[doubled1990]

Hi Geeks to Go Forum,

I'm new to the forum, but I cannot find the introductory page, so I'm sorry for asking for help on the first post. I found this forum after seeing another member being assisted on the same issue. I'm currently on Windows 7 Home Premium and when I log in I briefly see the Desktop and icons, but only briefly before I see a white screen (I can still see my cursor). I can get to the point of switching users if I ALT+CTRL+DELETE and can restart from there if need be, but I cannot do much else. The Advanced Boot Option's "Last Known Good Configuration" doesn't seem to help either.

The member that was helped with the same issue was suggested to use "Farbar Recovery Scan Tool" for a diagnosis log, so I'm attaching mine below. Any help will be appreciated. Thank you.

Danny

-----------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-08-2013
Ran by SYSTEM on 04-08-2013 10:55:16
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt

log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2046760 2010-02-05] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] - C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-

Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-03-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe [548936 2013-05-24] ()
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation

\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-

19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2010-03-24] (Sun Microsystems,

Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08]

(Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-

07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [PhotoExplosionCalCheck] - C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe

[69632 2006-05-10] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe

Systems Incorporated)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe [44784 2013-05-24] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe [30096 2013-05-24]

(VER_COMPANY_NAME)
HKU\Messy Family\...\Run: [BlazeServoTool] - C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe [270336 2006-01

-04] (BlazeVideo Company)
HKU\Messy Family\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-

28] (Google Inc.)
HKU\Messy Family\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3456080 2013-06-04] (Electronic Arts)
HKU\Messy Family\...\Run: [Diagnostics] - rundll32 "C:\Users\Messy Family\AppData\Local\MapsGalaxy_39\Diagnostics

\ghamel.dll",DllRegisterServer [x] <===== ATTENTION
HKU\Messy Family\...\Run: [Ulead Systems] - C:\Users\Messy Family\AppData\Local\Ulead Systems\uatjyhgl.dll [826368 2013-06-09]

(Autodesk, Inc.) <===== ATTENTION
HKU\Messy Family\...\Run: [TimeServer] - C:\Users\Messy Family\AppData\Roaming\Origin\WINB70C.exe [133120 2013-07-09] ()
HKU\Messy Family\...\Run: [Internet Security] - C:\Users\Messy Family\AppData\Roaming\midefender.exe [840192 2013-07-18] (DS

Team)
HKU\Messy Family\...\Winlogon: [Shell] explorer.exe,C:\Users\Messy Family\AppData\Roaming\skype.dat [116736 2011-11-16]

(ByteVision Software Group) <==== ATTENTION

==================== Services (Whitelisted) =================

S2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2013-05-24] (COMPANYVERS_NAME)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [126392 2009-08-24] (Symantec

Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

==================== Drivers (Whitelisted) ====================

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs

\20090829.019\ENG64.SYS [116272 2009-08-29] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs

\20090829.019\ENG64.SYS [116272 2009-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs

\20090829.019\EX64.SYS [1742896 2009-08-29] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs

\20090829.019\EX64.SYS [1742896 2009-08-29] (Symantec Corporation)
S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2006-05-23] (Padus, Inc.)
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS [504880 2009-08-29] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS [32304 2009-08-29] (Symantec Corporation)
S3 pfc; system32\drivers\pfc.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-04 10:55 - 2013-08-04 10:55 - 00000000 ____D C:\FRST
2013-07-18 20:30 - 2013-08-04 09:44 - 00000004 _____ C:\Users\Messy Family\AppData\Roaming\skype.ini
2013-07-18 11:21 - 2013-07-18 11:21 - 00840192 _____ (DS Team) C:\Users\Messy Family\AppData\Roaming\midefender.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00271872 _____ C:\Users\Messy Family\skype.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00116736 _____ (ByteVision Software Group) C:\Users\Messy Family\teamviewer.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00000759 _____ C:\Users\Messy Family\Desktop\Internet Security Pro.lnk
2013-07-18 11:21 - 2013-07-18 11:21 - 00000000 _____ C:\Users\Messy Family\icq.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00000000 _____ C:\Users\Messy Family\csrss.exe
2013-07-13 08:31 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 08:31 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 08:31 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 08:31 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-13 08:31 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-13 08:31 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-13 08:31 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-13 08:31 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-13 08:31 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 08:31 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-13 08:31 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-13 08:31 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 22:17 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-12 22:17 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-12 22:17 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 22:17 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-07-12 22:17 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 22:17 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 22:17 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 21:20 - 2013-06-05 16:44 - 138903552 _____ C:\Users\Messy Family\Desktop\M2U01030.MPG
2013-07-10 21:20 - 2013-06-05 16:38 - 424837120 _____ C:\Users\Messy Family\Desktop\M2U01029.MPG
2013-07-10 21:20 - 2013-06-05 16:22 - 192020480 _____ C:\Users\Messy Family\Desktop\M2U01027.MPG
2013-07-10 14:34 - 2013-07-10 14:34 - 00000000 ____D C:\Users\Messy Family\AppData\Local\MediaShow
2013-07-10 14:34 - 2013-07-10 14:34 - 00000000 ____D C:\Users\Messy Family\AppData\Local\Cyberlink
2013-07-08 20:08 - 2013-07-08 20:08 - 00136192 _____ (Intro-Software Lab.) C:\Users\Messy Family\googleupdate.exe
2013-07-08 20:08 - 2013-07-08 20:08 - 00000000 _____ C:\Users\Messy Family\spoolsv.exe
2013-07-08 20:08 - 2013-07-08 20:08 - 00000000 _____ C:\Users\Messy Family\iexplore.exe

==================== One Month Modified Files and Folders =======

2013-08-04 09:44 - 2013-07-18 20:30 - 00000004 _____ C:\Users\Messy Family\AppData\Roaming\skype.ini
2013-08-04 09:43 - 2012-02-28 10:02 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 09:43 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 09:43 - 2009-07-13 20:51 - 00080986 _____ C:\Windows\setupact.log
2013-08-04 09:26 - 2010-04-27 00:30 - 01521052 _____ C:\Windows\WindowsUpdate.log
2013-08-04 09:26 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-

A289-439d-8115-601632D005A0
2013-08-04 09:26 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-

A289-439d-8115-601632D005A0
2013-07-20 10:01 - 2012-11-26 21:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-20 10:01 - 2012-02-28 10:02 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-19 17:46 - 2013-03-05 21:01 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-18 11:21 - 2013-07-18 11:21 - 00840192 _____ (DS Team) C:\Users\Messy Family\AppData\Roaming\midefender.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00271872 _____ C:\Users\Messy Family\skype.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00116736 _____ (ByteVision Software Group) C:\Users\Messy Family\teamviewer.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00000759 _____ C:\Users\Messy Family\Desktop\Internet Security Pro.lnk
2013-07-18 11:21 - 2013-07-18 11:21 - 00000000 _____ C:\Users\Messy Family\icq.exe
2013-07-18 11:21 - 2013-07-18 11:21 - 00000000 _____ C:\Users\Messy Family\csrss.exe
2013-07-18 11:21 - 2010-10-05 06:31 - 00000000 ____D C:\users\Messy Family
2013-07-18 05:26 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 07:59 - 2010-10-05 07:57 - 00000000 ____D C:\Users\Messy Family\Desktop\easy games
2013-07-14 07:58 - 2010-10-05 08:16 - 00000000 ____D C:\Users\Messy Family\Desktop\Word Docs
2013-07-13 16:02 - 2013-06-01 16:26 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-13 16:02 - 2012-11-15 21:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-13 15:50 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-13 08:56 - 2009-07-13 20:45 - 00443992 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-13 08:55 - 2013-03-13 06:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 08:55 - 2013-03-13 06:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 08:54 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 08:54 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 08:24 - 2010-03-24 10:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 23:25 - 2012-11-26 21:18 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 21:53 - 2012-02-28 10:02 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 21:53 - 2012-02-28 10:02 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-10 14:34 - 2013-07-10 14:34 - 00000000 ____D C:\Users\Messy Family\AppData\Local\MediaShow
2013-07-10 14:34 - 2013-07-10 14:34 - 00000000 ____D C:\Users\Messy Family\AppData\Local\Cyberlink
2013-07-10 14:34 - 2010-10-05 08:32 - 00000000 ____D C:\Users\Messy Family\AppData\Roaming\CyberLink
2013-07-09 22:35 - 2013-03-05 21:04 - 00000000 ____D C:\Users\Messy Family\AppData\Roaming\Origin
2013-07-08 20:08 - 2013-07-08 20:08 - 00136192 _____ (Intro-Software Lab.) C:\Users\Messy Family\googleupdate.exe
2013-07-08 20:08 - 2013-07-08 20:08 - 00000000 _____ C:\Users\Messy Family\spoolsv.exe
2013-07-08 20:08 - 2013-07-08 20:08 - 00000000 _____ C:\Users\Messy Family\iexplore.exe

Files to move or delete:
====================
C:\Users\Messy Family\AppData\Local\Ulead Systems\uatjyhgl.dll
C:\Users\Messy Family\csrss.exe
C:\Users\Messy Family\firefox.exe
C:\Users\Messy Family\flashplayer.exe
C:\Users\Messy Family\googleupdate.exe
C:\Users\Messy Family\icq.exe
C:\Users\Messy Family\iexplore.exe
C:\Users\Messy Family\jucheck.exe
C:\Users\Messy Family\skype.exe
C:\Users\Messy Family\spoolsv.exe
C:\Users\Messy Family\teamviewer.exe
C:\Users\Messy Family\vlcplayer.exe
C:\Users\Messy Family\AppData\Roaming\skype.dat
C:\Users\Messy Family\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-19 20:00:02

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 1978.93 MB
Available physical RAM: 1370.86 MB
Total Pagefile: 1978.93 MB
Available Pagefile: 1369.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:218.65 GB) (Free:101.59 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from

reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.94 GB) (Free:2.31 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained

from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive h: () (Removable) (Total:0.06 GB) (Free:0.02 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained

from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 79120785)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 63 MB) (Disk ID: 75812E13)
Partition 1: (Active) - (Size=62 MB) - (Type=06)


LastRegBack: 2013-07-12 23:20

==================== End Of Log ============================

[Advertisements]

Hello doubled1990, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's see if we can kill the nasty.


Step-1.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Download the attached fixlist.txt file and save it to the same location where the program (FRSR64.exe) is. It must be saved to the same location as FRSRT64.exe file. [attachment=65882:fixlist.txt]
• Run FRST64.exe the way you previously did.
• When the program opens press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Note the location of the Fixlog.txt file so that you can find it to post it in your next reply.
  The Fixlog.txt file can also be found in the same location that the program was run from.

Now restart the computer and see if Windows will boot normally. If it does go on the Step 2.


Step-2.

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console
• Click the box beside Include 64bit Scans at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the desktop. These files are also saved in the same location as OTL (Should be on your desktop).
• Please copy the contents of these files and paste them into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file.

Step-3.

Run aswMBR

• Download aswMBR.exe to your desktop.
• (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
• If it asks you if you want to download the latest virus definitions, click Yes
• Click the "Scan" button to start the scan
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. the Fixlog.txt log
2. The OTL.txt log
3. The Extras.txt log
4. The aswMBR log

[godawgs]

Hello doubled1990, Welcome to the forums!
. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

• We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

• Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
• Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

• I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
• Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's see if we can kill the nasty.


Step-1.

Farbar Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Download the attached fixlist.txt file and save it to the same location where the program (FRSR64.exe) is. It must be saved to the same location as FRSRT64.exe file. [attachment=65882:fixlist.txt]
• Run FRST64.exe the way you previously did.
• When the program opens press the Fix button just once and wait. The tool will make a log (Fixlog.txt). Note the location of the Fixlog.txt file so that you can find it to post it in your next reply.
  The Fixlog.txt file can also be found in the same location that the program was run from.

Now restart the computer and see if Windows will boot normally. If it does go on the Step 2.


Step-2.

OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:

• Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C

2. Re-open on the desktop. To do that:

• Vista / 7 Users: Right click on the icon and click Run as Administrator)

Make sure all other windows are closed.

• You will see a console like the one below:
  
  
  
• Click the box beside Scan All Users at the top of the console
• Click the box beside Include 64bit Scans at the top of the console.
• Make sure the Output box at the top is set to Standard Output.
• Check the boxes beside LOP Check and Purity Check.
• Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
• Click the button. Do not change any settings unless otherwise told to do so.
• Let the scan run uninterrupted.
• When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the desktop. These files are also saved in the same location as OTL (Should be on your desktop).
• Please copy the contents of these files and paste them into your reply. To do that:
• On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
• Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Repeat for the Extras.txt file.

Step-3.

Run aswMBR

• Download aswMBR.exe to your desktop.
• (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
• If it asks you if you want to download the latest virus definitions, click Yes
• Click the "Scan" button to start the scan
  
  
• On completion of the scan click save log. Save it to your desktop and post in your next reply.
  

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. the Fixlog.txt log
2. The OTL.txt log
3. The Extras.txt log
4. The aswMBR log

[doubled1990]

Great! Thank you for your help so far godawgs! I got passed the white screen. Please see below for my logs.

=================
Fixlog.txt
=================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-08-2013
Ran by SYSTEM at 2013-08-05 20:09:37 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Home Page Guard 64 bit => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy_39 Browser Plugin Loader => Value deleted successfully.
HKU\Messy Family\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostics => Value deleted successfully.
HKU\Messy Family\Software\Microsoft\Windows\CurrentVersion\Run\\Ulead Systems => Value deleted successfully.
HKU\Messy Family\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully.
HKU\Messy Family\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security => Value deleted successfully.
HKU\Messy Family\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
MapsGalaxy_39Service => Service deleted successfully.
C:\Users\Messy Family\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Messy Family\AppData\Roaming\midefender.exe => Moved successfully.
C:\Users\Messy Family\skype.exe => Moved successfully.
C:\Users\Messy Family\teamviewer.exe => Moved successfully.
C:\Users\Messy Family\Desktop\Internet Security Pro.lnk => Moved successfully.
C:\Users\Messy Family\icq.exe => Moved successfully.
C:\Users\Messy Family\csrss.exe => Moved successfully.
C:\Users\Messy Family\googleupdate.exe => Moved successfully.
C:\Users\Messy Family\spoolsv.exe => Moved successfully.
C:\Users\Messy Family\iexplore.exe => Moved successfully.
C:\Program Files (x86)\Origin => Moved successfully.
"C:\Users\Messy Family\spoolsv.exe" => File/Directory not found.
"C:\Users\Messy Family\iexplore.exe" => File/Directory not found.
C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe => Moved successfully.
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe => Moved successfully.
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe => Moved successfully.
C:\Users\Messy Family\AppData\Local\MapsGalaxy_39\Diagnostics\ghamel.dll => Moved successfully.
C:\Users\Messy Family\AppData\Local\Ulead Systems\uatjyhgl.dll => Moved successfully.
C:\Users\Messy Family\AppData\Roaming\Origin\WINB70C.exe => Moved successfully.
C:\Users\Messy Family\AppData\Roaming\skype.dat => Moved successfully.
C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe => Moved successfully.
C:\Users\Messy Family\firefox.exe => Moved successfully.
C:\Users\Messy Family\flashplayer.exe => Moved successfully.
C:\Users\Messy Family\jucheck.exe => Moved successfully.
"C:\Users\Messy Family\skype.exe" => File/Directory not found.
C:\Users\Messy Family\vlcplayer.exe => Moved successfully.

==== End of Fixlog ====

=================
OTL.txt
=================

OTL logfile created on: 8/5/2013 8:21:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Messy Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.89% Memory free
3.87 Gb Paging File | 2.82 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 101.59 Gb Free Space | 46.46% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.49 Mb Free Space | 93.25% Space Free | Partition Type: FAT32
Drive F: | 62.09 Mb Total Space | 24.41 Mb Free Space | 39.31% Space Free | Partition Type: FAT

Computer Name: MFAMILY-PC | User Name: Messy Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/05 20:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Messy Family\Desktop\OTL.exe
PRC - [2010/04/27 01:49:15 | 000,729,664 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
PRC - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2006/05/10 12:32:32 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
PRC - [2006/01/04 16:55:24 | 000,270,336 | ---- | M] (BlazeVideo Company) -- C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe


========== Modules (No Company Name) ==========

MOD - [2006/04/28 09:16:16 | 000,561,152 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uviplA6.dll
MOD - [2006/04/28 09:16:16 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipl.dll
MOD - [2006/04/28 09:09:52 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Cpuinf32.dll
MOD - [2006/01/18 14:51:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\VersionInfo.dll
MOD - [2005/12/29 18:50:54 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\mlutil.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/01/18 15:04:08 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/11 22:50:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 11:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe -- (NIS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/05 17:49:04 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/01/19 18:55:34 | 001,088,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/11/27 18:45:00 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/29 17:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/29 17:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/09/22 18:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/29 02:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS -- (NAVEX15)
DRV - [2009/08/29 02:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS -- (NAVENG)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/05/23 16:00:26 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0250D9C0-DAB3-42C9-B1D2-456815482077}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{8F776ED1-6C65-41FA-B064-6986E26BAAF9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0250D9C0-DAB3-42C9-B1D2-456815482077}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8F776ED1-6C65-41FA-B064-6986E26BAAF9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes\{0250D9C0-DAB3-42C9-B1D2-456815482077}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS473
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes\{8F776ED1-6C65-41FA-B064-6986E26BAAF9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/24 12:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2013/08/05 21:09:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PhotoExplosionCalCheck] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-568713276-2821611408-3215923870-1000..\Run: [BlazeServoTool] C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe (BlazeVideo Company)
O4 - HKU\S-1-5-21-568713276-2821611408-3215923870-1000..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA37FA0-BDA4-4A53-BCF9-27A325F26A3D}: DhcpNameServer = 192.168.0.1 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/24 14:57:00 | 000,000,000 | ---D | M] - F:\Autolog old -- [ FAT ]
O32 - AutoRun File - [2011/02/25 13:01:52 | 000,000,000 | ---D | M] - F:\Autolog -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
System Restore Service not available.


