServer - ok
22:11:29.0709 4712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:29.0709 4712 LanmanWorkstation - ok
22:11:29.0741 4712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:11:29.0741 4712 lltdio - ok
22:11:29.0756 4712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:11:29.0772 4712 lltdsvc - ok
22:11:29.0772 4712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:11:29.0787 4712 lmhosts - ok
22:11:29.0803 4712 lmimirr - ok
22:11:29.0819 4712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:29.0819 4712 LSI_FC - ok
22:11:29.0834 4712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:29.0834 4712 LSI_SAS - ok
22:11:29.0834 4712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:29.0834 4712 LSI_SAS2 - ok
22:11:29.0850 4712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:29.0865 4712 LSI_SCSI - ok
22:11:29.0865 4712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:11:29.0881 4712 luafv - ok
22:11:29.0897 4712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:11:29.0912 4712 Mcx2Svc - ok
22:11:29.0928 4712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:11:29.0928 4712 megasas - ok
22:11:29.0943 4712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:29.0943 4712 MegaSR - ok
22:11:29.0959 4712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:11:29.0959 4712 MMCSS - ok
22:11:29.0975 4712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:11:29.0975 4712 Modem - ok
22:11:29.0975 4712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:11:29.0990 4712 monitor - ok
22:11:29.0990 4712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:11:29.0990 4712 mouclass - ok
22:11:30.0006 4712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:11:30.0021 4712 mouhid - ok
22:11:30.0053 4712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:11:30.0053 4712 mountmgr - ok
22:11:30.0115 4712 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:11:30.0131 4712 MozillaMaintenance - ok
22:11:30.0177 4712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:11:30.0177 4712 mpio - ok
22:11:30.0193 4712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:11:30.0209 4712 mpsdrv - ok
22:11:30.0240 4712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:11:30.0255 4712 MpsSvc - ok
22:11:30.0271 4712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:11:30.0287 4712 MRxDAV - ok
22:11:30.0318 4712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:30.0318 4712 mrxsmb - ok
22:11:30.0349 4712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:30.0349 4712 mrxsmb10 - ok
22:11:30.0365 4712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:30.0396 4712 mrxsmb20 - ok
22:11:30.0411 4712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:11:30.0411 4712 msahci - ok
22:11:30.0427 4712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:11:30.0427 4712 msdsm - ok
22:11:30.0443 4712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:11:30.0443 4712 MSDTC - ok
22:11:30.0458 4712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:11:30.0458 4712 Msfs - ok
22:11:30.0474 4712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:11:30.0474 4712 mshidkmdf - ok
22:11:30.0505 4712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:11:30.0505 4712 msisadrv - ok
22:11:30.0536 4712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:11:30.0536 4712 MSiSCSI - ok
22:11:30.0536 4712 msiserver - ok
22:11:30.0552 4712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:11:30.0552 4712 MSKSSRV - ok
22:11:30.0567 4712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:30.0567 4712 MSPCLOCK - ok
22:11:30.0583 4712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:11:30.0583 4712 MSPQM - ok
22:11:30.0614 4712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:11:30.0630 4712 MsRPC - ok
22:11:30.0645 4712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:11:30.0645 4712 mssmbios - ok
22:11:30.0661 4712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:11:30.0661 4712 MSTEE - ok
22:11:30.0661 4712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:30.0677 4712 MTConfig - ok
22:11:30.0708 4712 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:11:30.0723 4712 MTsensor - ok
22:11:30.0739 4712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:11:30.0739 4712 Mup - ok
22:11:30.0801 4712 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
22:11:30.0801 4712 N360 - ok
22:11:30.0848 4712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:11:30.0848 4712 napagent - ok
22:11:30.0864 4712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:11:30.0879 4712 NativeWifiP - ok
22:11:30.0957 4712 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121016.009\ENG64.SYS
22:11:30.0973 4712 NAVENG - ok
22:11:31.0020 4712 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121016.009\EX64.SYS
22:11:31.0035 4712 NAVEX15 - ok
22:11:31.0082 4712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:11:31.0082 4712 NDIS - ok
22:11:31.0113 4712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:31.0113 4712 NdisCap - ok
22:11:31.0129 4712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:31.0129 4712 NdisTapi - ok
22:11:31.0176 4712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:31.0238 4712 Ndisuio - ok
22:11:31.0269 4712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:31.0285 4712 NdisWan - ok
22:11:31.0301 4712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:11:31.0316 4712 NDProxy - ok
22:11:31.0332 4712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:11:31.0347 4712 NetBIOS - ok
22:11:31.0363 4712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:11:31.0363 4712 NetBT - ok
22:11:31.0379 4712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:11:31.0379 4712 Netlogon - ok
22:11:31.0410 4712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:11:31.0410 4712 Netman - ok