========== Files/Folders - Created Within 30 Days ==========

[2013/08/05 21:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/08/05 20:18:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Messy Family\Desktop\OTL.exe
[2013/08/04 11:55:12 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/13 09:31:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/13 09:31:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/13 09:31:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/13 09:31:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/13 09:31:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/13 09:31:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/13 09:31:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/13 09:31:48 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/13 09:31:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/13 09:31:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/13 09:31:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/13 09:31:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/13 09:31:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/13 09:31:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/13 09:31:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/13 09:25:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/12 23:17:55 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/12 23:17:54 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/12 23:17:53 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/12 23:17:53 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 23:17:18 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/10 15:34:50 | 000,000,000 | ---D | C] -- C:\Users\Messy Family\AppData\Local\MediaShow
[2013/07/10 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\Messy Family\AppData\Local\Cyberlink

========== Files - Modified Within 30 Days ==========

[2013/08/05 20:26:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 20:26:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/05 20:17:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/05 20:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/05 20:16:27 | 1556,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/05 20:13:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Messy Family\Desktop\OTL.exe
[2013/07/20 11:01:22 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 11:01:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/18 06:26:04 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 06:26:04 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 06:26:04 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/13 09:56:54 | 000,443,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/13 00:25:32 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/07/10 22:20:51 | 138,903,552 | ---- | C] () -- C:\Users\Messy Family\Desktop\M2U01030.MPG
[2013/07/10 22:20:45 | 192,020,480 | ---- | C] () -- C:\Users\Messy Family\Desktop\M2U01027.MPG
[2013/07/10 22:20:39 | 424,837,120 | ---- | C] () -- C:\Users\Messy Family\Desktop\M2U01029.MPG

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/30 13:15:33 | 000,000,000 | ---D | M] -- C:\Users\Messy Family\AppData\Roaming\.minecraft
[2012/09/10 21:03:47 | 000,000,000 | ---D | M] -- C:\Users\Messy Family\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/08/05 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\Messy Family\AppData\Roaming\Origin
[2010/10/05 10:58:00 | 000,000,000 | ---D | M] -- C:\Users\Messy Family\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/12 22:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/12 21:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/03/24 11:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/03/24 11:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/24 11:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/24 11:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/03/24 11:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/24 11:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/03/24 11:36:37 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/24 11:34:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/03/24 11:36:37 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/24 11:35:43 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/24 11:34:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/24 11:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2013/03/24 11:38:25 | 000,000,213 | ---- | M] () MD5=51AC4934A84ECBF716E8F33E0C6912AC -- C:\Users\Messy Family\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\E2K75PUL\services.hearstmags[1].xml

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/05/12 09:13:15 | 000,000,497 | ---- | M] () MD5=E877635FC959C213A13DA0B785951D7B -- C:\Users\Messy Family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3GWP263B\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/03/24 11:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/03/24 11:36:37 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is C469-942A
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Messy Family
10/05/2010 07:31 AM <JUNCTION> Application Data [C:\Users\Messy Family\AppData\Roaming]
10/05/2010 07:31 AM <JUNCTION> Cookies [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Cookies]
10/05/2010 07:31 AM <JUNCTION> Local Settings [C:\Users\Messy Family\AppData\Local]
10/05/2010 07:31 AM <JUNCTION> My Documents [C:\Users\Messy Family\Documents]
10/05/2010 07:31 AM <JUNCTION> NetHood [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/05/2010 07:31 AM <JUNCTION> PrintHood [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/05/2010 07:31 AM <JUNCTION> Recent [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Recent]
10/05/2010 07:31 AM <JUNCTION> SendTo [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\SendTo]
10/05/2010 07:31 AM <JUNCTION> Start Menu [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Start Menu]
10/05/2010 07:31 AM <JUNCTION> Templates [C:\Users\Messy Family\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Messy Family\AppData\Local
10/05/2010 07:31 AM <JUNCTION> Application Data [C:\Users\Messy Family\AppData\Local]
10/05/2010 07:31 AM <JUNCTION> History [C:\Users\Messy Family\AppData\Local\Microsoft\Windows\History]
10/05/2010 07:31 AM <JUNCTION> Temporary Internet Files [C:\Users\Messy Family\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Messy Family\Documents
10/05/2010 07:31 AM <JUNCTION> My Music [C:\Users\Messy Family\Music]
10/05/2010 07:31 AM <JUNCTION> My Pictures [C:\Users\Messy Family\Pictures]
10/05/2010 07:31 AM <JUNCTION> My Videos [C:\Users\Messy Family\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 109,011,656,704 bytes free

< End of report >

=================
Extras.txt
=================

OTL Extras logfile created on: 8/5/2013 8:21:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Messy Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.89% Memory free
3.87 Gb Paging File | 2.82 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.65 Gb Total Space | 101.59 Gb Free Space | 46.46% Space Free | Partition Type: NTFS
Drive D: | 13.94 Gb Total Space | 2.31 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 92.49 Mb Free Space | 93.25% Space Free | Partition Type: FAT32
Drive F: | 62.09 Mb Total Space | 24.41 Mb Free Space | 39.31% Space Free | Partition Type: FAT

Computer Name: MFAMILY-PC | User Name: Messy Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7B0924B8-6B1C-43BE-B022-64A27E3CAB09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8F7EF239-A4EE-4155-B07F-9FBCC87608C4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DE2717-956C-4A09-8471-56C394E07FFF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{126E4740-E2D9-428A-8324-FA72FC064952}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5BE536E6-772A-45A1-9C32-0C110C1932F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{5F48C91A-91E7-43F9-9336-8A1BB855B603}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{87D8B33D-3CFB-40AB-853E-9376A750C618}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{89C9B58B-112C-4192-9CAF-4910910E50E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{90D1789E-7F0C-4107-ABF6-53EEF3217C3B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{9FE6B607-E7A0-4E88-8639-13EBF880462D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A1DFE63E-EB30-4B30-B265-F87A8F85B274}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F97E623C-F4D5-418A-822D-FD630857DD20}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{1034BE34-1569-4889-831D-C2C3F2CB2F73}" = Photo Explosion Deluxe 3.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{223E2363-6643-49CB-A062-59A9858EE8EE}" = HP Software Framework
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8AAE01FE-0CDB-413A-8A0C-C3D857BD95BD}" = honestech Fireman CD/DVD Burner
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe
"Bejeweled Twist" = Bejeweled Twist
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"MapsGalaxy_39bar Uninstall" = MapsGalaxy Toolbar
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Origin" = Origin
"Peggle Deluxe" = Peggle Deluxe
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"TAK: The Iron Plague" = TAK: The Iron Plague
"Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"X-OOM DVD Player 3 Deluxe_is1" = X-OOM DVD Player 3 Deluxe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2013 8:34:09 PM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/21/2013 9:42:56 PM | Computer Name = MFamily-PC | Source = VSS | ID = 8194
Description =

Error - 6/22/2013 4:07:10 AM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/24/2013 2:42:08 AM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/24/2013 9:57:28 AM | Computer Name = MFamily-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16611 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ea8 Start
Time: 01ce70e2ac72668a Termination Time: 415 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:

Error - 6/25/2013 5:02:21 AM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/27/2013 10:49:26 AM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/28/2013 1:31:10 AM | Computer Name = MFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 6.0.170.4, time stamp:
0x4ad1a659 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x894 Faulting
application start time: 0x01ce73bb80c7d46d Faulting application path: C:\Program
Files\Java\jre6\bin\jusched.exe Faulting module path: unknown Report Id: eff010a6-dfb3-11e2-bf7b-c80aa9b71ef2

Error - 6/29/2013 3:54:37 AM | Computer Name = MFamily-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 6/30/2013 6:42:56 PM | Computer Name = MFamily-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16611 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2984 Start
Time: 01ce75e06c1450a7 Termination Time: 1408 Application Path: C:\Program Files
(x86)\Internet Explorer\IEXPLORE.EXE Report Id:

[ Hewlett-Packard Events ]
Error - 12/6/2012 10:04:45 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/13/2012 10:04:32 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/13/2012 10:04:33 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/21/2012 12:49:24 AM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 12/21/2012 12:49:25 AM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/7/2013 10:18:15 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 3/7/2013 10:18:16 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/26/2013 12:01:33 AM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 4/26/2013 12:01:34 AM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 5/16/2013 10:20:57 PM | Computer Name = MFamily-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ OSession Events ]
Error - 7/21/2012 10:47:41 PM | Computer Name = MFamily-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/5/2013 11:06:05 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7038
Description = The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/5/2013 11:06:05 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7000
Description = The Diagnostic Service Host service failed to start due to the following
error: %%1069

Error - 8/5/2013 11:06:05 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%13

Error - 8/5/2013 11:06:44 PM | Computer Name = MFamily-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/5/2013 11:07:09 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7038
Description = The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%50 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 8/5/2013 11:07:09 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7000
Description = The Diagnostic Service Host service failed to start due to the following
error: %%1069

Error - 8/5/2013 11:07:09 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7000
Description = The Diagnostic System Host service failed to start due to the following
error: %%1115

Error - 8/5/2013 11:07:17 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Server service terminated with the following error: %%1115

Error - 8/5/2013 11:16:29 PM | Computer Name = MFamily-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/5/2013 11:18:01 PM | Computer Name = MFamily-PC | Source = Service Control Manager | ID = 7034
Description = The HPWMISVC service terminated unexpectedly. It has done this 1
time(s).


< End of report >

=================
aswMBR.txt
=================

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-05 21:31:57
-----------------------------
21:31:57.885 OS Version: Windows x64 6.1.7601 Service Pack 1
21:31:57.885 Number of processors: 1 586 0x170A
21:31:57.885 ComputerName: MFAMILY-PC UserName: Messy Family
21:32:40.490 Initialize success
21:44:39.274 AVAST engine defs: 13080502
21:45:10.770 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:45:10.786 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 238475MB BusType: 3
21:45:10.911 Disk 0 MBR read successfully
21:45:10.926 Disk 0 MBR scan
21:45:10.989 Disk 0 unknown MBR code
21:45:11.004 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:45:11.020 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223901 MB offset 409600
21:45:11.051 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14270 MB offset 458958848
21:45:11.067 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:45:11.207 Disk 0 scanning C:\Windows\system32\drivers
21:45:29.677 Service scanning
21:46:19.036 Modules scanning
21:46:19.036 Disk 0 trace - called modules:
21:46:19.629 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
21:46:19.629 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003210730]
21:46:19.629 3 CLASSPNP.SYS[fffff880013c143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80025f4050]
21:46:20.892 AVAST engine scan C:\Windows
21:46:24.886 AVAST engine scan C:\Windows\system32
21:50:55.968 AVAST engine scan C:\Windows\system32\drivers
21:51:24.625 AVAST engine scan C:\Users\Messy Family
22:07:50.453 File: C:\Users\Messy Family\AppData\Local\Temp\16FC.tmp **INFECTED** Win32:Malware-gen
22:07:50.952 File: C:\Users\Messy Family\AppData\Local\Temp\1SKKKKKKK.exe **INFECTED** Win32:Malware-gen
22:07:51.311 File: C:\Users\Messy Family\AppData\Local\Temp\2494.tmp **INFECTED** Win32:Malware-gen
22:07:52.341 File: C:\Users\Messy Family\AppData\Local\Temp\4B62.tmp **INFECTED** Win32:Malware-gen
22:07:52.793 File: C:\Users\Messy Family\AppData\Local\Temp\6729.exe **INFECTED** Win32:Downloader-TUT [Trj]
22:07:53.136 File: C:\Users\Messy Family\AppData\Local\Temp\7E34.tmp **INFECTED** Win32:Adware-gen [Adw]
22:07:53.854 File: C:\Users\Messy Family\AppData\Local\Temp\8557.tmp **INFECTED** Win32:Malware-gen
22:07:57.972 File: C:\Users\Messy Family\AppData\Local\Temp\fibhcrn\fibhcrn.dll **INFECTED** Win32:Malware-gen
22:42:22.605 AVAST engine scan C:\ProgramData
22:50:52.694 Scan finished successfully
22:53:13.459 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
22:53:13.506 The log file has been saved successfully to "F:\aswMBR.txt"

[godawgs]

I'm glad Windows will boot normally. Now let's keep killing the rubbish.
I would recommend that you print these instructions or save them to a text file so you will have them as you complete the steps. It will probably also be easier if you download all of the tools first and then close the browser and all windows before running them.
IMPORTANT: It is important that all tools be downloaded, saved to and run from the Desktop.


Step-1.

Malicious program uninstalls

1. Please click the Start Orb , click Control Panel. Under the Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

MapsGalaxy Toolbar

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\MapsGalaxy_39

2. Close Windows Explorer.


Step-2.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
IE - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin [2013/08/05 21:09:44 | 000,000,000 | ---D | M]
O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O3 - HKU\S-1-5-21-568713276-2821611408-3215923870-1000\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
O4 - HKU\S-1-5-21-568713276-2821611408-3215923870-1000..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

:FILES
ipconfig /flushdns /c
C:\Users\Messy Family\AppData\Local\Temp\16FC.tmp
C:\Users\Messy Family\AppData\Local\Temp\1SKKKKKKK.exe
C:\Users\Messy Family\AppData\Local\Temp\2494.tmp
C:\Users\Messy Family\AppData\Local\Temp\4B62.tmp
C:\Users\Messy Family\AppData\Local\Temp\6729.exe
C:\Users\Messy Family\AppData\Local\Temp\7E34.tmp
C:\Users\Messy Family\AppData\Local\Temp\8557.tmp
C:\Users\Messy Family\AppData\Local\Temp\fibhcrn\fibhcrn.dll

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Download AdwCleaner from here and save it to the desktop.
Close all open windows and browsers.

• (Vista and 7 users:) Right click the adwcleaner.exe file and click Run as Administrator, then accept the UAC prompt to run AdwCleaner.
• Click the Delete button and wait for the scan.
  
  
• Everything that was found will be deleted.
• When the scan ends, a report appears.
• Once done it will ask to reboot, allow this
  
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt

Step-4.

Scan with JRT:

Please download Junkware Removal Tool and save it to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

• Right click the JRT.exe file and click Run as Administrator to run the application.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-5.

TDSSKiller

Please read carefully and follow these steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on the TDSSKiller.exe file to run the application, then click on Change parameters. (See the image below)
  
  
  
• Check the box beside Loaded Modules and when the Reboot is required screen comes up click the Reboot now button.
  
  
  • After the computer restarts, TDSSKiller will launch automatically. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• On the Ready to scan screen, click Change parameters
  
• On the Settings screen, check all boxes then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip. DO NOT change the default action, click on Continue. (See the image below)
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Get the report by clicking Report
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S1].txt log
3. The JRT.txt log
4. The TDSSKiller log

[doubled1990]

=================
OTL Fix Log
=================

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry value HKEY_USERS\S-1-5-21-568713276-2821611408-3215923870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\ not found.
Registry key HKEY_USERS\S-1-5-21-568713276-2821611408-3215923870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}\ not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_USERS\S-1-5-21-568713276-2821611408-3215923870-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}\ not found.
File C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_USERS\S-1-5-21-568713276-2821611408-3215923870-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EADM deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {BEA7310D-06C4-4339-A784-DC3804819809}
C:\Windows\Downloaded Program Files\PhotoCenter_ActiveX_Control.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BEA7310D-06C4-4339-A784-DC3804819809}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEA7310D-06C4-4339-A784-DC3804819809}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Messy Family\Desktop\cmd.bat deleted successfully.
C:\Users\Messy Family\Desktop\cmd.txt deleted successfully.
C:\Users\Messy Family\AppData\Local\Temp\16FC.tmp moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\1SKKKKKKK.exe moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\2494.tmp moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\4B62.tmp moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\6729.exe moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\7E34.tmp moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\8557.tmp moved successfully.
C:\Users\Messy Family\AppData\Local\Temp\fibhcrn\fibhcrn.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Messy Family
->Temp folder emptied: 689929420 bytes
->Temporary Internet Files folder emptied: 1484972029 bytes
->Java cache emptied: 155725 bytes
->Google Chrome cache emptied: 86538057 bytes
->Flash cache emptied: 302097 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 490044095 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78271572 bytes
RecycleBin emptied: 3417208 bytes

Total Files Cleaned = 2,702.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08072013_224631

Files\Folders moved on Reboot...
C:\Users\Messy Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Messy Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

=================
AdwCleaner[S1].txt
=================

# AdwCleaner v2.306 - Logfile created 08/07/2013 at 23:05:23
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Messy Family - MFAMILY-PC
# Boot Mode : Normal
# Running from : C:\Users\Messy Family\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\Messy Family\AppData\LocalLow\iac

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1178 octets] - [07/08/2013 23:05:23]

########## EOF - C:\AdwCleaner[S1].txt - [1238 octets] ##########

=================
JRT.txt
=================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.8 (08.07.2013:4)
OS: Windows 7 Home Premium x64
Ran by Messy Family on Wed 08/07/2013 at 23:13:08.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0250D9C0-DAB3-42C9-B1D2-456815482077}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0250D9C0-DAB3-42C9-B1D2-456815482077}



~~~ Files

Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/07/2013 at 23:26:13.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

=================
TDSSKiller log
=================

23:32:25.0293 1736 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:32:25.0761 1736 ============================================================
23:32:25.0761 1736 Current date / time: 2013/08/07 23:32:25.0761
23:32:25.0761 1736 SystemInfo:
23:32:25.0761 1736
23:32:25.0761 1736 OS Version: 6.1.7601 ServicePack: 1.0
23:32:25.0761 1736 Product type: Workstation
23:32:25.0761 1736 ComputerName: MFAMILY-PC
23:32:25.0761 1736 UserName: Messy Family
23:32:25.0761 1736 Windows directory: C:\Windows
23:32:25.0761 1736 System windows directory: C:\Windows
23:32:25.0761 1736 Running under WOW64
23:32:25.0761 1736 Processor architecture: Intel x64
23:32:25.0761 1736 Number of processors: 1
23:32:25.0761 1736 Page size: 0x1000
23:32:25.0761 1736 Boot type: Normal boot
23:32:25.0761 1736 ============================================================
23:32:27.0243 1736 BG loaded
23:32:29.0324 1736 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:32:29.0340 1736 Drive \Device\Harddisk1\DR1 - Size: 0x3E80000 (0.06 Gb), SectorSize: 0x200, Cylinders: 0x7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:32:29.0340 1736 ============================================================
23:32:29.0340 1736 \Device\Harddisk0\DR0:
23:32:29.0340 1736 MBR partitions:
23:32:29.0340 1736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:32:29.0340 1736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B54E800
23:32:29.0340 1736 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B5B2800, BlocksNum 0x1BDF000
23:32:29.0340 1736 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
23:32:29.0340 1736 \Device\Harddisk1\DR1:
23:32:29.0340 1736 MBR partitions:
23:32:29.0340 1736 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F1E0
23:32:29.0340 1736 ============================================================
23:32:29.0418 1736 C: <-> \Device\Harddisk0\DR0\Partition2
23:32:29.0777 1736 D: <-> \Device\Harddisk0\DR0\Partition3
23:32:29.0886 1736 E: <-> \Device\Harddisk0\DR0\Partition4
23:32:29.0886 1736 ============================================================
23:32:29.0886 1736 Initialize success
23:32:29.0886 1736 ============================================================
23:34:06.0579 2112 ============================================================
23:34:06.0579 2112 Scan started
23:34:06.0579 2112 Mode: Manual; SigCheck; TDLFS;
23:34:06.0579 2112 ============================================================
23:34:08.0045 2112 ================ Scan system memory ========================
23:34:08.0045 2112 System memory - ok
23:34:08.0045 2112 ================ Scan services =============================
23:34:08.0357 2112 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:34:20.0868 2112 1394ohci - ok
23:34:20.0946 2112 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:34:20.0993 2112 ACPI - ok
23:34:21.0024 2112 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:34:21.0196 2112 AcpiPmi - ok
23:34:21.0352 2112 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:34:21.0399 2112 AdobeFlashPlayerUpdateSvc - ok
23:34:21.0445 2112 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:34:21.0492 2112 adp94xx - ok
23:34:21.0539 2112 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:34:21.0601 2112 adpahci - ok
23:34:21.0633 2112 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:34:21.0679 2112 adpu320 - ok
23:34:21.0742 2112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:34:21.0882 2112 AeLookupSvc - ok
23:34:21.0976 2112 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:34:22.0007 2112 AERTFilters - ok
23:34:22.0101 2112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:34:22.0257 2112 AFD - ok
23:34:22.0304 2112 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:34:22.0350 2112 agp440 - ok
23:34:22.0397 2112 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:34:22.0553 2112 ALG - ok
23:34:22.0600 2112 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:34:22.0631 2112 aliide - ok
23:34:22.0647 2112 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:34:22.0678 2112 amdide - ok
23:34:22.0709 2112 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:34:22.0959 2112 AmdK8 - ok
23:34:23.0006 2112 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:34:23.0193 2112 AmdPPM - ok
23:34:23.0255 2112 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:34:23.0318 2112 amdsata - ok
23:34:23.0349 2112 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:34:23.0396 2112 amdsbs - ok
23:34:23.0427 2112 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:34:23.0474 2112 amdxata - ok
23:34:23.0505 2112 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:34:23.0848 2112 AppID - ok
23:34:23.0895 2112 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:34:24.0098 2112 AppIDSvc - ok
23:34:24.0144 2112 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
23:34:24.0316 2112 Appinfo - ok
23:34:24.0363 2112 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:34:24.0410 2112 arc - ok
23:34:24.0456 2112 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:34:24.0503 2112 arcsas - ok
23:34:24.0566 2112 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:34:24.0753 2112 AsyncMac - ok
23:34:24.0815 2112 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:34:24.0862 2112 atapi - ok
23:34:24.0909 2112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:34:25.0065 2112 AudioEndpointBuilder - ok
23:34:25.0112 2112 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:34:25.0158 2112 AudioSrv - ok
23:34:25.0205 2112 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:34:25.0392 2112 AxInstSV - ok
23:34:25.0439 2112 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:34:25.0642 2112 b06bdrv - ok
23:34:25.0673 2112 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:34:25.0876 2112 b57nd60a - ok
23:34:25.0954 2112 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:34:26.0048 2112 BDESVC - ok
23:34:26.0126 2112 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:34:26.0282 2112 Beep - ok
23:34:26.0328 2112 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:34:26.0547 2112 BFE - ok
23:34:26.0640 2112 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:34:26.0812 2112 BITS - ok
23:34:26.0859 2112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:34:26.0999 2112 blbdrive - ok
23:34:27.0077 2112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:34:27.0202 2112 bowser - ok
23:34:27.0233 2112 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:34:27.0342 2112 BrFiltLo - ok
23:34:27.0389 2112 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:34:27.0436 2112 BrFiltUp - ok
23:34:27.0483 2112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:34:27.0592 2112 Browser - ok
23:34:27.0623 2112 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:34:27.0873 2112 Brserid - ok
23:34:27.0904 2112 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:34:28.0013 2112 BrSerWdm - ok
23:34:28.0044 2112 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:34:28.0232 2112 BrUsbMdm - ok
23:34:28.0247 2112 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:34:28.0372 2112 BrUsbSer - ok
23:34:28.0403 2112 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:34:28.0497 2112 BTHMODEM - ok
23:34:28.0528 2112 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:34:28.0668 2112 bthserv - ok
23:34:28.0731 2112 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:34:28.0918 2112 cdfs - ok
23:34:28.0980 2112 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:34:29.0105 2112 cdrom - ok
23:34:29.0168 2112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:34:29.0292 2112 CertPropSvc - ok
23:34:29.0355 2112 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:34:29.0526 2112 circlass - ok
23:34:29.0604 2112 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:34:29.0636 2112 CLFS - ok
23:34:29.0745 2112 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:34:29.0807 2112 clr_optimization_v2.0.50727_32 - ok
23:34:29.0901 2112 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:34:29.0963 2112 clr_optimization_v2.0.50727_64 - ok
23:34:30.0072 2112 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:34:30.0213 2112 clr_optimization_v4.0.30319_32 - ok
23:34:30.0291 2112 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:34:30.0338 2112 clr_optimization_v4.0.30319_64 - ok
23:34:30.0384 2112 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:34:30.0447 2112 CmBatt - ok
23:34:30.0462 2112 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:34:30.0509 2112 cmdide - ok
23:34:30.0634 2112 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:34:30.0665 2112 CNG - ok
23:34:30.0712 2112 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:34:30.0759 2112 Compbatt - ok
23:34:30.0806 2112 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:34:30.0946 2112 CompositeBus - ok
23:34:30.0962 2112 COMSysApp - ok
23:34:31.0008 2112 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:34:31.0040 2112 crcdisk - ok
23:34:31.0102 2112 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:34:31.0227 2112 CryptSvc - ok
23:34:31.0289 2112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:34:31.0398 2112 DcomLaunch - ok
23:34:31.0430 2112 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:34:31.0570 2112 defragsvc - ok
23:34:31.0664 2112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:34:31.0804 2112 DfsC - ok
23:34:31.0898 2112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:34:32.0085 2112 Dhcp - ok
23:34:32.0132 2112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:34:32.0256 2112 discache - ok
23:34:32.0303 2112 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:34:32.0334 2112 Disk - ok
23:34:32.0412 2112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:34:32.0537 2112 Dnscache - ok
23:34:32.0631 2112 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:34:32.0756 2112 dot3svc - ok
23:34:32.0802 2112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:34:33.0005 2112 DPS - ok
23:34:33.0052 2112 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:34:33.0177 2112 drmkaud - ok
23:34:33.0270 2112 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:34:33.0302 2112 DXGKrnl - ok
23:34:33.0348 2112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:34:33.0520 2112 EapHost - ok
23:34:33.0692 2112 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:34:33.0988 2112 ebdrv - ok
23:34:34.0035 2112 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:34:34.0191 2112 EFS - ok
23:34:34.0300 2112 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:34:34.0487 2112 ehRecvr - ok
23:34:34.0565 2112 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:34:34.0721 2112 ehSched - ok
23:34:34.0768 2112 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:34:34.0862 2112 elxstor - ok
23:34:34.0924 2112 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:34:35.0080 2112 ErrDev - ok
23:34:35.0205 2112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:34:35.0454 2112 EventSystem - ok
23:34:35.0532 2112 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:34:35.0657 2112 exfat - ok
23:34:35.0720 2112 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:34:35.0813 2112 fastfat - ok
23:34:35.0891 2112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:34:36.0063 2112 Fax - ok
23:34:36.0110 2112 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:34:36.0266 2112 fdc - ok
23:34:36.0312 2112 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:34:36.0453 2112 fdPHost - ok
23:34:36.0500 2112 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:34:36.0671 2112 FDResPub - ok
23:34:36.0718 2112 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:34:36.0765 2112 FileInfo - ok
23:34:36.0796 2112 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:34:36.0999 2112 Filetrace - ok
23:34:37.0030 2112 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:34:37.0077 2112 flpydisk - ok
23:34:37.0155 2112 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:34:37.0186 2112 FltMgr - ok
23:34:37.0280 2112 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
23:34:37.0498 2112 FontCache - ok
23:34:37.0560 2112 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:34:37.0592 2112 FontCache3.0.0.0 - ok
23:34:37.0623 2112 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:34:37.0654 2112 FsDepends - ok
23:34:37.0716 2112 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:34:37.0794 2112 Fs_Rec - ok
23:34:37.0888 2112 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:34:37.0950 2112 fvevol - ok
23:34:37.0982 2112 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:34:38.0044 2112 gagp30kx - ok
23:34:38.0153 2112 [ E53EE18A21C025DEABCFE0F72FC481BB ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:34:38.0184 2112 GameConsoleService - ok
23:34:38.0247 2112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:34:38.0387 2112 gpsvc - ok
23:34:38.0528 2112 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:34:38.0543 2112 gupdate - ok
23:34:38.0559 2112 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:34:38.0574 2112 gupdatem - ok
23:34:38.0668 2112 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:34:38.0730 2112 gusvc - ok
23:34:38.0762 2112 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:34:38.0902 2112 hcw85cir - ok
23:34:38.0949 2112 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:34:39.0058 2112 HdAudAddService - ok
23:34:39.0120 2112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:34:39.0214 2112 HDAudBus - ok
23:34:39.0245 2112 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:34:39.0308 2112 HidBatt - ok
23:34:39.0339 2112 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:34:39.0448 2112 HidBth - ok
23:34:39.0479 2112 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:34:39.0588 2112 HidIr - ok
23:34:39.0620 2112 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:34:39.0791 2112 hidserv - ok
23:34:39.0838 2112 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:34:39.0916 2112 HidUsb - ok
23:34:39.0947 2112 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:34:40.0150 2112 hkmsvc - ok
23:34:40.0197 2112 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:34:40.0353 2112 HomeGroupListener - ok
23:34:40.0400 2112 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:34:40.0493 2112 HomeGroupProvider - ok
23:34:40.0649 2112 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:34:40.0758 2112 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
23:34:40.0758 2112 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
23:34:40.0914 2112 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:34:40.0977 2112 hpqwmiex - ok
23:34:41.0039 2112 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:34:41.0070 2112 HpSAMD - ok
23:34:41.0117 2112 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:34:41.0258 2112 HPWMISVC ( UnsignedFile.Multi.Generic ) - warning
23:34:41.0258 2112 HPWMISVC - detected UnsignedFile.Multi.Generic (1)
23:34:41.0336 2112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:34:41.0523 2112 HTTP - ok
23:34:41.0585 2112 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:34:41.0616 2112 hwpolicy - ok
23:34:41.0663 2112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:34:41.0710 2112 i8042prt - ok
23:34:41.0757 2112 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:34:41.0882 2112 iaStor - ok
23:34:41.0928 2112 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:34:41.0991 2112 iaStorV - ok
23:34:42.0053 2112 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:34:42.0147 2112 idsvc - ok
23:34:42.0474 2112 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:34:42.0755 2112 igfx - ok
23:34:42.0771 2112 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:34:42.0818 2112 iirsp - ok
23:34:42.0927 2112 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:34:43.0145 2112 IKEEXT - ok
23:34:43.0286 2112 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:34:43.0410 2112 IntcAzAudAddService - ok
23:34:43.0457 2112 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:34:43.0504 2112 intelide - ok
23:34:43.0535 2112 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:34:43.0676 2112 intelppm - ok
23:34:43.0707 2112 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:34:43.0816 2112 IPBusEnum - ok
23:34:44.0019 2112 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:34:44.0144 2112 IpFilterDriver - ok
23:34:44.0206 2112 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:34:44.0346 2112 iphlpsvc - ok
23:34:44.0378 2112 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:34:44.0487 2112 IPMIDRV - ok
23:34:44.0502 2112 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:34:44.0705 2112 IPNAT - ok
23:34:44.0736 2112 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:34:44.0830 2112 IRENUM - ok
23:34:44.0877 2112 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:34:44.0924 2112 isapnp - ok
23:34:44.0955 2112 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:34:45.0017 2112 iScsiPrt - ok
23:34:45.0064 2112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:34:45.0095 2112 kbdclass - ok
23:34:45.0173 2112 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:34:45.0236 2112 kbdhid - ok
23:34:45.0251 2112 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:34:45.0298 2112 KeyIso - ok
23:34:45.0360 2112 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:34:45.0423 2112 KSecDD - ok
23:34:45.0470 2112 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:34:45.0516 2112 KSecPkg - ok
23:34:45.0563 2112 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:34:45.0704 2112 ksthunk - ok
23:34:45.0735 2112 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:34:45.0891 2112 KtmRm - ok
23:34:45.0969 2112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:34:46.0109 2112 LanmanServer - ok
23:34:46.0140 2112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:34:46.0234 2112 LanmanWorkstation - ok
23:34:46.0281 2112 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:34:46.0374 2112 lltdio - ok
23:34:46.0421 2112 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:34:46.0530 2112 lltdsvc - ok
23:34:46.0546 2112 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:34:46.0624 2112 lmhosts - ok
23:34:46.0655 2112 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:34:46.0702 2112 LSI_FC - ok
23:34:46.0718 2112 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:34:46.0764 2112 LSI_SAS - ok
23:34:46.0811 2112 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:34:46.0858 2112 LSI_SAS2 - ok
23:34:46.0905 2112 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:34:46.0952 2112 LSI_SCSI - ok
23:34:46.0983 2112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:34:47.0139 2112 luafv - ok
23:34:47.0279 2112 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:34:47.0326 2112 Mcx2Svc - ok
23:34:47.0342 2112 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:34:47.0420 2112 megasas - ok
23:34:47.0451 2112 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:34:47.0498 2112 MegaSR - ok
23:34:47.0529 2112 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:34:47.0700 2112 MMCSS - ok
23:34:47.0732 2112 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:34:47.0981 2112 Modem - ok
23:34:48.0028 2112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:34:48.0137 2112 monitor - ok
23:34:48.0184 2112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:34:48.0215 2112 mouclass - ok
23:34:48.0246 2112 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:34:48.0340 2112 mouhid - ok
23:34:48.0387 2112 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:34:48.0449 2112 mountmgr - ok
23:34:48.0480 2112 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:34:48.0512 2112 mpio - ok
23:34:48.0558 2112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:34:48.0668 2112 mpsdrv - ok
23:34:48.0746 2112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:34:48.0855 2112 MpsSvc - ok
23:34:48.0933 2112 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:34:49.0120 2112 MRxDAV - ok
23:34:49.0182 2112 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:34:49.0307 2112 mrxsmb - ok
23:34:49.0370 2112 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:34:49.0557 2112 mrxsmb10 - ok
23:34:49.0650 2112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:34:49.0682 2112 mrxsmb20 - ok
23:34:49.0713 2112 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:34:49.0744 2112 msahci - ok
23:34:49.0791 2112 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:34:49.0884 2112 msdsm - ok
23:34:49.0916 2112 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:34:50.0056 2112 MSDTC - ok