22:11:31.0441 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:31.0488 4712 NetMsmqActivator - ok
22:11:31.0503 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:31.0503 4712 NetPipeActivator - ok
22:11:31.0503 4712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:11:31.0519 4712 netprofm - ok
22:11:31.0519 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:31.0519 4712 NetTcpActivator - ok
22:11:31.0519 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:31.0519 4712 NetTcpPortSharing - ok
22:11:31.0550 4712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:31.0550 4712 nfrd960 - ok
22:11:31.0581 4712 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:11:31.0581 4712 NlaSvc - ok
22:11:31.0597 4712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:11:31.0597 4712 Npfs - ok
22:11:31.0613 4712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:11:31.0628 4712 nsi - ok
22:11:31.0628 4712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:11:31.0644 4712 nsiproxy - ok
22:11:31.0691 4712 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:11:31.0722 4712 Ntfs - ok
22:11:31.0737 4712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:11:31.0737 4712 Null - ok
22:11:31.0769 4712 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:11:31.0784 4712 nusb3hub - ok
22:11:31.0800 4712 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:11:31.0800 4712 nusb3xhc - ok
22:11:31.0847 4712 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:11:31.0862 4712 NVHDA - ok
22:11:32.0065 4712 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:11:32.0127 4712 nvlddmkm - ok
22:11:32.0159 4712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:11:32.0174 4712 nvraid - ok
22:11:32.0174 4712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:11:32.0190 4712 nvstor - ok
22:11:32.0237 4712 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:11:32.0237 4712 nvsvc - ok
22:11:32.0330 4712 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:11:32.0346 4712 nvUpdatusService - ok
22:11:32.0377 4712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:11:32.0393 4712 nv_agp - ok
22:11:32.0424 4712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:11:32.0424 4712 ohci1394 - ok
22:11:32.0471 4712 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:32.0486 4712 ose - ok
22:11:32.0611 4712 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:11:32.0658 4712 osppsvc - ok
22:11:32.0673 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:11:32.0689 4712 p2pimsvc - ok
22:11:32.0705 4712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:11:32.0720 4712 p2psvc - ok
22:11:32.0736 4712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:11:32.0736 4712 Parport - ok
22:11:32.0767 4712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:11:32.0783 4712 partmgr - ok
22:11:32.0783 4712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:11:32.0783 4712 PcaSvc - ok
22:11:32.0798 4712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:11:32.0798 4712 pci - ok
22:11:32.0814 4712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:11:32.0814 4712 pciide - ok
22:11:32.0814 4712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:32.0829 4712 pcmcia - ok
22:11:32.0845 4712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:11:32.0845 4712 pcw - ok
22:11:32.0861 4712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:11:32.0861 4712 PEAUTH - ok
22:11:32.0907 4712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:11:32.0923 4712 PeerDistSvc - ok
22:11:32.0970 4712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:11:32.0985 4712 PerfHost - ok
22:11:33.0048 4712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:11:33.0063 4712 pla - ok
22:11:33.0126 4712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:11:33.0126 4712 PlugPlay - ok
22:11:33.0141 4712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:11:33.0157 4712 PNRPAutoReg - ok
22:11:33.0173 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:11:33.0173 4712 PNRPsvc - ok
22:11:33.0188 4712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:11:33.0204 4712 PolicyAgent - ok
22:11:33.0219 4712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:11:33.0219 4712 Power - ok
22:11:33.0251 4712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:11:33.0251 4712 PptpMiniport - ok
22:11:33.0266 4712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:11:33.0282 4712 Processor - ok
22:11:33.0344 4712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:11:33.0375 4712 ProfSvc - ok
22:11:33.0391 4712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:11:33.0391 4712 ProtectedStorage - ok
22:11:33.0438 4712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:11:33.0453 4712 Psched - ok
22:11:33.0578 4712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:11:33.0609 4712 ql2300 - ok
22:11:33.0609 4712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:11:33.0609 4712 ql40xx - ok
22:11:33.0641 4712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:11:33.0687 4712 QWAVE - ok
22:11:33.0734 4712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:11:33.0750 4712 QWAVEdrv - ok
22:11:33.0765 4712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:11:33.0781 4712 RasAcd - ok
22:11:33.0812 4712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:11:33.0812 4712 RasAgileVpn - ok
22:11:33.0843 4712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:11:33.0859 4712 RasAuto - ok
22:11:33.0875 4712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:33.0890 4712 Rasl2tp - ok
22:11:33.0953 4712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:11:33.0968 4712 RasMan - ok
22:11:33.0968 4712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:33.0984 4712 RasPppoe - ok
22:11:34.0015 4712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:11:34.0015 4712 RasSstp - ok
22:11:34.0031 4712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:11:34.0046 4712 rdbss - ok