23:34:50.0087 2112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:34:50.0150 2112 Msfs - ok
23:34:50.0181 2112 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:34:50.0306 2112 mshidkmdf - ok
23:34:50.0399 2112 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:34:50.0430 2112 msisadrv - ok
23:34:50.0477 2112 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:34:50.0586 2112 MSiSCSI - ok
23:34:50.0586 2112 msiserver - ok
23:34:50.0633 2112 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:34:50.0742 2112 MSKSSRV - ok
23:34:50.0742 2112 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:34:50.0930 2112 MSPCLOCK - ok
23:34:50.0961 2112 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:34:51.0086 2112 MSPQM - ok
23:34:51.0148 2112 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:34:51.0210 2112 MsRPC - ok
23:34:51.0257 2112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:34:51.0288 2112 mssmbios - ok
23:34:51.0335 2112 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:34:51.0460 2112 MSTEE - ok
23:34:51.0491 2112 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:34:51.0600 2112 MTConfig - ok
23:34:51.0632 2112 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:34:51.0663 2112 Mup - ok
23:34:51.0725 2112 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:34:51.0834 2112 napagent - ok
23:34:51.0912 2112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:34:51.0990 2112 NativeWifiP - ok
23:34:52.0131 2112 [ 251BDFBC76ACC5590C8975DEE780147E ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS
23:34:52.0256 2112 NAVENG - ok
23:34:52.0318 2112 [ D3862AB9E0008D30685494E1035A1CE7 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS
23:34:52.0427 2112 NAVEX15 - ok
23:34:52.0505 2112 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:34:52.0552 2112 NDIS - ok
23:34:52.0583 2112 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:34:52.0739 2112 NdisCap - ok
23:34:52.0770 2112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:34:52.0926 2112 NdisTapi - ok
23:34:52.0989 2112 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:34:53.0160 2112 Ndisuio - ok
23:34:53.0207 2112 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:34:53.0301 2112 NdisWan - ok
23:34:53.0379 2112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:34:53.0488 2112 NDProxy - ok
23:34:53.0519 2112 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:34:53.0613 2112 NetBIOS - ok
23:34:53.0675 2112 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:34:53.0847 2112 NetBT - ok
23:34:53.0862 2112 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:34:53.0909 2112 Netlogon - ok
23:34:53.0956 2112 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:34:54.0050 2112 Netman - ok
23:34:54.0081 2112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:34:54.0190 2112 netprofm - ok
23:34:54.0221 2112 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:34:54.0252 2112 NetTcpPortSharing - ok
23:34:54.0486 2112 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:34:54.0798 2112 netw5v64 - ok
23:34:54.0814 2112 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:34:54.0908 2112 nfrd960 - ok
23:34:54.0986 2112 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
23:34:55.0048 2112 NIS - ok
23:34:55.0079 2112 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:34:55.0188 2112 NlaSvc - ok
23:34:55.0235 2112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:34:55.0298 2112 Npfs - ok
23:34:55.0313 2112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:34:55.0422 2112 nsi - ok
23:34:55.0454 2112 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:34:55.0547 2112 nsiproxy - ok
23:34:55.0672 2112 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:34:55.0766 2112 Ntfs - ok
23:34:55.0812 2112 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:34:55.0984 2112 Null - ok
23:34:56.0031 2112 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:34:56.0109 2112 nvraid - ok
23:34:56.0156 2112 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:34:56.0202 2112 nvstor - ok
23:34:56.0218 2112 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:34:56.0327 2112 nv_agp - ok
23:34:56.0436 2112 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:34:56.0468 2112 odserv - ok
23:34:56.0499 2112 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:34:56.0592 2112 ohci1394 - ok
23:34:56.0655 2112 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:34:56.0686 2112 ose - ok
23:34:56.0733 2112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:34:56.0889 2112 p2pimsvc - ok
23:34:56.0967 2112 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:34:57.0014 2112 p2psvc - ok
23:34:57.0060 2112 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:34:57.0107 2112 Parport - ok
23:34:57.0170 2112 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:34:57.0201 2112 partmgr - ok
23:34:57.0232 2112 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:34:57.0388 2112 PcaSvc - ok
23:34:57.0419 2112 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:34:57.0466 2112 pci - ok
23:34:57.0497 2112 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:34:57.0528 2112 pciide - ok
23:34:57.0560 2112 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:34:57.0622 2112 pcmcia - ok
23:34:57.0638 2112 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:34:57.0700 2112 pcw - ok
23:34:57.0747 2112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:34:57.0950 2112 PEAUTH - ok
23:34:58.0012 2112 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:34:58.0184 2112 PerfHost - ok
23:34:58.0293 2112 pfc - ok
23:34:58.0371 2112 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:34:58.0511 2112 pla - ok
23:34:58.0558 2112 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:34:58.0652 2112 PlugPlay - ok
23:34:58.0683 2112 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:34:58.0776 2112 PNRPAutoReg - ok
23:34:58.0808 2112 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:34:58.0854 2112 PNRPsvc - ok
23:34:58.0917 2112 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:34:59.0104 2112 PolicyAgent - ok
23:34:59.0151 2112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:34:59.0244 2112 Power - ok
23:34:59.0291 2112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:34:59.0463 2112 PptpMiniport - ok
23:34:59.0494 2112 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:34:59.0603 2112 Processor - ok
23:34:59.0650 2112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:34:59.0775 2112 ProfSvc - ok
23:34:59.0790 2112 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:34:59.0884 2112 ProtectedStorage - ok
23:34:59.0931 2112 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:35:00.0056 2112 Psched - ok
23:35:00.0118 2112 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:35:00.0243 2112 ql2300 - ok
23:35:00.0274 2112 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:35:00.0321 2112 ql40xx - ok
23:35:00.0368 2112 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:35:00.0414 2112 QWAVE - ok
23:35:00.0446 2112 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:35:00.0555 2112 QWAVEdrv - ok
23:35:00.0586 2112 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:35:00.0711 2112 RasAcd - ok
23:35:00.0742 2112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:35:00.0882 2112 RasAgileVpn - ok
23:35:00.0929 2112 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:35:01.0023 2112 RasAuto - ok
23:35:01.0070 2112 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:35:01.0241 2112 Rasl2tp - ok
23:35:01.0272 2112 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:35:01.0413 2112 RasMan - ok
23:35:01.0444 2112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:35:01.0600 2112 RasPppoe - ok
23:35:01.0631 2112 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:35:01.0725 2112 RasSstp - ok
23:35:01.0818 2112 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:35:01.0959 2112 rdbss - ok
23:35:01.0974 2112 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:35:02.0099 2112 rdpbus - ok
23:35:02.0130 2112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:35:02.0271 2112 RDPCDD - ok
23:35:02.0318 2112 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:35:02.0411 2112 RDPENCDD - ok
23:35:02.0427 2112 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:35:02.0505 2112 RDPREFMP - ok
23:35:02.0567 2112 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:35:02.0692 2112 RDPWD - ok
23:35:02.0739 2112 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:35:02.0879 2112 rdyboost - ok
23:35:02.0926 2112 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:35:03.0035 2112 RemoteAccess - ok
23:35:03.0066 2112 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:35:03.0222 2112 RemoteRegistry - ok
23:35:03.0300 2112 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:35:03.0316 2112 RichVideo - ok
23:35:03.0347 2112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:35:03.0456 2112 RpcEptMapper - ok
23:35:03.0488 2112 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:35:03.0519 2112 RpcLocator - ok
23:35:03.0581 2112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:35:03.0659 2112 RpcSs - ok
23:35:03.0690 2112 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:35:03.0862 2112 rspndr - ok
23:35:03.0878 2112 RSUSBSTOR - ok
23:35:03.0940 2112 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:35:04.0065 2112 RTL8167 - ok
23:35:04.0158 2112 [ 03E0627C26943916A7276AC5306206C7 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
23:35:04.0283 2112 rtl8192se - ok
23:35:04.0299 2112 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:35:04.0346 2112 SamSs - ok
23:35:04.0392 2112 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:35:04.0439 2112 sbp2port - ok
23:35:04.0486 2112 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:35:04.0642 2112 SCardSvr - ok
23:35:04.0689 2112 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:35:04.0798 2112 scfilter - ok
23:35:04.0907 2112 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:35:05.0063 2112 Schedule - ok
23:35:05.0110 2112 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:35:05.0188 2112 SCPolicySvc - ok
23:35:05.0219 2112 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:35:05.0328 2112 sdbus - ok
23:35:05.0375 2112 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:35:05.0516 2112 SDRSVC - ok
23:35:05.0547 2112 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:35:05.0672 2112 secdrv - ok
23:35:05.0718 2112 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:35:05.0765 2112 seclogon - ok
23:35:05.0796 2112 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:35:05.0968 2112 SENS - ok
23:35:06.0015 2112 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:35:06.0140 2112 SensrSvc - ok
23:35:06.0155 2112 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:35:06.0296 2112 Serenum - ok
23:35:06.0311 2112 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:35:06.0483 2112 Serial - ok
23:35:06.0530 2112 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:35:06.0639 2112 sermouse - ok
23:35:06.0701 2112 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:35:06.0842 2112 SessionEnv - ok
23:35:06.0873 2112 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:35:06.0982 2112 sffdisk - ok
23:35:07.0013 2112 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:35:07.0122 2112 sffp_mmc - ok
23:35:07.0138 2112 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:35:07.0294 2112 sffp_sd - ok
23:35:07.0341 2112 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:35:07.0419 2112 sfloppy - ok
23:35:07.0481 2112 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:35:07.0637 2112 SharedAccess - ok
23:35:07.0715 2112 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:35:07.0871 2112 ShellHWDetection - ok
23:35:07.0902 2112 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:35:07.0949 2112 SiSRaid2 - ok
23:35:07.0980 2112 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:35:08.0027 2112 SiSRaid4 - ok
23:35:08.0058 2112 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:35:08.0199 2112 Smb - ok
23:35:08.0246 2112 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:35:08.0308 2112 SNMPTRAP - ok
23:35:08.0355 2112 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:35:08.0386 2112 spldr - ok
23:35:08.0448 2112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:35:08.0511 2112 Spooler - ok
23:35:08.0620 2112 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:35:08.0807 2112 sppsvc - ok
23:35:08.0870 2112 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:35:09.0026 2112 sppuinotify - ok
23:35:09.0119 2112 [ 56979A80F6F9DF788A8BFCC1603DA40D ] SRTSP C:\Windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
23:35:09.0260 2112 SRTSP - ok
23:35:09.0306 2112 [ 3C3D82BB245AD1CB00ED48CB2F4AB385 ] SRTSPX C:\Windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
23:35:09.0338 2112 SRTSPX - ok
23:35:09.0400 2112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:35:09.0556 2112 srv - ok
23:35:09.0618 2112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:35:09.0712 2112 srv2 - ok
23:35:09.0759 2112 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:35:09.0930 2112 SrvHsfHDA - ok
23:35:09.0993 2112 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:35:10.0133 2112 SrvHsfV92 - ok
23:35:10.0180 2112 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:35:10.0242 2112 SrvHsfWinac - ok
23:35:10.0305 2112 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:35:10.0414 2112 srvnet - ok
23:35:10.0461 2112 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:35:10.0648 2112 SSDPSRV - ok
23:35:10.0679 2112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:35:10.0742 2112 SstpSvc - ok
23:35:10.0773 2112 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:35:10.0804 2112 stexstor - ok
23:35:10.0898 2112 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:35:11.0022 2112 stisvc - ok
23:35:11.0069 2112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:35:11.0085 2112 swenum - ok
23:35:11.0132 2112 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:35:11.0319 2112 swprv - ok
23:35:11.0381 2112 [ 91853F78B68F9F036670291F5EDD4EAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:35:11.0475 2112 SynTP - ok
23:35:11.0568 2112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:35:11.0724 2112 SysMain - ok
23:35:11.0771 2112 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:35:11.0880 2112 TabletInputService - ok
23:35:11.0927 2112 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:35:12.0083 2112 TapiSrv - ok
23:35:12.0114 2112 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:35:12.0177 2112 TBS - ok
23:35:12.0270 2112 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:35:12.0380 2112 Tcpip - ok
23:35:12.0411 2112 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:35:12.0473 2112 TCPIP6 - ok
23:35:12.0520 2112 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:35:12.0582 2112 tcpipreg - ok
23:35:12.0629 2112 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:35:12.0738 2112 TDPIPE - ok
23:35:12.0785 2112 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:35:12.0988 2112 TDTCP - ok
23:35:13.0035 2112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:35:13.0097 2112 tdx - ok
23:35:13.0128 2112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:35:13.0144 2112 TermDD - ok
23:35:13.0222 2112 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:35:13.0362 2112 TermService - ok
23:35:13.0394 2112 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:35:13.0472 2112 Themes - ok
23:35:13.0487 2112 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:35:13.0612 2112 THREADORDER - ok
23:35:13.0643 2112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:35:13.0737 2112 TrkWks - ok
23:35:13.0799 2112 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:35:13.0940 2112 TrustedInstaller - ok
23:35:13.0986 2112 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:35:14.0127 2112 tssecsrv - ok
23:35:14.0205 2112 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:35:14.0283 2112 TsUsbFlt - ok
23:35:14.0345 2112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:35:14.0454 2112 tunnel - ok
23:35:14.0501 2112 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:35:14.0595 2112 uagp35 - ok
23:35:14.0642 2112 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:35:14.0751 2112 udfs - ok
23:35:14.0813 2112 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:35:14.0969 2112 UI0Detect - ok
23:35:14.0985 2112 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:35:15.0047 2112 uliagpkx - ok
23:35:15.0110 2112 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:35:15.0219 2112 umbus - ok
23:35:15.0250 2112 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:35:15.0406 2112 UmPass - ok
23:35:15.0437 2112 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:35:15.0546 2112 upnphost - ok
23:35:15.0609 2112 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
23:35:15.0780 2112 usbccgp - ok
23:35:15.0874 2112 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:35:15.0983 2112 usbcir - ok
23:35:16.0030 2112 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:35:16.0139 2112 usbehci - ok
23:35:16.0170 2112 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:35:16.0248 2112 usbhub - ok
23:35:16.0295 2112 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:35:16.0389 2112 usbohci - ok
23:35:16.0420 2112 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:35:16.0482 2112 usbprint - ok
23:35:16.0514 2112 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:35:16.0592 2112 USBSTOR - ok
23:35:16.0654 2112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:35:16.0794 2112 usbuhci - ok
23:35:16.0826 2112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:35:16.0950 2112 UxSms - ok
23:35:16.0982 2112 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:35:17.0013 2112 VaultSvc - ok
23:35:17.0044 2112 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:35:17.0106 2112 vdrvroot - ok
23:35:17.0138 2112 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:35:17.0216 2112 vds - ok
23:35:17.0247 2112 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:35:17.0356 2112 vga - ok
23:35:17.0387 2112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:35:17.0481 2112 VgaSave - ok
23:35:17.0512 2112 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:35:17.0574 2112 vhdmp - ok
23:35:17.0606 2112 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:35:17.0652 2112 viaide - ok
23:35:17.0668 2112 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:35:17.0715 2112 volmgr - ok
23:35:17.0793 2112 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:35:17.0902 2112 volmgrx - ok
23:35:17.0933 2112 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:35:18.0011 2112 volsnap - ok
23:35:18.0042 2112 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:35:18.0105 2112 vsmraid - ok
23:35:18.0198 2112 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:35:18.0339 2112 VSS - ok
23:35:18.0386 2112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:35:18.0448 2112 vwifibus - ok
23:35:18.0495 2112 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:35:18.0573 2112 vwififlt - ok
23:35:18.0620 2112 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:35:18.0682 2112 W32Time - ok
23:35:18.0729 2112 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:35:18.0791 2112 WacomPen - ok
23:35:18.0838 2112 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:35:18.0994 2112 WANARP - ok
23:35:19.0010 2112 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:35:19.0103 2112 Wanarpv6 - ok
23:35:19.0212 2112 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:35:19.0275 2112 WatAdminSvc - ok
23:35:19.0337 2112 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:35:19.0446 2112 wbengine - ok
23:35:19.0493 2112 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:35:19.0602 2112 WbioSrvc - ok
23:35:19.0649 2112 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:35:19.0727 2112 wcncsvc - ok
23:35:19.0758 2112 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:35:19.0805 2112 WcsPlugInService - ok
23:35:19.0930 2112 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:35:19.0977 2112 Wd - ok
23:35:20.0055 2112 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:35:20.0117 2112 Wdf01000 - ok
23:35:20.0133 2112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:35:20.0242 2112 WdiServiceHost - ok
23:35:20.0258 2112 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:35:20.0304 2112 WdiSystemHost - ok
23:35:20.0367 2112 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:35:20.0476 2112 WebClient - ok
23:35:20.0523 2112 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:35:20.0663 2112 Wecsvc - ok
23:35:20.0679 2112 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:35:20.0788 2112 wercplsupport - ok
23:35:20.0819 2112 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:35:20.0928 2112 WerSvc - ok
23:35:20.0991 2112 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:35:21.0053 2112 WfpLwf - ok
23:35:21.0084 2112 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:35:21.0147 2112 WIMMount - ok
23:35:21.0178 2112 WinDefend - ok
23:35:21.0194 2112 WinHttpAutoProxySvc - ok