22:11:34.0062 4712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:11:34.0077 4712 rdpbus - ok
22:11:34.0077 4712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:34.0093 4712 RDPCDD - ok
22:11:34.0124 4712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:11:34.0140 4712 RDPDR - ok
22:11:34.0155 4712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:11:34.0155 4712 RDPENCDD - ok
22:11:34.0155 4712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:11:34.0155 4712 RDPREFMP - ok
22:11:34.0171 4712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:11:34.0171 4712 RDPWD - ok
22:11:34.0218 4712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:11:34.0218 4712 rdyboost - ok
22:11:34.0233 4712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:11:34.0233 4712 RemoteAccess - ok
22:11:34.0249 4712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:11:34.0265 4712 RemoteRegistry - ok
22:11:34.0296 4712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:11:34.0296 4712 RpcEptMapper - ok
22:11:34.0327 4712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:11:34.0327 4712 RpcLocator - ok
22:11:34.0374 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:11:34.0374 4712 RpcSs - ok
22:11:34.0389 4712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:11:34.0421 4712 rspndr - ok
22:11:34.0452 4712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:11:34.0452 4712 s3cap - ok
22:11:34.0467 4712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:11:34.0467 4712 SamSs - ok
22:11:34.0483 4712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:11:34.0499 4712 sbp2port - ok
22:11:34.0514 4712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:11:34.0530 4712 SCardSvr - ok
22:11:34.0561 4712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:11:34.0577 4712 scfilter - ok
22:11:34.0608 4712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:11:34.0623 4712 Schedule - ok
22:11:34.0655 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:11:34.0670 4712 SCPolicySvc - ok
22:11:34.0686 4712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:11:34.0701 4712 SDRSVC - ok
22:11:34.0733 4712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:11:34.0733 4712 secdrv - ok
22:11:34.0764 4712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:11:34.0764 4712 seclogon - ok
22:11:34.0764 4712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:11:34.0764 4712 SENS - ok
22:11:34.0779 4712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:11:34.0779 4712 SensrSvc - ok
22:11:34.0811 4712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:11:34.0811 4712 Serenum - ok
22:11:34.0826 4712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:11:34.0826 4712 Serial - ok
22:11:34.0857 4712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:11:34.0857 4712 sermouse - ok
22:11:34.0904 4712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:11:34.0904 4712 SessionEnv - ok
22:11:34.0920 4712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:11:34.0920 4712 sffdisk - ok
22:11:34.0920 4712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:11:34.0920 4712 sffp_mmc - ok
22:11:34.0935 4712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:11:34.0935 4712 sffp_sd - ok
22:11:34.0935 4712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:11:34.0935 4712 sfloppy - ok
22:11:34.0967 4712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:11:34.0982 4712 SharedAccess - ok
22:11:35.0013 4712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:11:35.0013 4712 ShellHWDetection - ok
22:11:35.0045 4712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:11:35.0045 4712 SiSRaid2 - ok
22:11:35.0076 4712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:11:35.0076 4712 SiSRaid4 - ok
22:11:35.0154 4712 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:11:35.0169 4712 SkypeUpdate - ok
22:11:35.0201 4712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:11:35.0201 4712 Smb - ok
22:11:35.0247 4712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:11:35.0263 4712 SNMPTRAP - ok
22:11:35.0279 4712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:11:35.0279 4712 spldr - ok
22:11:35.0325 4712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:11:35.0325 4712 Spooler - ok
22:11:35.0435 4712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:11:35.0466 4712 sppsvc - ok
22:11:35.0481 4712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:11:35.0497 4712 sppuinotify - ok
22:11:35.0575 4712 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
22:11:35.0591 4712 SRTSP - ok
22:11:35.0606 4712 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
22:11:35.0606 4712 SRTSPX - ok
22:11:35.0653 4712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:11:35.0669 4712 srv - ok
22:11:35.0700 4712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:11:35.0715 4712 srv2 - ok
22:11:35.0715 4712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:11:35.0731 4712 srvnet - ok
22:11:35.0762 4712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:11:35.0778 4712 SSDPSRV - ok
22:11:35.0793 4712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:11:35.0793 4712 SstpSvc - ok
22:11:35.0825 4712 Steam Client Service - ok
22:11:35.0887 4712 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:11:35.0887 4712 Stereo Service - ok
22:11:35.0903 4712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:11:35.0903 4712 stexstor - ok
22:11:35.0934 4712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:11:35.0934 4712 stisvc - ok
22:11:35.0981 4712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:11:35.0981 4712 storflt - ok
22:11:35.0996 4712 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:11:35.0996 4712 StorSvc - ok
22:11:36.0027 4712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:11:36.0027 4712 storvsc - ok