23:35:21.0256 2112 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:35:21.0381 2112 Winmgmt - ok
23:35:21.0474 2112 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:35:21.0662 2112 WinRM - ok
23:35:21.0724 2112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:35:21.0849 2112 Wlansvc - ok
23:35:21.0911 2112 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:35:22.0052 2112 WmiAcpi - ok
23:35:22.0098 2112 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:35:22.0176 2112 wmiApSrv - ok
23:35:22.0223 2112 WMPNetworkSvc - ok
23:35:22.0270 2112 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:35:22.0317 2112 WPCSvc - ok
23:35:22.0364 2112 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:35:22.0442 2112 WPDBusEnum - ok
23:35:22.0473 2112 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:35:22.0613 2112 ws2ifsl - ok
23:35:22.0660 2112 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:35:22.0769 2112 wscsvc - ok
23:35:22.0785 2112 WSearch - ok
23:35:22.0972 2112 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:35:23.0066 2112 wuauserv - ok
23:35:23.0112 2112 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:35:23.0206 2112 WudfPf - ok
23:35:23.0284 2112 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:35:23.0315 2112 WUDFRd - ok
23:35:23.0378 2112 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:35:23.0471 2112 wudfsvc - ok
23:35:23.0534 2112 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
23:35:23.0627 2112 WwanSvc - ok
23:35:23.0674 2112 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
23:35:23.0830 2112 yukonw7 - ok
23:35:23.0877 2112 ================ Scan global ===============================
23:35:23.0908 2112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:35:23.0955 2112 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:35:23.0970 2112 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:35:24.0002 2112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:35:24.0048 2112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:35:24.0048 2112 [Global] - ok
23:35:24.0048 2112 ================ Scan MBR ==================================
23:35:24.0064 2112 [ E2A9C3A524E2AFE3D0EC7B71691F43CB ] \Device\Harddisk0\DR0
23:35:25.0094 2112 \Device\Harddisk0\DR0 - ok
23:35:25.0109 2112 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
23:35:28.0510 2112 \Device\Harddisk1\DR1 - ok
23:35:28.0510 2112 ================ Scan VBR ==================================
23:35:28.0526 2112 [ B3E1600F85C5695C5C0F342A97DD1E08 ] \Device\Harddisk0\DR0\Partition1
23:35:28.0526 2112 \Device\Harddisk0\DR0\Partition1 - ok
23:35:28.0557 2112 [ 9C9E73B5C215CC462BA1BE939A53419B ] \Device\Harddisk0\DR0\Partition2
23:35:28.0557 2112 \Device\Harddisk0\DR0\Partition2 - ok
23:35:28.0588 2112 [ 4925F86AC0CE8A67312233087CC1B030 ] \Device\Harddisk0\DR0\Partition3
23:35:28.0588 2112 \Device\Harddisk0\DR0\Partition3 - ok
23:35:28.0650 2112 [ 4E3A0B22E1293C86A07D9302446628ED ] \Device\Harddisk0\DR0\Partition4
23:35:28.0650 2112 \Device\Harddisk0\DR0\Partition4 - ok
23:35:28.0650 2112 [ 729061FA5EB44F0EB619C70B01346634 ] \Device\Harddisk1\DR1\Partition1
23:35:28.0650 2112 \Device\Harddisk1\DR1\Partition1 - ok
23:35:28.0666 2112 ================ Scan active images ========================
23:35:28.0666 2112 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
23:35:28.0666 2112 C:\Windows\System32\drivers\crashdmp.sys - ok
23:35:28.0666 2112 [ BE7D72FCF442C26975942007E0831241 ] C:\Windows\System32\drivers\iaStor.sys
23:35:28.0666 2112 C:\Windows\System32\drivers\iaStor.sys - ok
23:35:28.0682 2112 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
23:35:28.0682 2112 C:\Windows\System32\drivers\dumpfve.sys - ok
23:35:28.0682 2112 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
23:35:28.0682 2112 C:\Windows\System32\drivers\cdrom.sys - ok
23:35:28.0697 2112 [ 56979A80F6F9DF788A8BFCC1603DA40D ] C:\Windows\System32\drivers\NISx64\1100000.088\srtsp64.sys
23:35:28.0697 2112 C:\Windows\System32\drivers\NISx64\1100000.088\srtsp64.sys - ok
23:35:28.0697 2112 [ 3C3D82BB245AD1CB00ED48CB2F4AB385 ] C:\Windows\System32\drivers\NISx64\1100000.088\srtspx64.sys
23:35:28.0697 2112 C:\Windows\System32\drivers\NISx64\1100000.088\srtspx64.sys - ok
23:35:28.0713 2112 [ D3862AB9E0008D30685494E1035A1CE7 ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS
23:35:28.0713 2112 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS - ok
23:35:28.0713 2112 [ 251BDFBC76ACC5590C8975DEE780147E ] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS
23:35:28.0713 2112 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS - ok
23:35:28.0728 2112 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
23:35:28.0728 2112 C:\Windows\System32\drivers\beep.sys - ok
23:35:28.0728 2112 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
23:35:28.0728 2112 C:\Windows\System32\drivers\null.sys - ok
23:35:28.0744 2112 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
23:35:28.0744 2112 C:\Windows\System32\drivers\vga.sys - ok
23:35:28.0744 2112 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
23:35:28.0744 2112 C:\Windows\System32\drivers\videoprt.sys - ok
23:35:28.0760 2112 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
23:35:28.0760 2112 C:\Windows\System32\drivers\watchdog.sys - ok
23:35:28.0760 2112 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
23:35:28.0760 2112 C:\Windows\System32\drivers\RDPCDD.sys - ok
23:35:28.0775 2112 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
23:35:28.0775 2112 C:\Windows\System32\drivers\RDPENCDD.sys - ok
23:35:28.0775 2112 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
23:35:28.0775 2112 C:\Windows\System32\drivers\RDPREFMP.sys - ok
23:35:28.0791 2112 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
23:35:28.0791 2112 C:\Windows\System32\drivers\msfs.sys - ok
23:35:28.0791 2112 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
23:35:28.0791 2112 C:\Windows\System32\drivers\npfs.sys - ok
23:35:28.0806 2112 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
23:35:28.0806 2112 C:\Windows\System32\drivers\tdi.sys - ok
23:35:28.0806 2112 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
23:35:28.0806 2112 C:\Windows\System32\drivers\tdx.sys - ok
23:35:28.0822 2112 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
23:35:28.0822 2112 C:\Windows\System32\drivers\afd.sys - ok
23:35:28.0822 2112 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
23:35:28.0822 2112 C:\Windows\System32\drivers\netbt.sys - ok
23:35:28.0838 2112 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
23:35:28.0838 2112 C:\Windows\System32\drivers\wfplwf.sys - ok
23:35:28.0838 2112 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
23:35:28.0838 2112 C:\Windows\System32\drivers\pacer.sys - ok
23:35:28.0853 2112 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
23:35:28.0853 2112 C:\Windows\System32\drivers\vwififlt.sys - ok
23:35:28.0853 2112 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
23:35:28.0853 2112 C:\Windows\System32\drivers\netbios.sys - ok
23:35:28.0869 2112 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
23:35:28.0869 2112 C:\Windows\System32\drivers\wanarp.sys - ok
23:35:28.0869 2112 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
23:35:28.0869 2112 C:\Windows\System32\drivers\termdd.sys - ok
23:35:28.0884 2112 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
23:35:28.0884 2112 C:\Windows\System32\drivers\rdbss.sys - ok
23:35:28.0884 2112 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
23:35:28.0884 2112 C:\Windows\System32\drivers\nsiproxy.sys - ok
23:35:28.0900 2112 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
23:35:28.0900 2112 C:\Windows\System32\drivers\mssmbios.sys - ok
23:35:28.0900 2112 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
23:35:28.0900 2112 C:\Windows\System32\drivers\discache.sys - ok
23:35:28.0916 2112 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
23:35:28.0916 2112 C:\Windows\System32\drivers\dfsc.sys - ok
23:35:28.0916 2112 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
23:35:28.0916 2112 C:\Windows\System32\drivers\blbdrive.sys - ok
23:35:28.0931 2112 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
23:35:28.0931 2112 C:\Windows\System32\drivers\tunnel.sys - ok
23:35:28.0931 2112 [ ADA036632C664CAA754079041CF1F8C1 ] C:\Windows\System32\drivers\intelppm.sys
23:35:28.0931 2112 C:\Windows\System32\drivers\intelppm.sys - ok
23:35:28.0947 2112 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
23:35:28.0947 2112 C:\Windows\System32\drivers\CmBatt.sys - ok
23:35:28.0947 2112 [ F0371DE302FFFF8F086661611BE60848 ] C:\Windows\System32\smss.exe
23:35:28.0947 2112 C:\Windows\System32\smss.exe - ok
23:35:28.0962 2112 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
23:35:28.0962 2112 C:\Windows\System32\ntdll.dll - ok
23:35:28.0962 2112 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
23:35:28.0962 2112 C:\Windows\System32\autochk.exe - ok
23:35:28.0978 2112 [ 677AA5991026A65ADA128C4B59CF2BAD ] C:\Windows\System32\drivers\igdkmd64.sys
23:35:28.0978 2112 C:\Windows\System32\drivers\igdkmd64.sys - ok
23:35:28.0978 2112 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
23:35:28.0978 2112 C:\Windows\System32\drivers\fastfat.sys - ok
23:35:28.0994 2112 [ AF2E16242AA723F68F461B6EAE2EAD3D ] C:\Windows\System32\drivers\dxgkrnl.sys
23:35:28.0994 2112 C:\Windows\System32\drivers\dxgkrnl.sys - ok
23:35:28.0994 2112 [ 1F04CFB79DD5FB7694468CE3FB3DCC31 ] C:\Windows\System32\drivers\dxgmms1.sys
23:35:28.0994 2112 C:\Windows\System32\drivers\dxgmms1.sys - ok
23:35:29.0009 2112 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
23:35:29.0009 2112 C:\Windows\System32\drivers\usbport.sys - ok
23:35:29.0009 2112 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] C:\Windows\System32\drivers\usbuhci.sys
23:35:29.0009 2112 C:\Windows\System32\drivers\usbuhci.sys - ok
23:35:29.0025 2112 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
23:35:29.0025 2112 C:\Windows\System32\drivers\usbehci.sys - ok
23:35:29.0025 2112 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
23:35:29.0025 2112 C:\Windows\System32\drivers\hdaudbus.sys - ok
23:35:29.0040 2112 [ 03E0627C26943916A7276AC5306206C7 ] C:\Windows\System32\drivers\rtl8192se.sys
23:35:29.0040 2112 C:\Windows\System32\drivers\rtl8192se.sys - ok
23:35:29.0040 2112 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
23:35:29.0040 2112 C:\Windows\System32\drivers\vwifibus.sys - ok
23:35:29.0056 2112 [ 777FC2C418465404E3D8A290DC247D24 ] C:\Windows\System32\drivers\Rt64win7.sys
23:35:29.0056 2112 C:\Windows\System32\drivers\Rt64win7.sys - ok
23:35:29.0056 2112 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
23:35:29.0056 2112 C:\Windows\System32\drivers\i8042prt.sys - ok
23:35:29.0072 2112 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
23:35:29.0072 2112 C:\Windows\System32\drivers\kbdclass.sys - ok
23:35:29.0072 2112 [ 91853F78B68F9F036670291F5EDD4EAE ] C:\Windows\System32\drivers\SynTP.sys
23:35:29.0072 2112 C:\Windows\System32\drivers\SynTP.sys - ok
23:35:29.0087 2112 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
23:35:29.0087 2112 C:\Windows\System32\drivers\usbd.sys - ok
23:35:29.0087 2112 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
23:35:29.0087 2112 C:\Windows\System32\drivers\mouclass.sys - ok
23:35:29.0103 2112 [ 792685A9538424CC1F3FA6A816FE147C ] C:\Windows\System32\urlmon.dll
23:35:29.0103 2112 C:\Windows\System32\urlmon.dll - ok
23:35:29.0103 2112 [ 1BFC94665BCA35F9001ADC7BFB167C63 ] C:\Windows\System32\shell32.dll
23:35:29.0103 2112 C:\Windows\System32\shell32.dll - ok
23:35:29.0118 2112 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
23:35:29.0118 2112 C:\Windows\System32\normaliz.dll - ok
23:35:29.0118 2112 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
23:35:29.0118 2112 C:\Windows\System32\oleaut32.dll - ok
23:35:29.0134 2112 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
23:35:29.0134 2112 C:\Windows\System32\sechost.dll - ok
23:35:29.0134 2112 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
23:35:29.0134 2112 C:\Windows\System32\user32.dll - ok
23:35:29.0150 2112 [ 9E0D8010D7368856617D3FE0FA5DA58F ] C:\Windows\System32\iertutil.dll
23:35:29.0150 2112 C:\Windows\System32\iertutil.dll - ok
23:35:29.0150 2112 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
23:35:29.0150 2112 C:\Windows\System32\setupapi.dll - ok
23:35:29.0165 2112 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
23:35:29.0165 2112 C:\Windows\System32\drivers\wmiacpi.sys - ok
23:35:29.0165 2112 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
23:35:29.0165 2112 C:\Windows\System32\drivers\CompositeBus.sys - ok
23:35:29.0181 2112 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
23:35:29.0181 2112 C:\Windows\System32\drivers\agilevpn.sys - ok
23:35:29.0181 2112 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
23:35:29.0181 2112 C:\Windows\System32\drivers\rasl2tp.sys - ok
23:35:29.0196 2112 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
23:35:29.0196 2112 C:\Windows\System32\drivers\ndistapi.sys - ok
23:35:29.0196 2112 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
23:35:29.0196 2112 C:\Windows\System32\drivers\ndiswan.sys - ok
23:35:29.0212 2112 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
23:35:29.0212 2112 C:\Windows\System32\drivers\raspppoe.sys - ok
23:35:29.0212 2112 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
23:35:29.0212 2112 C:\Windows\System32\drivers\raspptp.sys - ok
23:35:29.0228 2112 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
23:35:29.0228 2112 C:\Windows\System32\drivers\rassstp.sys - ok
23:35:29.0228 2112 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
23:35:29.0228 2112 C:\Windows\System32\drivers\ks.sys - ok
23:35:29.0243 2112 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
23:35:29.0243 2112 C:\Windows\System32\drivers\swenum.sys - ok
23:35:29.0243 2112 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
23:35:29.0243 2112 C:\Windows\System32\drivers\umbus.sys - ok
23:35:29.0259 2112 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
23:35:29.0259 2112 C:\Windows\System32\gdi32.dll - ok
23:35:29.0259 2112 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
23:35:29.0259 2112 C:\Windows\System32\ole32.dll - ok
23:35:29.0259 2112 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
23:35:29.0274 2112 C:\Windows\System32\ws2_32.dll - ok
23:35:29.0274 2112 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
23:35:29.0274 2112 C:\Windows\System32\msctf.dll - ok
23:35:29.0274 2112 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
23:35:29.0274 2112 C:\Windows\System32\drivers\usbhub.sys - ok
23:35:29.0290 2112 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
23:35:29.0290 2112 C:\Windows\System32\lpk.dll - ok
23:35:29.0290 2112 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
23:35:29.0290 2112 C:\Windows\System32\kernel32.dll - ok
23:35:29.0306 2112 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
23:35:29.0306 2112 C:\Windows\System32\advapi32.dll - ok
23:35:29.0306 2112 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
23:35:29.0306 2112 C:\Windows\System32\comdlg32.dll - ok
23:35:29.0321 2112 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
23:35:29.0321 2112 C:\Windows\System32\imm32.dll - ok
23:35:29.0321 2112 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
23:35:29.0321 2112 C:\Windows\System32\clbcatq.dll - ok
23:35:29.0337 2112 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
23:35:29.0337 2112 C:\Windows\System32\Wldap32.dll - ok
23:35:29.0337 2112 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
23:35:29.0337 2112 C:\Windows\System32\usp10.dll - ok
23:35:29.0352 2112 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
23:35:29.0352 2112 C:\Windows\System32\nsi.dll - ok
23:35:29.0352 2112 [ FAF6EC2460AD5FBBD38D8E1AE28B0D77 ] C:\Windows\System32\wininet.dll
23:35:29.0352 2112 C:\Windows\System32\wininet.dll - ok
23:35:29.0368 2112 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
23:35:29.0368 2112 C:\Windows\System32\imagehlp.dll - ok
23:35:29.0368 2112 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
23:35:29.0368 2112 C:\Windows\System32\psapi.dll - ok
23:35:29.0384 2112 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
23:35:29.0384 2112 C:\Windows\System32\msvcrt.dll - ok
23:35:29.0384 2112 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
23:35:29.0384 2112 C:\Windows\System32\rpcrt4.dll - ok
23:35:29.0399 2112 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
23:35:29.0399 2112 C:\Windows\System32\difxapi.dll - ok
23:35:29.0399 2112 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
23:35:29.0399 2112 C:\Windows\System32\shlwapi.dll - ok
23:35:29.0415 2112 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
23:35:29.0415 2112 C:\Windows\System32\cfgmgr32.dll - ok
23:35:29.0415 2112 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
23:35:29.0415 2112 C:\Windows\System32\drivers\ndproxy.sys - ok
23:35:29.0430 2112 [ AFC3DB5C6EB8CA8017DDB81D6C0AD02A ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
23:35:29.0430 2112 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
23:35:29.0430 2112 [ A96D5ECA5742603E0E345C4F6B801F5E ] C:\Windows\System32\crypt32.dll
23:35:29.0430 2112 C:\Windows\System32\crypt32.dll - ok
23:35:29.0446 2112 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
23:35:29.0446 2112 C:\Windows\System32\drivers\drmk.sys - ok
23:35:29.0446 2112 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
23:35:29.0446 2112 C:\Windows\System32\drivers\portcls.sys - ok
23:35:29.0462 2112 [ A3BCBD0F710580A07D1B929D787D36CE ] C:\Windows\System32\drivers\RTKVHD64.sys
23:35:29.0462 2112 C:\Windows\System32\drivers\RTKVHD64.sys - ok
23:35:29.0462 2112 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
23:35:29.0462 2112 C:\Windows\System32\drivers\ksthunk.sys - ok
23:35:29.0477 2112 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
23:35:29.0477 2112 C:\Windows\System32\devobj.dll - ok
23:35:29.0477 2112 [ F49E92B50CED5C9F1725D3C0329FD933 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
23:35:29.0477 2112 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
23:35:29.0493 2112 [ 64A4AB126E24FD3F58EBE64852773DB5 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
23:35:29.0493 2112 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
23:35:29.0493 2112 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
23:35:29.0493 2112 C:\Windows\System32\comctl32.dll - ok
23:35:29.0508 2112 [ 0E6FBF19D9DFBB77316C23DF91F8A101 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
23:35:29.0508 2112 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
23:35:29.0508 2112 [ 9094039A00485F71C4DE64BF51F64C46 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
23:35:29.0508 2112 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
23:35:29.0524 2112 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
23:35:29.0524 2112 C:\Windows\System32\KernelBase.dll - ok
23:35:29.0524 2112 [ 72723D3E4781BADC62C3180C137E7B23 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
23:35:29.0524 2112 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
23:35:29.0540 2112 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
23:35:29.0540 2112 C:\Windows\System32\wintrust.dll - ok
23:35:29.0540 2112 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
23:35:29.0540 2112 C:\Windows\System32\msasn1.dll - ok
23:35:29.0555 2112 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
23:35:29.0555 2112 C:\Windows\SysWOW64\normaliz.dll - ok
23:35:29.0555 2112 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
23:35:29.0555 2112 C:\Windows\System32\drivers\dxapi.sys - ok
23:35:29.0571 2112 [ 73601028E7C44154318AE91D2EB2EDB3 ] C:\Windows\System32\win32k.sys
23:35:29.0571 2112 C:\Windows\System32\win32k.sys - ok
23:35:29.0571 2112 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
23:35:29.0571 2112 C:\Windows\System32\csrss.exe - ok
23:35:29.0586 2112 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
23:35:29.0586 2112 C:\Windows\System32\basesrv.dll - ok
23:35:29.0586 2112 [ CEC1EDF4022DC4DCA40384DCEC672B0E ] C:\Windows\System32\csrsrv.dll
23:35:29.0586 2112 C:\Windows\System32\csrsrv.dll - ok
23:35:29.0602 2112 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
23:35:29.0602 2112 C:\Windows\System32\winsrv.dll - ok
23:35:29.0602 2112 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
23:35:29.0602 2112 C:\Windows\System32\drivers\monitor.sys - ok
23:35:29.0618 2112 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS
23:35:29.0618 2112 C:\Windows\System32\drivers\USBSTOR.SYS - ok
23:35:29.0618 2112 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
23:35:29.0618 2112 C:\Windows\System32\tsddd.dll - ok
23:35:29.0633 2112 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
23:35:29.0633 2112 C:\Windows\System32\sxssrv.dll - ok
23:35:29.0633 2112 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
23:35:29.0633 2112 C:\Windows\System32\wininit.exe - ok
23:35:29.0649 2112 [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
23:35:29.0649 2112 C:\Windows\System32\cdd.dll - ok
23:35:29.0649 2112 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
23:35:29.0649 2112 C:\Windows\System32\profapi.dll - ok