22:11:36.0059 4712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:11:36.0059 4712 swenum - ok
22:11:36.0074 4712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:11:36.0090 4712 swprv - ok
22:11:36.0105 4712 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
22:11:36.0105 4712 SymDS - ok
22:11:36.0137 4712 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
22:11:36.0152 4712 SymEFA - ok
22:11:36.0199 4712 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:11:36.0215 4712 SymEvent - ok
22:11:36.0230 4712 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
22:11:36.0230 4712 SymIRON - ok
22:11:36.0246 4712 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\Windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
22:11:36.0246 4712 SymNetS - ok
22:11:36.0293 4712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:11:36.0324 4712 SysMain - ok
22:11:36.0339 4712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:11:36.0355 4712 TabletInputService - ok
22:11:36.0495 4712 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
22:11:36.0558 4712 TabletServicePen - ok
22:11:36.0589 4712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:11:36.0589 4712 TapiSrv - ok
22:11:36.0605 4712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:11:36.0620 4712 TBS - ok
22:11:36.0667 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:11:36.0698 4712 Tcpip - ok
22:11:36.0714 4712 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:11:36.0729 4712 TCPIP6 - ok
22:11:36.0761 4712 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:11:36.0761 4712 tcpipreg - ok
22:11:36.0776 4712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:11:36.0792 4712 TDPIPE - ok
22:11:36.0807 4712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:11:36.0807 4712 TDTCP - ok
22:11:36.0839 4712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:11:36.0854 4712 tdx - ok
22:11:36.0870 4712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:11:36.0885 4712 TermDD - ok
22:11:36.0917 4712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:11:36.0917 4712 TermService - ok
22:11:36.0932 4712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:11:36.0932 4712 Themes - ok
22:11:36.0948 4712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:11:36.0963 4712 THREADORDER - ok
22:11:36.0979 4712 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
22:11:36.0995 4712 TouchServicePen - ok
22:11:37.0026 4712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:11:37.0026 4712 TrkWks - ok
22:11:37.0088 4712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:11:37.0088 4712 TrustedInstaller - ok
22:11:37.0119 4712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:37.0119 4712 tssecsrv - ok
22:11:37.0151 4712 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:11:37.0166 4712 TsUsbFlt - ok
22:11:37.0197 4712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:11:37.0197 4712 tunnel - ok
22:11:37.0213 4712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:11:37.0229 4712 uagp35 - ok
22:11:37.0260 4712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:11:37.0260 4712 udfs - ok
22:11:37.0275 4712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:11:37.0291 4712 UI0Detect - ok
22:11:37.0307 4712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:11:37.0307 4712 uliagpkx - ok
22:11:37.0338 4712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:11:37.0353 4712 umbus - ok
22:11:37.0353 4712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:11:37.0353 4712 UmPass - ok
22:11:37.0369 4712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:11:37.0385 4712 UmRdpService - ok
22:11:37.0416 4712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:11:37.0416 4712 upnphost - ok
22:11:37.0463 4712 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:11:37.0463 4712 usbaudio - ok
22:11:37.0478 4712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:11:37.0478 4712 usbccgp - ok
22:11:37.0494 4712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:11:37.0494 4712 usbcir - ok
22:11:37.0509 4712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:11:37.0509 4712 usbehci - ok
22:11:37.0525 4712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:11:37.0525 4712 usbhub - ok
22:11:37.0541 4712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:11:37.0541 4712 usbohci - ok
22:11:37.0572 4712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:11:37.0572 4712 usbprint - ok
22:11:37.0603 4712 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:11:37.0603 4712 usbscan - ok
22:11:37.0619 4712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:11:37.0619 4712 USBSTOR - ok
22:11:37.0634 4712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:11:37.0634 4712 usbuhci - ok
22:11:37.0650 4712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:11:37.0650 4712 UxSms - ok
22:11:37.0650 4712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:11:37.0650 4712 VaultSvc - ok
22:11:37.0665 4712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:11:37.0665 4712 vdrvroot - ok
22:11:37.0697 4712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:11:37.0712 4712 vds - ok
22:11:37.0728 4712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:11:37.0728 4712 vga - ok
22:11:37.0743 4712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:11:37.0743 4712 VgaSave - ok
22:11:37.0759 4712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:11:37.0759 4712 vhdmp - ok
22:11:37.0775 4712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:11:37.0775 4712 viaide - ok
22:11:37.0790 4712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:11:37.0790 4712 vmbus - ok
22:11:37.0821 4712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:11:37.0821 4712 VMBusHID - ok
22:11:37.0853 4712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:11:37.0853 4712 volmgr - ok
22:11:37.0884 4712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:11:37.0899 4712 volmgrx - ok
22:11:37.0915 4712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:11:37.0915 4712 volsnap - ok
22:11:37.0931 4712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:11:37.0931 4712 vsmraid - ok
22:11:37.0977 4712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:11:37.0993 4712 VSS - ok
22:11:38.0009 4712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:11:38.0009 4712 vwifibus - ok
22:11:38.0024 4712 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:11:38.0040 4712 vwififlt - ok
22:11:38.0055 4712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:11:38.0071 4712 W32Time - ok
22:11:38.0102 4712 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
22:11:38.0102 4712 wacommousefilter - ok
22:11:38.0118 4712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:11:38.0118 4712 WacomPen - ok
22:11:38.0118 4712 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
22:11:38.0133 4712 wacomvhid - ok
22:11:38.0149 4712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:11:38.0149 4712 WANARP - ok
22:11:38.0165 4712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:11:38.0165 4712 Wanarpv6 - ok
22:11:38.0211 4712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:11:38.0227 4712 WatAdminSvc - ok
22:11:38.0274 4712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:11:38.0289 4712 wbengine - ok
22:11:38.0305 4712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:11:38.0321 4712 WbioSrvc - ok
22:11:38.0352 4712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:11:38.0352 4712 wcncsvc - ok
22:11:38.0367 4712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:11:38.0367 4712 WcsPlugInService - ok
22:11:38.0399 4712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:11:38.0399 4712 Wd - ok
22:11:38.0414 4712 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:11:38.0430 4712 Wdf01000 - ok
22:11:38.0445 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:11:38.0445 4712 WdiServiceHost - ok
22:11:38.0445 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:11:38.0445 4712 WdiSystemHost - ok
22:11:38.0477 4712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:11:38.0492 4712 WebClient - ok
22:11:38.0508 4712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:11:38.0523 4712 Wecsvc - ok
22:11:38.0539 4712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:11:38.0539 4712 wercplsupport - ok
22:11:38.0555 4712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:11:38.0570 4712 WerSvc - ok
22:11:38.0570 4712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:11:38.0586 4712 WfpLwf - ok
22:11:38.0586 4712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:11:38.0586 4712 WIMMount - ok
22:11:38.0601 4712 WinDefend - ok
22:11:38.0617 4712 WinHttpAutoProxySvc - ok
22:11:38.0664 4712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:11:38.0664 4712 Winmgmt - ok
22:11:38.0711 4712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:11:38.0742 4712 WinRM - ok
22:11:38.0789 4712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:11:38.0789 4712 WinUsb - ok
22:11:38.0835 4712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:11:38.0851 4712 Wlansvc - ok
22:11:38.0882 4712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:11:38.0882 4712 WmiAcpi - ok
22:11:38.0898 4712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:11:38.0913 4712 wmiApSrv - ok
22:11:38.0945 4712 WMPNetworkSvc - ok
22:11:38.0960 4712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:11:38.0960 4712 WPCSvc - ok
22:11:38.0976 4712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:11:38.0976 4712 WPDBusEnum - ok
22:11:38.0991 4712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:11:38.0991 4712 ws2ifsl - ok
22:11:39.0023 4712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:11:39.0023 4712 wscsvc - ok
22:11:39.0038 4712 WSearch - ok
22:11:39.0101 4712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:11:39.0132 4712 wuauserv - ok
22:11:39.0163 4712 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:11:39.0179 4712 WudfPf - ok
22:11:39.0210 4712 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:11:39.0210 4712 WUDFRd - ok
22:11:39.0241 4712 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:11:39.0257 4712 wudfsvc - ok
22:11:39.0272 4712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:11:39.0288 4712 WwanSvc - ok
22:11:39.0335 4712 X6va005 - ok
22:11:39.0397 4712 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
22:11:39.0413 4712 xusb21 - ok
22:11:39.0444 4712 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
22:11:39.0444 4712 yukonw7 - ok
22:11:39.0444 4712 ================ Scan global ===============================
22:11:39.0459 4712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:11:39.0522 4712 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:11:39.0537 4712 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:11:39.0569 4712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:11:39.0600 4712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:11:39.0615 4712 [Global] - ok
22:11:39.0615 4712 ================ Scan MBR ==================================
22:11:39.0615 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:11:40.0286 4712 \Device\Harddisk0\DR0 - ok
22:11:40.0286 4712 ================ Scan VBR ==================================
22:11:40.0302 4712 [ E7F29EC74C4C62FCAE8844409DA53BE0 ] \Device\Harddisk0\DR0\Partition1
22:11:40.0302 4712 \Device\Harddisk0\DR0\Partition1 - ok
22:11:40.0302 4712 ============================================================
22:11:40.0302 4712 Scan finished
22:11:40.0302 4712 ============================================================
22:11:40.0317 3428 Detected object count: 0
22:11:40.0317 3428 Actual detected object count: 0
22:12:01.0175 2996 Deinitialize success