23:35:29.0664 2112 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
23:35:29.0664 2112 C:\Windows\System32\RpcRtRemote.dll - ok
23:35:29.0664 2112 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
23:35:29.0664 2112 C:\Windows\System32\winlogon.exe - ok
23:35:29.0680 2112 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
23:35:29.0680 2112 C:\Windows\System32\KBDUS.DLL - ok
23:35:29.0680 2112 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
23:35:29.0680 2112 C:\Windows\System32\winsta.dll - ok
23:35:29.0696 2112 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
23:35:29.0696 2112 C:\Windows\System32\WlS0WndH.dll - ok
23:35:29.0696 2112 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
23:35:29.0696 2112 C:\Windows\System32\sxs.dll - ok
23:35:29.0711 2112 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
23:35:29.0711 2112 C:\Windows\System32\cryptbase.dll - ok
23:35:29.0711 2112 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
23:35:29.0711 2112 C:\Windows\System32\apphelp.dll - ok
23:35:29.0727 2112 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
23:35:29.0727 2112 C:\Windows\System32\lsass.exe - ok
23:35:29.0727 2112 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
23:35:29.0727 2112 C:\Windows\System32\services.exe - ok
23:35:29.0742 2112 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
23:35:29.0742 2112 C:\Windows\System32\sspisrv.dll - ok
23:35:29.0742 2112 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
23:35:29.0742 2112 C:\Windows\System32\lsasrv.dll - ok
23:35:29.0758 2112 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
23:35:29.0758 2112 C:\Windows\System32\lsm.exe - ok
23:35:29.0758 2112 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
23:35:29.0758 2112 C:\Windows\System32\sspicli.dll - ok
23:35:29.0774 2112 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
23:35:29.0774 2112 C:\Windows\System32\samsrv.dll - ok
23:35:29.0774 2112 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
23:35:29.0774 2112 C:\Windows\System32\scext.dll - ok
23:35:29.0789 2112 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
23:35:29.0789 2112 C:\Windows\System32\cryptdll.dll - ok
23:35:29.0789 2112 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
23:35:29.0789 2112 C:\Windows\System32\wevtapi.dll - ok
23:35:29.0805 2112 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
23:35:29.0805 2112 C:\Windows\System32\secur32.dll - ok
23:35:29.0805 2112 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
23:35:29.0805 2112 C:\Windows\System32\cngaudit.dll - ok
23:35:29.0820 2112 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
23:35:29.0820 2112 C:\Windows\System32\authz.dll - ok
23:35:29.0820 2112 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
23:35:29.0820 2112 C:\Windows\System32\scesrv.dll - ok
23:35:29.0820 2112 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
23:35:29.0820 2112 C:\Windows\System32\ncrypt.dll - ok
23:35:29.0930 2112 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
23:35:29.0930 2112 C:\Windows\System32\sysntfy.dll - ok
23:35:29.0930 2112 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
23:35:29.0930 2112 C:\Windows\System32\bcrypt.dll - ok
23:35:29.0945 2112 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
23:35:29.0945 2112 C:\Windows\System32\wmsgapi.dll - ok
23:35:29.0945 2112 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
23:35:29.0945 2112 C:\Windows\System32\srvcli.dll - ok
23:35:29.0961 2112 [ CB2ABB2DA1E9C977302A78D86D4AE3B0 ] C:\Windows\System32\atmfd.dll
23:35:29.0961 2112 C:\Windows\System32\atmfd.dll - ok
23:35:29.0961 2112 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
23:35:29.0961 2112 C:\Windows\System32\msprivs.dll - ok
23:35:29.0976 2112 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
23:35:29.0976 2112 C:\Windows\System32\netjoin.dll - ok
23:35:29.0976 2112 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
23:35:29.0976 2112 C:\Windows\System32\kerberos.dll - ok
23:35:30.0008 2112 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
23:35:30.0008 2112 C:\Windows\System32\negoexts.dll - ok
23:35:30.0008 2112 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
23:35:30.0008 2112 C:\Windows\System32\cryptsp.dll - ok
23:35:30.0023 2112 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
23:35:30.0023 2112 C:\Windows\System32\mswsock.dll - ok
23:35:30.0023 2112 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
23:35:30.0023 2112 C:\Windows\System32\msv1_0.dll - ok
23:35:30.0039 2112 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
23:35:30.0039 2112 C:\Windows\System32\wship6.dll - ok
23:35:30.0039 2112 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
23:35:30.0039 2112 C:\Windows\System32\netlogon.dll - ok
23:35:30.0039 2112 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
23:35:30.0039 2112 C:\Windows\System32\dnsapi.dll - ok
23:35:30.0054 2112 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
23:35:30.0054 2112 C:\Windows\System32\logoncli.dll - ok
23:35:30.0054 2112 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
23:35:30.0054 2112 C:\Windows\System32\schannel.dll - ok
23:35:30.0070 2112 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
23:35:30.0070 2112 C:\Windows\System32\wdigest.dll - ok
23:35:30.0070 2112 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
23:35:30.0070 2112 C:\Windows\System32\rsaenh.dll - ok
23:35:30.0086 2112 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
23:35:30.0086 2112 C:\Windows\System32\TSpkg.dll - ok
23:35:30.0086 2112 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
23:35:30.0086 2112 C:\Windows\System32\pku2u.dll - ok
23:35:30.0101 2112 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
23:35:30.0101 2112 C:\Windows\System32\bcryptprimitives.dll - ok
23:35:30.0101 2112 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
23:35:30.0101 2112 C:\Windows\System32\efslsaext.dll - ok
23:35:30.0117 2112 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
23:35:30.0117 2112 C:\Windows\System32\credssp.dll - ok
23:35:30.0117 2112 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
23:35:30.0117 2112 C:\Windows\System32\ubpm.dll - ok
23:35:30.0132 2112 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
23:35:30.0132 2112 C:\Windows\System32\scecli.dll - ok
23:35:30.0132 2112 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
23:35:30.0132 2112 C:\Windows\System32\svchost.exe - ok
23:35:30.0148 2112 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
23:35:30.0148 2112 C:\Windows\System32\umpnpmgr.dll - ok
23:35:30.0148 2112 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
23:35:30.0148 2112 C:\Windows\System32\devrtl.dll - ok
23:35:30.0164 2112 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
23:35:30.0164 2112 C:\Windows\System32\SPInf.dll - ok
23:35:30.0164 2112 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
23:35:30.0164 2112 C:\Windows\System32\userenv.dll - ok
23:35:30.0179 2112 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
23:35:30.0179 2112 C:\Windows\System32\gpapi.dll - ok
23:35:30.0179 2112 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
23:35:30.0179 2112 C:\Windows\System32\umpo.dll - ok
23:35:30.0195 2112 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
23:35:30.0195 2112 C:\Windows\System32\pcwum.dll - ok
23:35:30.0195 2112 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
23:35:30.0195 2112 C:\Windows\System32\powrprof.dll - ok
23:35:30.0210 2112 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
23:35:30.0210 2112 C:\Windows\System32\drivers\luafv.sys - ok
23:35:30.0210 2112 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
23:35:30.0210 2112 C:\Windows\System32\rpcss.dll - ok
23:35:30.0226 2112 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
23:35:30.0226 2112 C:\Windows\System32\RpcEpMap.dll - ok
23:35:30.0226 2112 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
23:35:30.0226 2112 C:\Windows\System32\WSHTCPIP.DLL - ok
23:35:30.0242 2112 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
23:35:30.0242 2112 C:\Windows\System32\wshqos.dll - ok
23:35:30.0242 2112 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
23:35:30.0242 2112 C:\Windows\System32\FirewallAPI.dll - ok
23:35:30.0257 2112 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
23:35:30.0257 2112 C:\Windows\System32\version.dll - ok
23:35:30.0257 2112 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
23:35:30.0257 2112 C:\Windows\System32\LogonUI.exe - ok
23:35:30.0273 2112 [ 3EF480BFED1B5947A32585E30A58D4ED ] C:\Windows\System32\authui.dll
23:35:30.0273 2112 C:\Windows\System32\authui.dll - ok
23:35:30.0273 2112 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
23:35:30.0273 2112 C:\Windows\System32\wevtsvc.dll - ok
23:35:30.0288 2112 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
23:35:30.0288 2112 C:\Windows\System32\cryptui.dll - ok
23:35:30.0288 2112 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
23:35:30.0288 2112 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
23:35:30.0304 2112 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
23:35:30.0304 2112 C:\Windows\System32\shacct.dll - ok
23:35:30.0304 2112 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
23:35:30.0304 2112 C:\Windows\System32\samlib.dll - ok
23:35:30.0320 2112 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
23:35:30.0320 2112 C:\Windows\System32\propsys.dll - ok
23:35:30.0320 2112 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
23:35:30.0320 2112 C:\Windows\System32\audiosrv.dll - ok
23:35:30.0335 2112 [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
23:35:30.0335 2112 C:\Windows\System32\FntCache.dll - ok
23:35:30.0335 2112 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
23:35:30.0335 2112 C:\Windows\System32\profsvc.dll - ok
23:35:30.0351 2112 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
23:35:30.0351 2112 C:\Windows\System32\adtschema.dll - ok
23:35:30.0351 2112 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
23:35:30.0351 2112 C:\Windows\System32\uxtheme.dll - ok
23:35:30.0366 2112 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
23:35:30.0366 2112 C:\Windows\System32\wlansvc.dll - ok
23:35:30.0366 2112 [ 18CAAF21CBA3EAEE17BBA5D3807F29B8 ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll
23:35:30.0366 2112 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18120_none_2b25b14c71ebf230\GdiPlus.dll - ok
23:35:30.0382 2112 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
23:35:30.0382 2112 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
23:35:30.0382 2112 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
23:35:30.0382 2112 C:\Windows\System32\MMDevAPI.dll - ok
23:35:30.0398 2112 [ B1DF2D87DC8BF6072699AC8301B37796 ] C:\Windows\System32\WUDFPlatform.dll
23:35:30.0398 2112 C:\Windows\System32\WUDFPlatform.dll - ok
23:35:30.0398 2112 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
23:35:30.0398 2112 C:\Windows\System32\dui70.dll - ok
23:35:30.0413 2112 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
23:35:30.0413 2112 C:\Windows\System32\drivers\fltMgr.sys - ok
23:35:30.0413 2112 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
23:35:30.0413 2112 C:\Windows\System32\duser.dll - ok
23:35:30.0429 2112 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
23:35:30.0429 2112 C:\Windows\System32\PSHED.DLL - ok
23:35:30.0429 2112 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
23:35:30.0429 2112 C:\Windows\System32\avrt.dll - ok
23:35:30.0444 2112 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
23:35:30.0444 2112 C:\Windows\System32\SndVolSSO.dll - ok
23:35:30.0444 2112 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
23:35:30.0444 2112 C:\Windows\System32\mmcss.dll - ok
23:35:30.0460 2112 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
23:35:30.0460 2112 C:\Windows\System32\hid.dll - ok
23:35:30.0460 2112 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
23:35:30.0460 2112 C:\Windows\System32\dwmapi.dll - ok
23:35:30.0476 2112 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
23:35:30.0476 2112 C:\Windows\System32\xmllite.dll - ok
23:35:30.0476 2112 [ 3D7BB6DD7A87B3E36E44CA94444247A8 ] C:\Windows\System32\WindowsCodecs.dll
23:35:30.0476 2112 C:\Windows\System32\WindowsCodecs.dll - ok
23:35:30.0476 2112 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
23:35:30.0476 2112 C:\Windows\System32\winbrand.dll - ok
23:35:30.0491 2112 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
23:35:30.0491 2112 C:\Windows\System32\VaultCredProvider.dll - ok
23:35:30.0491 2112 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
23:35:30.0491 2112 C:\Windows\System32\wtsapi32.dll - ok
23:35:30.0507 2112 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
23:35:30.0507 2112 C:\Windows\System32\audiodg.exe - ok
23:35:30.0507 2112 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
23:35:30.0507 2112 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
23:35:30.0522 2112 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
23:35:30.0522 2112 C:\Windows\System32\sysmain.dll - ok
23:35:30.0522 2112 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
23:35:30.0522 2112 C:\Windows\System32\BioCredProv.dll - ok
23:35:30.0538 2112 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
23:35:30.0538 2112 C:\Windows\System32\winbio.dll - ok
23:35:30.0538 2112 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
23:35:30.0538 2112 C:\Windows\System32\credui.dll - ok
23:35:30.0554 2112 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
23:35:30.0554 2112 C:\Windows\System32\ntmarta.dll - ok
23:35:30.0554 2112 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
23:35:30.0554 2112 C:\Windows\System32\gpsvc.dll - ok
23:35:30.0569 2112 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
23:35:30.0569 2112 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
23:35:30.0569 2112 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
23:35:30.0569 2112 C:\Windows\System32\netapi32.dll - ok
23:35:30.0585 2112 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
23:35:30.0585 2112 C:\Windows\System32\vaultcli.dll - ok
23:35:30.0585 2112 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
23:35:30.0585 2112 C:\Windows\System32\netutils.dll - ok
23:35:30.0600 2112 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
23:35:30.0600 2112 C:\Windows\System32\wkscli.dll - ok
23:35:30.0600 2112 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
23:35:30.0600 2112 C:\Windows\System32\samcli.dll - ok
23:35:30.0616 2112 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
23:35:30.0616 2112 C:\Windows\System32\certCredProvider.dll - ok
23:35:30.0616 2112 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
23:35:30.0616 2112 C:\Windows\System32\nlaapi.dll - ok
23:35:30.0632 2112 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
23:35:30.0632 2112 C:\Windows\System32\rasplap.dll - ok
23:35:30.0632 2112 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
23:35:30.0632 2112 C:\Windows\System32\atl.dll - ok
23:35:30.0647 2112 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
23:35:30.0647 2112 C:\Windows\System32\rasapi32.dll - ok
23:35:30.0647 2112 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
23:35:30.0647 2112 C:\Windows\System32\rasman.dll - ok
23:35:30.0663 2112 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
23:35:30.0663 2112 C:\Windows\System32\themeservice.dll - ok
23:35:30.0663 2112 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
23:35:30.0663 2112 C:\Windows\System32\rtutils.dll - ok
23:35:30.0678 2112 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
23:35:30.0678 2112 C:\Windows\System32\dsrole.dll - ok
23:35:30.0678 2112 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
23:35:30.0678 2112 C:\Windows\System32\winmm.dll - ok
23:35:30.0694 2112 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
23:35:30.0694 2112 C:\Windows\System32\slc.dll - ok
23:35:30.0694 2112 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
23:35:30.0694 2112 C:\Windows\System32\wdmaud.drv - ok
23:35:30.0710 2112 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
23:35:30.0710 2112 C:\Windows\System32\es.dll - ok
23:35:30.0710 2112 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
23:35:30.0710 2112 C:\Windows\System32\ksuser.dll - ok
23:35:30.0725 2112 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
23:35:30.0725 2112 C:\Windows\System32\UXInit.dll - ok
23:35:30.0725 2112 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
23:35:30.0725 2112 C:\Windows\System32\AudioSes.dll - ok
23:35:30.0741 2112 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
23:35:30.0741 2112 C:\Windows\System32\comres.dll - ok
23:35:30.0741 2112 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
23:35:30.0741 2112 C:\Windows\System32\Sens.dll - ok
23:35:30.0756 2112 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
23:35:30.0756 2112 C:\Windows\System32\imageres.dll - ok
23:35:30.0756 2112 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
23:35:30.0756 2112 C:\Windows\System32\uxsms.dll - ok
23:35:30.0772 2112 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
23:35:30.0772 2112 C:\Windows\System32\drivers\lltdio.sys - ok
23:35:30.0772 2112 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
23:35:30.0772 2112 C:\Windows\System32\drivers\nwifi.sys - ok
23:35:30.0788 2112 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
23:35:30.0788 2112 C:\Windows\System32\drivers\ndisuio.sys - ok
23:35:30.0788 2112 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
23:35:30.0788 2112 C:\Windows\System32\drivers\rspndr.sys - ok
23:35:30.0803 2112 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
23:35:30.0803 2112 C:\Windows\System32\IPHLPAPI.DLL - ok
23:35:30.0803 2112 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
23:35:30.0803 2112 C:\Windows\System32\lmhsvc.dll - ok
23:35:30.0819 2112 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
23:35:30.0819 2112 C:\Windows\System32\nsisvc.dll - ok
23:35:30.0819 2112 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
23:35:30.0819 2112 C:\Windows\System32\msacm32.dll - ok
23:35:30.0819 2112 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
23:35:30.0881 2112 C:\Windows\System32\msacm32.drv - ok
23:35:30.0881 2112 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
23:35:30.0881 2112 C:\Windows\System32\midimap.dll - ok
23:35:30.0897 2112 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
23:35:30.0897 2112 C:\Windows\System32\winnsi.dll - ok
23:35:30.0897 2112 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
23:35:30.0897 2112 C:\Windows\System32\nrpsrv.dll - ok
23:35:30.0912 2112 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
23:35:30.0912 2112 C:\Windows\System32\dhcpcore.dll - ok
23:35:30.0912 2112 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
23:35:30.0912 2112 C:\Windows\System32\keyiso.dll - ok
23:35:30.0928 2112 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
23:35:30.0928 2112 C:\Windows\System32\dnsrslvr.dll - ok
23:35:30.0928 2112 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
23:35:30.0928 2112 C:\Windows\System32\FWPUCLNT.DLL - ok
23:35:30.0944 2112 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
23:35:30.0944 2112 C:\Windows\System32\AudioEng.dll - ok
23:35:30.0959 2112 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
23:35:30.0959 2112 C:\Windows\System32\dhcpcore6.dll - ok
23:35:30.0959 2112 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
23:35:30.0959 2112 C:\Windows\System32\dnsext.dll - ok
23:35:30.0975 2112 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
23:35:30.0975 2112 C:\Windows\System32\eapphost.dll - ok
23:35:30.0975 2112 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
23:35:30.0975 2112 C:\Windows\System32\eapsvc.dll - ok
23:35:30.0990 2112 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
23:35:30.0990 2112 C:\Windows\System32\AUDIOKSE.dll - ok
23:35:30.0990 2112 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
23:35:30.0990 2112 C:\Windows\System32\umb.dll - ok
23:35:31.0006 2112 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
23:35:31.0006 2112 C:\Windows\System32\wlanmsm.dll - ok
23:35:31.0006 2112 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
23:35:31.0006 2112 C:\Windows\System32\wlansec.dll - ok
23:35:31.0022 2112 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
23:35:31.0022 2112 C:\Windows\System32\dhcpcsvc.dll - ok
23:35:31.0022 2112 [ 28B90B154EAB06C22788B04C760AA8B3 ] C:\Windows\System32\RtkAPO64.dll
23:35:31.0022 2112 C:\Windows\System32\RtkAPO64.dll - ok
23:35:31.0037 2112 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
23:35:31.0037 2112 C:\Windows\System32\onex.dll - ok
23:35:31.0037 2112 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
23:35:31.0037 2112 C:\Windows\System32\eappprxy.dll - ok
23:35:31.0037 2112 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
23:35:31.0037 2112 C:\Windows\System32\eappcfg.dll - ok
23:35:31.0053 2112 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
23:35:31.0053 2112 C:\Windows\System32\dhcpcsvc6.dll - ok
23:35:31.0053 2112 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
23:35:31.0053 2112 C:\Windows\System32\l2gpstore.dll - ok