#13
RKinner

Posted 17 October 2012 - 12:33 AM

Malware Expert

Expert
24,625 posts

OTL did replace the file but it had to do it with a reboot. That's pretty normal for a file in use. Anyway it looks like we made TDSSKiller happy which was the main thing we wanted to do. I don't know why it was forging the MD5. I don't know for sure but I think even on a replace it moves the replaced file to C:\_OTL\MovedFiles... If you can find the file there you can submit it to http://www.virustotal.com and see what they think of it.

Are you still getting blue screens?

#14
Aristazi

Posted 17 October 2012 - 02:19 PM

Member

Topic Starter
Member
266 posts

I believe the blue screens have stopped. We haven't used it much the last couple days but we left it on all day Monday and it didn't crash or blue screen so I think that's a good sign

#15
RKinner

Posted 17 October 2012 - 04:17 PM

Malware Expert

Expert
24,625 posts

There is a new Java update out today. 7.9 which fixes the known security holes so go to java.com and get it. Right click on it and Run As Admin.

Do not let it install the McAfee Security Scan or other foistware. (This will show up after the first download. Just uncheck it.)

It should remove the older version but check to make sure there are no older versions left.

Also if you haven't already update any adobe products you have to the latest versions and make sure the older versions are removed. Adobe.com. They will also try to foist McAfee Security Scan or some worthless toolbar on you so just pay attention when you download that you uncheck the optional garbage.

There was a problem shown in your last event logs with the Dell USB Keyboard. You might try plugging it into a different slot.

If Firefox is still acting up, make sure you have the latest, 16.0.1 and then try running in safe mode with all add-ons disabled. IF that helps then turn a few on at a time. (restart Firefox in between)

http://support.mozil...using-safe-mode

Then let's see what your error log looks like now.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.