23:35:31.0068 2112 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
23:35:31.0068 2112 C:\Windows\System32\wlgpclnt.dll - ok
23:35:31.0068 2112 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
23:35:31.0068 2112 C:\Windows\System32\WinSCard.dll - ok
23:35:31.0084 2112 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
23:35:31.0084 2112 C:\Windows\System32\wlanutil.dll - ok
23:35:31.0084 2112 [ 973ADB6AD47AC047F900C0D760AB6BE2 ] C:\Windows\System32\AERTAR64.dll
23:35:31.0084 2112 C:\Windows\System32\AERTAR64.dll - ok
23:35:31.0100 2112 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll
23:35:31.0100 2112 C:\Windows\System32\WMALFXGFXDSP.dll - ok
23:35:31.0100 2112 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
23:35:31.0100 2112 C:\Windows\System32\msxml6.dll - ok
23:35:31.0115 2112 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll
23:35:31.0115 2112 C:\Windows\System32\mfplat.dll - ok
23:35:31.0115 2112 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
23:35:31.0115 2112 C:\Windows\System32\netcfgx.dll - ok
23:35:31.0131 2112 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
23:35:31.0131 2112 C:\Windows\System32\shsvcs.dll - ok
23:35:31.0131 2112 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
23:35:31.0131 2112 C:\Windows\System32\schedsvc.dll - ok
23:35:31.0146 2112 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
23:35:31.0146 2112 C:\Windows\System32\ktmw32.dll - ok
23:35:31.0146 2112 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
23:35:31.0146 2112 C:\Windows\System32\fveapi.dll - ok
23:35:31.0162 2112 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
23:35:31.0162 2112 C:\Windows\System32\tbs.dll - ok
23:35:31.0162 2112 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
23:35:31.0162 2112 C:\Windows\System32\fvecerts.dll - ok
23:35:31.0178 2112 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
23:35:31.0178 2112 C:\Windows\System32\taskcomp.dll - ok
23:35:31.0178 2112 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
23:35:31.0178 2112 C:\Windows\System32\drivers\http.sys - ok
23:35:31.0193 2112 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
23:35:31.0193 2112 C:\Windows\System32\spoolsv.exe - ok
23:35:31.0193 2112 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
23:35:31.0193 2112 C:\Windows\System32\wiarpc.dll - ok
23:35:31.0209 2112 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
23:35:31.0209 2112 C:\Windows\System32\BFE.DLL - ok
23:35:31.0209 2112 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
23:35:31.0209 2112 C:\Windows\System32\drivers\bowser.sys - ok
23:35:31.0224 2112 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
23:35:31.0224 2112 C:\Windows\System32\drivers\mpsdrv.sys - ok
23:35:31.0224 2112 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
23:35:31.0224 2112 C:\Windows\System32\drivers\mrxsmb.sys - ok
23:35:31.0240 2112 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
23:35:31.0240 2112 C:\Windows\System32\drivers\mrxsmb10.sys - ok
23:35:31.0240 2112 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
23:35:31.0240 2112 C:\Windows\System32\drivers\mrxsmb20.sys - ok
23:35:31.0256 2112 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
23:35:31.0256 2112 C:\Windows\System32\MPSSVC.dll - ok
23:35:31.0256 2112 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
23:35:31.0256 2112 C:\Windows\System32\wkssvc.dll - ok
23:35:31.0271 2112 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
23:35:31.0271 2112 C:\Windows\System32\wfapigp.dll - ok
23:35:31.0271 2112 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
23:35:31.0271 2112 C:\Windows\System32\mscms.dll - ok
23:35:31.0287 2112 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
23:35:31.0287 2112 C:\Windows\System32\pcasvc.dll - ok
23:35:31.0287 2112 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
23:35:31.0287 2112 C:\Windows\System32\snmptrap.exe - ok
23:35:31.0302 2112 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
23:35:31.0302 2112 C:\Windows\System32\provsvc.dll - ok
23:35:31.0302 2112 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
23:35:31.0302 2112 C:\Windows\System32\sstpsvc.dll - ok
23:35:31.0318 2112 [ D1E343BC00136CE03C4D403194D06A80 ] C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:35:31.0318 2112 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe - ok
23:35:31.0318 2112 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] C:\Windows\System32\cryptsvc.dll
23:35:31.0318 2112 C:\Windows\System32\cryptsvc.dll - ok
23:35:31.0334 2112 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
23:35:31.0334 2112 C:\Windows\System32\dps.dll - ok
23:35:31.0334 2112 [ 2C4C22EA1735F21F355EB1A39832F7DF ] C:\Windows\System32\cryptnet.dll
23:35:31.0334 2112 C:\Windows\System32\cryptnet.dll - ok
23:35:31.0349 2112 [ B6492D01712A22FF3FEA25A999DBD321 ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:35:31.0349 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe - ok
23:35:31.0349 2112 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
23:35:31.0349 2112 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
23:35:31.0365 2112 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
23:35:31.0365 2112 C:\Windows\System32\vssapi.dll - ok
23:35:31.0365 2112 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
23:35:31.0365 2112 C:\Windows\System32\taskschd.dll - ok
23:35:31.0380 2112 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
23:35:31.0380 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe - ok
23:35:31.0380 2112 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
23:35:31.0380 2112 C:\Windows\SysWOW64\ntdll.dll - ok
23:35:31.0396 2112 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
23:35:31.0396 2112 C:\Windows\System32\wow64.dll - ok
23:35:31.0396 2112 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
23:35:31.0396 2112 C:\Windows\System32\vsstrace.dll - ok
23:35:31.0412 2112 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
23:35:31.0412 2112 C:\Windows\System32\wow64win.dll - ok
23:35:31.0412 2112 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
23:35:31.0412 2112 C:\Windows\System32\wow64cpu.dll - ok
23:35:31.0427 2112 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
23:35:31.0427 2112 C:\Windows\SysWOW64\kernel32.dll - ok
23:35:31.0427 2112 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
23:35:31.0427 2112 C:\Windows\SysWOW64\KernelBase.dll - ok
23:35:31.0443 2112 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
23:35:31.0443 2112 C:\Windows\SysWOW64\user32.dll - ok
23:35:31.0443 2112 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
23:35:31.0443 2112 C:\Windows\SysWOW64\gdi32.dll - ok
23:35:31.0458 2112 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
23:35:31.0458 2112 C:\Windows\SysWOW64\lpk.dll - ok
23:35:31.0458 2112 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
23:35:31.0458 2112 C:\Windows\SysWOW64\usp10.dll - ok
23:35:31.0474 2112 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
23:35:31.0474 2112 C:\Windows\SysWOW64\msvcrt.dll - ok
23:35:31.0474 2112 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
23:35:31.0474 2112 C:\Windows\SysWOW64\advapi32.dll - ok
23:35:31.0490 2112 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
23:35:31.0490 2112 C:\Windows\SysWOW64\sechost.dll - ok
23:35:31.0490 2112 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
23:35:31.0490 2112 C:\Windows\SysWOW64\rpcrt4.dll - ok
23:35:31.0490 2112 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
23:35:31.0490 2112 C:\Windows\SysWOW64\cryptbase.dll - ok
23:35:31.0505 2112 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
23:35:31.0505 2112 C:\Windows\SysWOW64\ole32.dll - ok
23:35:31.0505 2112 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
23:35:31.0505 2112 C:\Windows\SysWOW64\sspicli.dll - ok
23:35:31.0521 2112 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
23:35:31.0521 2112 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
23:35:31.0521 2112 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
23:35:31.0521 2112 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
23:35:31.0536 2112 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
23:35:31.0536 2112 C:\Windows\SysWOW64\imm32.dll - ok
23:35:31.0536 2112 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
23:35:31.0536 2112 C:\Windows\SysWOW64\msctf.dll - ok
23:35:31.0552 2112 [ 88104CCBC329D185A881031A11259229 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccL90U.dll
23:35:31.0552 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccL90U.dll - ok
23:35:31.0552 2112 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
23:35:31.0552 2112 C:\Windows\SysWOW64\oleaut32.dll - ok
23:35:31.0568 2112 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
23:35:31.0568 2112 C:\Windows\SysWOW64\ws2_32.dll - ok
23:35:31.0568 2112 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
23:35:31.0568 2112 C:\Windows\SysWOW64\nsi.dll - ok
23:35:31.0583 2112 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
23:35:31.0583 2112 C:\Windows\SysWOW64\shlwapi.dll - ok
23:35:31.0583 2112 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
23:35:31.0583 2112 C:\Windows\SysWOW64\dbghelp.dll - ok
23:35:31.0599 2112 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
23:35:31.0599 2112 C:\Windows\SysWOW64\version.dll - ok
23:35:31.0599 2112 [ 0921ED273D89BA9778437ECD26B6A78A ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccVrTrst.dll
23:35:31.0599 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccVrTrst.dll - ok
23:35:31.0614 2112 [ 92245C959E5BC378809D2CC5E9F6E9C7 ] C:\Windows\SysWOW64\crypt32.dll
23:35:31.0614 2112 C:\Windows\SysWOW64\crypt32.dll - ok
23:35:31.0614 2112 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
23:35:31.0614 2112 C:\Windows\SysWOW64\msasn1.dll - ok
23:35:31.0630 2112 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
23:35:31.0630 2112 C:\Windows\SysWOW64\wintrust.dll - ok
23:35:31.0630 2112 [ C3CEC76A11F4D8B72F6DD582A2726B1E ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\EFACli.dll
23:35:31.0630 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\EFACli.dll - ok
23:35:31.0646 2112 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
23:35:31.0646 2112 C:\Windows\SysWOW64\fltLib.dll - ok
23:35:31.0646 2112 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
23:35:31.0646 2112 C:\Windows\SysWOW64\cryptsp.dll - ok
23:35:31.0661 2112 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
23:35:31.0661 2112 C:\Windows\SysWOW64\rsaenh.dll - ok
23:35:31.0661 2112 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
23:35:31.0661 2112 C:\Windows\SysWOW64\imagehlp.dll - ok
23:35:31.0677 2112 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
23:35:31.0677 2112 C:\Windows\SysWOW64\ncrypt.dll - ok
23:35:31.0677 2112 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
23:35:31.0677 2112 C:\Windows\SysWOW64\bcrypt.dll - ok
23:35:31.0692 2112 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
23:35:31.0692 2112 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
23:35:31.0692 2112 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
23:35:31.0692 2112 C:\Windows\SysWOW64\userenv.dll - ok
23:35:31.0708 2112 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
23:35:31.0708 2112 C:\Windows\SysWOW64\profapi.dll - ok
23:35:31.0708 2112 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
23:35:31.0708 2112 C:\Windows\SysWOW64\gpapi.dll - ok
23:35:31.0724 2112 [ 2A8A801BEBF936C30BEFC3FDC4BB0759 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\SymNeti.dll
23:35:31.0724 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\SymNeti.dll - ok
23:35:31.0724 2112 [ 8A8B277067C22F4BF6AA9A31692FC4D3 ] C:\Windows\SysWOW64\cryptnet.dll
23:35:31.0724 2112 C:\Windows\SysWOW64\cryptnet.dll - ok
23:35:31.0739 2112 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
23:35:31.0739 2112 C:\Windows\SysWOW64\Wldap32.dll - ok
23:35:31.0739 2112 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
23:35:31.0739 2112 C:\Windows\SysWOW64\SensApi.dll - ok
23:35:31.0755 2112 [ 09A06ECC3CE3048B17F25F75ACC63D14 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccIPC.dll
23:35:31.0755 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccIPC.dll - ok
23:35:31.0755 2112 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
23:35:31.0755 2112 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
23:35:31.0770 2112 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
23:35:31.0770 2112 C:\Windows\SysWOW64\psapi.dll - ok
23:35:31.0770 2112 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
23:35:31.0770 2112 C:\Windows\SysWOW64\cfgmgr32.dll - ok
23:35:31.0786 2112 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
23:35:31.0786 2112 C:\Windows\System32\nlasvc.dll - ok
23:35:31.0786 2112 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
23:35:31.0786 2112 C:\Windows\System32\drivers\PEAuth.sys - ok
23:35:31.0802 2112 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
23:35:31.0802 2112 C:\Windows\System32\aepic.dll - ok
23:35:31.0802 2112 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
23:35:31.0802 2112 C:\Windows\System32\sfc.dll - ok
23:35:31.0817 2112 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
23:35:31.0817 2112 C:\Windows\System32\sfc_os.dll - ok
23:35:31.0817 2112 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
23:35:31.0817 2112 C:\Windows\System32\ncsi.dll - ok
23:35:31.0833 2112 [ 498EB62A160674E793FA40FD65390625 ] C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:35:31.0833 2112 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe - ok
23:35:31.0833 2112 [ 4050600091370422C9B20AC34DC1ACAC ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvc.dll
23:35:31.0833 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvc.dll - ok
23:35:31.0848 2112 [ 44F17398A355DE33B41D7F3DF1558F56 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\Srtsp32.dll
23:35:31.0848 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\Srtsp32.dll - ok
23:35:31.0848 2112 [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\SysWOW64\shell32.dll
23:35:31.0848 2112 C:\Windows\SysWOW64\shell32.dll - ok
23:35:31.0864 2112 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
23:35:31.0864 2112 C:\Windows\System32\winhttp.dll - ok
23:35:31.0864 2112 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
23:35:31.0864 2112 C:\Windows\System32\webio.dll - ok
23:35:31.0880 2112 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
23:35:31.0880 2112 C:\Windows\System32\ssdpapi.dll - ok
23:35:31.0880 2112 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
23:35:31.0880 2112 C:\Windows\System32\aeevts.dll - ok
23:35:31.0895 2112 [ D33AEDFAF32F7272D076600BBEEABD62 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll
23:35:31.0895 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll - ok
23:35:31.0895 2112 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
23:35:31.0895 2112 C:\Windows\SysWOW64\secur32.dll - ok
23:35:31.0911 2112 [ 2B61F6766CAE1125C00DD9DDD268D876 ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSet.dll
23:35:31.0911 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSet.dll - ok
23:35:31.0911 2112 [ D48EC5F4173CA9C470973A526DFCA25C ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\cltLMJ.dll
23:35:31.0911 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\cltLMJ.dll - ok
23:35:31.0926 2112 [ 9BF7C7654EFD098EE3A27B49492A382A ] C:\Windows\SysWOW64\wininet.dll
23:35:31.0926 2112 C:\Windows\SysWOW64\wininet.dll - ok
23:35:31.0926 2112 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
23:35:31.0926 2112 C:\Windows\System32\drivers\secdrv.sys - ok
23:35:31.0942 2112 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
23:35:31.0942 2112 C:\Windows\System32\drivers\srvnet.sys - ok
23:35:31.0942 2112 [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
23:35:31.0942 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
23:35:31.0958 2112 [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
23:35:31.0958 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll - ok
23:35:31.0958 2112 [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
23:35:31.0958 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
23:35:31.0973 2112 [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
23:35:31.0973 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
23:35:31.0973 2112 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
23:35:31.0973 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll - ok
23:35:31.0989 2112 [ FE29131E35902038066C924CF9C59DF8 ] C:\Windows\SysWOW64\iertutil.dll
23:35:31.0989 2112 C:\Windows\SysWOW64\iertutil.dll - ok
23:35:31.0989 2112 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
23:35:31.0989 2112 C:\Windows\System32\drivers\tcpipreg.sys - ok
23:35:32.0004 2112 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
23:35:32.0004 2112 C:\Windows\SysWOW64\winhttp.dll - ok
23:35:32.0020 2112 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
23:35:32.0020 2112 C:\Windows\SysWOW64\clbcatq.dll - ok
23:35:32.0020 2112 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
23:35:32.0020 2112 C:\Windows\System32\trkwks.dll - ok
23:35:32.0036 2112 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
23:35:32.0036 2112 C:\Windows\SysWOW64\webio.dll - ok
23:35:32.0036 2112 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
23:35:32.0036 2112 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
23:35:32.0051 2112 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
23:35:32.0051 2112 C:\Windows\SysWOW64\winnsi.dll - ok
23:35:32.0051 2112 [ 60DE781E0AC4299DCD453939AFE21FAA ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ISDataSv.dll
23:35:32.0051 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ISDataSv.dll - ok
23:35:32.0067 2112 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
23:35:32.0067 2112 C:\Windows\System32\wbem\WMIsvc.dll - ok
23:35:32.0067 2112 [ D631CDE583B8465FB2FB4434864B2E9E ] C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccGEvt.dll
23:35:32.0067 2112 C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccGEvt.dll - ok
23:35:32.0082 2112 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
23:35:32.0082 2112 C:\Windows\System32\drivers\srv2.sys - ok
23:35:32.0082 2112 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
23:35:32.0082 2112 C:\Windows\System32\wbemcomn.dll - ok
23:35:32.0098 2112 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
23:35:32.0098 2112 C:\Windows\System32\drivers\srv.sys - ok
23:35:32.0098 2112 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
23:35:32.0098 2112 C:\Windows\System32\iphlpsvc.dll - ok
23:35:32.0114 2112 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
23:35:32.0114 2112 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
23:35:32.0114 2112 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
23:35:32.0114 2112 C:\Windows\System32\wbem\fastprox.dll - ok
23:35:32.0129 2112 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
23:35:32.0129 2112 C:\Windows\System32\sqmapi.dll - ok
23:35:32.0129 2112 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
23:35:32.0129 2112 C:\Windows\System32\wdscore.dll - ok
23:35:32.0145 2112 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
23:35:32.0145 2112 C:\Windows\System32\ntdsapi.dll - ok
23:35:32.0145 2112 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
23:35:32.0145 2112 C:\Windows\System32\srvsvc.dll - ok
23:35:32.0160 2112 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
23:35:32.0160 2112 C:\Windows\System32\browser.dll - ok
23:35:32.0160 2112 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
23:35:32.0160 2112 C:\Windows\System32\wbem\wbemprox.dll - ok
23:35:32.0176 2112 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
23:35:32.0176 2112 C:\Windows\System32\wbem\WinMgmtR.dll - ok
23:35:32.0176 2112 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
23:35:32.0176 2112 C:\Windows\System32\netmsg.dll - ok
23:35:32.0192 2112 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
23:35:32.0192 2112 C:\Windows\System32\wbem\wbemcore.dll - ok
23:35:32.0192 2112 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
23:35:32.0192 2112 C:\Windows\System32\wbem\esscli.dll - ok
23:35:32.0207 2112 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
23:35:32.0207 2112 C:\Windows\System32\wbem\wbemsvc.dll - ok
23:35:32.0207 2112 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
23:35:32.0207 2112 C:\Windows\System32\clusapi.dll - ok
23:35:32.0223 2112 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
23:35:32.0223 2112 C:\Windows\System32\sscore.dll - ok
23:35:32.0223 2112 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
23:35:32.0223 2112 C:\Windows\System32\wbem\wmiutils.dll - ok
23:35:32.0238 2112 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
23:35:32.0238 2112 C:\Windows\System32\resutils.dll - ok
23:35:32.0238 2112 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
23:35:32.0238 2112 C:\Windows\System32\wbem\repdrvfs.dll - ok
23:35:32.0254 2112 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
23:35:32.0254 2112 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
23:35:32.0254 2112 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
23:35:32.0254 2112 C:\Windows\SysWOW64\wtsapi32.dll - ok
23:35:32.0270 2112 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
23:35:32.0270 2112 C:\Windows\SysWOW64\winsta.dll - ok
23:35:32.0270 2112 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\SysWOW64\wbem\wbemprox.dll
23:35:32.0270 2112 C:\Windows\SysWOW64\wbem\wbemprox.dll - ok
23:35:32.0285 2112 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\SysWOW64\wbemcomn.dll
23:35:32.0285 2112 C:\Windows\SysWOW64\wbemcomn.dll - ok
23:35:32.0285 2112 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
23:35:32.0285 2112 C:\Windows\System32\ncobjapi.dll - ok
23:35:32.0301 2112 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
23:35:32.0301 2112 C:\Windows\System32\wbem\wbemess.dll - ok
23:35:32.0301 2112 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\SysWOW64\wbem\wbemsvc.dll
23:35:32.0301 2112 C:\Windows\SysWOW64\wbem\wbemsvc.dll - ok
23:35:32.0316 2112 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
23:35:32.0316 2112 C:\Windows\System32\netprofm.dll - ok
23:35:32.0316 2112 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\SysWOW64\wbem\fastprox.dll
23:35:32.0316 2112 C:\Windows\SysWOW64\wbem\fastprox.dll - ok
23:35:32.0332 2112 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\SysWOW64\ntdsapi.dll
23:35:32.0332 2112 C:\Windows\SysWOW64\ntdsapi.dll - ok
23:35:32.0332 2112 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
23:35:32.0332 2112 C:\Windows\System32\nci.dll - ok
23:35:32.0348 2112 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
23:35:32.0348 2112 C:\Windows\System32\hnetcfg.dll - ok
23:35:32.0348 2112 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
23:35:32.0348 2112 C:\Windows\System32\dllhost.exe - ok
23:35:32.0348 2112 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
23:35:32.0348 2112 C:\Windows\System32\rasadhlp.dll - ok
23:35:32.0363 2112 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
23:35:32.0363 2112 C:\Windows\System32\ndiscapCfg.dll - ok
23:35:32.0363 2112 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
23:35:32.0363 2112 C:\Windows\System32\mprapi.dll - ok
23:35:32.0379 2112 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
23:35:32.0379 2112 C:\Windows\System32\rascfg.dll - ok
23:35:32.0379 2112 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
23:35:32.0379 2112 C:\Windows\System32\wdi.dll - ok
23:35:32.0394 2112 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
23:35:32.0394 2112 C:\Windows\System32\mprmsg.dll - ok
23:35:32.0394 2112 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
23:35:32.0394 2112 C:\Windows\System32\tcpipcfg.dll - ok
23:35:32.0410 2112 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
23:35:32.0410 2112 C:\Windows\System32\wpdbusenum.dll - ok
23:35:32.0410 2112 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
23:35:32.0410 2112 C:\Windows\System32\diagperf.dll - ok
23:35:32.0426 2112 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
23:35:32.0426 2112 C:\Windows\System32\npmproxy.dll - ok
23:35:32.0426 2112 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
23:35:32.0426 2112 C:\Windows\System32\PortableDeviceApi.dll - ok
23:35:32.0441 2112 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
23:35:32.0441 2112 C:\Windows\System32\Apphlpdm.dll - ok
23:35:32.0441 2112 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
23:35:32.0441 2112 C:\Windows\System32\wer.dll - ok
23:35:32.0457 2112 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
23:35:32.0457 2112 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
23:35:32.0457 2112 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
23:35:32.0457 2112 C:\Windows\System32\perftrack.dll - ok
23:35:32.0472 2112 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
23:35:32.0472 2112 C:\Windows\System32\pnpts.dll - ok
23:35:32.0472 2112 [ DDA4CAF29D8C0A297F886BFE561E6659 ] C:\Windows\System32\drivers\WUDFRd.sys
23:35:32.0472 2112 C:\Windows\System32\drivers\WUDFRd.sys - ok
23:35:32.0488 2112 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
23:35:32.0488 2112 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
23:35:32.0488 2112 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
23:35:32.0488 2112 C:\Windows\System32\wdiasqmmodule.dll - ok
23:35:32.0504 2112 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
23:35:32.0504 2112 C:\Windows\System32\radardt.dll - ok
23:35:32.0504 2112 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
23:35:32.0504 2112 C:\Windows\System32\IDStore.dll - ok
23:35:32.0519 2112 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
23:35:32.0519 2112 C:\Windows\System32\taskhost.exe - ok
23:35:32.0519 2112 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
23:35:32.0519 2112 C:\Windows\System32\AtBroker.exe - ok
23:35:32.0535 2112 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
23:35:32.0535 2112 C:\Windows\System32\mpr.dll - ok
23:35:32.0535 2112 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
23:35:32.0535 2112 C:\Windows\SysWOW64\apphelp.dll - ok
23:35:32.0550 2112 [ BD789B77D9FE73B4213DAA5E111FC424 ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
23:35:32.0550 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe - ok
23:35:32.0550 2112 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
23:35:32.0550 2112 C:\Windows\System32\PlaySndSrv.dll - ok
23:35:32.0566 2112 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
23:35:32.0566 2112 C:\Windows\System32\MsCtfMonitor.dll - ok
23:35:32.0566 2112 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
23:35:32.0566 2112 C:\Windows\System32\msutb.dll - ok
23:35:32.0582 2112 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
23:35:32.0582 2112 C:\Windows\System32\userinit.exe - ok
23:35:32.0582 2112 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
23:35:32.0582 2112 C:\Windows\System32\HotStartUserAgent.dll - ok
23:35:32.0597 2112 [ F5CEF064C7E6D95DA86B9D064A56A969 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
23:35:32.0597 2112 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
23:35:32.0597 2112 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
23:35:32.0597 2112 C:\Windows\System32\dwm.exe - ok
23:35:32.0613 2112 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
23:35:32.0613 2112 C:\Windows\System32\dwmredir.dll - ok
23:35:32.0613 2112 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
23:35:32.0613 2112 C:\Windows\System32\dwmcore.dll - ok
23:35:32.0628 2112 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
23:35:32.0628 2112 C:\Windows\System32\esent.dll - ok
23:35:32.0628 2112 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
23:35:32.0628 2112 C:\Windows\System32\taskeng.exe - ok
23:35:32.0644 2112 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
23:35:32.0644 2112 C:\Windows\System32\localspl.dll - ok
23:35:32.0644 2112 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
23:35:32.0644 2112 C:\Windows\System32\spoolss.dll - ok
23:35:32.0660 2112 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
23:35:32.0660 2112 C:\Windows\System32\winspool.drv - ok
23:35:32.0660 2112 [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
23:35:32.0660 2112 C:\Windows\System32\d3d10_1.dll - ok
23:35:32.0675 2112 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
23:35:32.0675 2112 C:\Windows\explorer.exe - ok
23:35:32.0675 2112 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
23:35:32.0675 2112 C:\Windows\System32\FXSMON.dll - ok
23:35:32.0691 2112 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
23:35:32.0691 2112 C:\Windows\System32\PrintIsolationProxy.dll - ok
23:35:32.0691 2112 [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
23:35:32.0691 2112 C:\Windows\System32\d3d10_1core.dll - ok
23:35:32.0706 2112 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
23:35:32.0706 2112 C:\Windows\System32\tcpmon.dll - ok
23:35:32.0706 2112 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
23:35:32.0706 2112 C:\Windows\System32\snmpapi.dll - ok
23:35:32.0722 2112 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
23:35:32.0722 2112 C:\Windows\System32\wsnmp32.dll - ok
23:35:32.0722 2112 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
23:35:32.0722 2112 C:\Windows\System32\usbmon.dll - ok
23:35:32.0738 2112 [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
23:35:32.0738 2112 C:\Windows\System32\dxgi.dll - ok
23:35:32.0738 2112 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
23:35:32.0738 2112 C:\Windows\System32\WSDMon.dll - ok
23:35:32.0753 2112 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
23:35:32.0753 2112 C:\Windows\System32\WSDApi.dll - ok
23:35:32.0753 2112 [ 4C92EB7535CAA1681A77D928FBF9771F ] C:\Windows\System32\d3d11.dll
23:35:32.0753 2112 C:\Windows\System32\d3d11.dll - ok
23:35:32.0769 2112 [ AB886378EEB55C6C75B4F2D14B6C869F ] C:\Windows\System32\drivers\WUDFPf.sys
23:35:32.0769 2112 C:\Windows\System32\drivers\WUDFPf.sys - ok
23:35:32.0769 2112 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
23:35:32.0769 2112 C:\Windows\System32\webservices.dll - ok
23:35:32.0784 2112 [ B20F051B03A966392364C83F009F7D17 ] C:\Windows\System32\WUDFSvc.dll
23:35:32.0784 2112 C:\Windows\System32\WUDFSvc.dll - ok
23:35:32.0784 2112 [ D8F0E941B1E35DEEE3EDF6DF45517607 ] C:\Windows\System32\igd10umd64.dll
23:35:32.0784 2112 C:\Windows\System32\igd10umd64.dll - ok
23:35:32.0800 2112 [ 8ABFE00F213F2571498F1B8FD7939A98 ] C:\Windows\System32\WUDFHost.exe
23:35:32.0800 2112 C:\Windows\System32\WUDFHost.exe - ok
23:35:32.0800 2112 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
23:35:32.0800 2112 C:\Windows\System32\fundisc.dll - ok
23:35:32.0816 2112 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
23:35:32.0816 2112 C:\Windows\System32\fdPnp.dll - ok
23:35:32.0816 2112 [ 25AE683DCB4AE7E6F1B193A0CB9DB35F ] C:\Windows\System32\WUDFx.dll
23:35:32.0816 2112 C:\Windows\System32\WUDFx.dll - ok
23:35:32.0816 2112 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
23:35:32.0816 2112 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
23:35:32.0847 2112 [ 91D6F0AB79AA36FFB932157865206F35 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
23:35:32.0847 2112 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
23:35:32.0862 2112 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
23:35:32.0862 2112 C:\Windows\System32\uDWM.dll - ok
23:35:32.0862 2112 [ 9864D52F15AD32094A636C6B5281D9E7 ] C:\Windows\System32\WMVCORE.DLL
23:35:32.0862 2112 C:\Windows\System32\WMVCORE.DLL - ok
23:35:32.0878 2112 [ 67CF11E00D026A5C0C88EA5F84D501E5 ] C:\Windows\System32\win32spl.dll
23:35:32.0878 2112 C:\Windows\System32\win32spl.dll - ok
23:35:32.0878 2112 [ AACC48FE239F0DF126DA2F28930A5B83 ] C:\Windows\System32\WMASF.DLL
23:35:32.0878 2112 C:\Windows\System32\WMASF.DLL - ok
23:35:32.0894 2112 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
23:35:32.0894 2112 C:\Windows\System32\inetpp.dll - ok
23:35:32.0894 2112 [ 389CA818132C1D7DCF0C791E8D9035DE ] C:\Windows\System32\PortableDeviceClassExtension.dll
23:35:32.0894 2112 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
23:35:32.0909 2112 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
23:35:32.0909 2112 C:\Windows\System32\PortableDeviceTypes.dll - ok
23:35:32.0909 2112 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
23:35:32.0909 2112 C:\Windows\System32\cscapi.dll - ok
23:35:32.0925 2112 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
23:35:32.0925 2112 C:\Windows\System32\TSChannel.dll - ok
23:35:32.0925 2112 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:35:32.0925 2112 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
23:35:32.0940 2112 [ FF60B8C5BBE73B0790B3332783B6FD81 ] C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll
23:35:32.0940 2112 C:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll - ok
23:35:32.0940 2112 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
23:35:32.0940 2112 C:\Windows\SysWOW64\netapi32.dll - ok
23:35:32.0956 2112 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
23:35:32.0956 2112 C:\Windows\SysWOW64\netutils.dll - ok
23:35:33.0003 2112 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
23:35:33.0003 2112 C:\Windows\SysWOW64\srvcli.dll - ok
23:35:33.0003 2112 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
23:35:33.0003 2112 C:\Windows\SysWOW64\wkscli.dll - ok
23:35:33.0018 2112 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
23:35:33.0018 2112 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
23:35:33.0018 2112 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
23:35:33.0018 2112 C:\Windows\SysWOW64\msi.dll - ok
23:35:33.0034 2112 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
23:35:33.0034 2112 C:\Windows\SysWOW64\cscapi.dll - ok
23:35:33.0034 2112 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
23:35:33.0034 2112 C:\Windows\SysWOW64\ntmarta.dll - ok
23:35:33.0050 2112 [ 8726802EA4FBFFA3FD54FD2449BF51D4 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
23:35:33.0050 2112 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe - ok
23:35:33.0050 2112 [ D9A08472D8D0218A0AE2C9D9F63EA531 ] C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
23:35:33.0050 2112 C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe - ok
23:35:33.0065 2112 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
23:35:33.0065 2112 C:\Windows\SysWOW64\mstask.dll - ok
23:35:33.0065 2112 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
23:35:33.0065 2112 C:\Windows\System32\dbghelp.dll - ok
23:35:33.0081 2112 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
23:35:33.0081 2112 C:\Windows\System32\ExplorerFrame.dll - ok
23:35:33.0081 2112 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
23:35:33.0081 2112 C:\Windows\System32\EhStorShell.dll - ok
23:35:33.0096 2112 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
23:35:33.0096 2112 C:\Windows\System32\ntshrui.dll - ok
23:35:33.0096 2112 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
23:35:33.0096 2112 C:\Windows\System32\IconCodecService.dll - ok
23:35:33.0112 2112 [ 9D2A2369AB4B08A4905FE72DB104498F ] C:\Windows\System32\appinfo.dll
23:35:33.0112 2112 C:\Windows\System32\appinfo.dll - ok
23:35:33.0112 2112 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
23:35:33.0112 2112 C:\Windows\System32\runonce.exe - ok
23:35:33.0128 2112 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
23:35:33.0128 2112 C:\Windows\SysWOW64\runonce.exe - ok
23:35:33.0128 2112 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
23:35:33.0128 2112 C:\Windows\SysWOW64\uxtheme.dll - ok
23:35:33.0143 2112 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
23:35:33.0143 2112 C:\Windows\SysWOW64\propsys.dll - ok
23:35:33.0143 2112 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
23:35:33.0143 2112 C:\Windows\SysWOW64\setupapi.dll - ok
23:35:33.0159 2112 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
23:35:33.0159 2112 C:\Windows\SysWOW64\devobj.dll - ok
23:35:33.0159 2112 [ 225D276C730DF08CC83EABAC407F0D75 ] C:\Windows\SysWOW64\urlmon.dll
23:35:33.0159 2112 C:\Windows\SysWOW64\urlmon.dll - ok
23:35:33.0174 2112 [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
23:35:33.0174 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
23:35:33.0174 2112 [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
23:35:33.0174 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
23:35:33.0190 2112 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
23:35:33.0190 2112 C:\Windows\SysWOW64\cmd.exe - ok
23:35:33.0190 2112 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
23:35:33.0190 2112 C:\Windows\System32\conhost.exe - ok
23:35:33.0206 2112 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
23:35:33.0206 2112 C:\Windows\SysWOW64\winbrand.dll - ok
23:35:33.0206 2112 [ CC3FD6DEEE458D0BE9A69241E0749717 ] C:\Windows\SysWOW64\ieframe.dll
23:35:33.0206 2112 C:\Windows\SysWOW64\ieframe.dll - ok
23:35:33.0221 2112 [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
23:35:33.0221 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
23:35:33.0221 2112 [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
23:35:33.0221 2112 C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
23:35:33.0237 2112 [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\SysWOW64\shdocvw.dll
23:35:33.0237 2112 C:\Windows\SysWOW64\shdocvw.dll - ok
23:35:33.0237 2112 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Messy Family\AppData\Local\Temp\9D42C9A3-A9D4-40B4-9D9A-F7CC4BF1DAE4.exe
23:35:33.0237 2112 C:\Users\Messy Family\AppData\Local\Temp\9D42C9A3-A9D4-40B4-9D9A-F7CC4BF1DAE4.exe - ok
23:35:33.0252 2112 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
23:35:33.0252 2112 C:\Windows\SysWOW64\sfc.dll - ok
23:35:33.0252 2112 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
23:35:33.0252 2112 C:\Windows\SysWOW64\sfc_os.dll - ok
23:35:33.0268 2112 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
23:35:33.0268 2112 C:\Windows\System32\aelupsvc.dll - ok
23:35:33.0268 2112 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
23:35:33.0268 2112 C:\Windows\SysWOW64\devrtl.dll - ok
23:35:33.0284 2112 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
23:35:33.0284 2112 C:\Windows\SysWOW64\mpr.dll - ok
23:35:33.0284 2112 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
23:35:33.0284 2112 C:\Windows\SysWOW64\dwmapi.dll - ok
23:35:33.0299 2112 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
23:35:33.0299 2112 C:\Windows\System32\timedate.cpl - ok
23:35:33.0299 2112 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
23:35:33.0299 2112 C:\Windows\System32\actxprxy.dll - ok
23:35:33.0315 2112 [ 22A0AE97360C1B146FDD9AA55AC0E989 ] C:\Windows\System32\shdocvw.dll
23:35:33.0315 2112 C:\Windows\System32\shdocvw.dll - ok
23:35:33.0315 2112 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
23:35:33.0315 2112 C:\Windows\System32\linkinfo.dll - ok
23:35:33.0330 2112 [ E37DCCB01E8CDD285006AA18A1AC2717 ] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
23:35:33.0330 2112 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll - ok
23:35:33.0330 2112 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
23:35:33.0330 2112 C:\Windows\System32\msftedit.dll - ok
23:35:33.0346 2112 [ 112183DF91C9BAECB498E4A86ECDE598 ] C:\Windows\System32\msls31.dll
23:35:33.0346 2112 C:\Windows\System32\msls31.dll - ok
23:35:33.0346 2112 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
23:35:33.0346 2112 C:\Windows\SysWOW64\credssp.dll - ok
23:35:33.0362 2112 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
23:35:33.0362 2112 C:\Windows\System32\gameux.dll - ok
23:35:33.0362 2112 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
23:35:33.0362 2112 C:\Windows\SysWOW64\mswsock.dll - ok
23:35:33.0377 2112 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
23:35:33.0377 2112 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
23:35:33.0377 2112 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
23:35:33.0377 2112 C:\Windows\SysWOW64\wship6.dll - ok
23:35:33.0393 2112 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
23:35:33.0393 2112 C:\Windows\SysWOW64\dnsapi.dll - ok
23:35:33.0393 2112 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
23:35:33.0393 2112 C:\Windows\SysWOW64\rasadhlp.dll - ok
23:35:33.0408 2112 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
23:35:33.0408 2112 C:\Windows\System32\msiltcfg.dll - ok
23:35:33.0408 2112 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
23:35:33.0408 2112 C:\Windows\System32\msi.dll - ok
23:35:33.0424 2112 [ DA320004256E06B62566658105603D23 ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstUI.dll
23:35:33.0424 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstUI.dll - ok
23:35:33.0424 2112 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
23:35:33.0424 2112 C:\Windows\SysWOW64\oleacc.dll - ok
23:35:33.0440 2112 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
23:35:33.0440 2112 C:\Windows\SysWOW64\winmm.dll - ok
23:35:33.0440 2112 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
23:35:33.0440 2112 C:\Windows\System32\DeviceCenter.dll - ok
23:35:33.0455 2112 [ 58CF3BA823F9F3E883B085F644FDB03B ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\Engine.dll
23:35:33.0455 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\Engine.dll - ok
23:35:33.0455 2112 [ 0087BBDD20A9C24CC58E8DA367B83B8C ] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
23:35:33.0455 2112 C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe - ok
23:35:33.0471 2112 [ B38841D728E1A2802EE1624E15C2DE4C ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
23:35:33.0471 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe - ok
23:35:33.0471 2112 [ 52A3DF9E3C34B1AD9E68141B52B5C2F0 ] C:\Program Files\Java\jre6\bin\jusched.exe
23:35:33.0471 2112 C:\Program Files\Java\jre6\bin\jusched.exe - ok
23:35:33.0486 2112 [ 47AF01BA603E51BB239D55F25B52461D ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
23:35:33.0486 2112 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe - ok
23:35:33.0486 2112 [ 60C314E63AF5D35F31A17C0D5038C2CD ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:35:33.0486 2112 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
23:35:33.0502 2112 [ 0BBFE08ECCE8A209D07C3B68D63FC293 ] C:\Windows\System32\igfxtray.exe
23:35:33.0502 2112 C:\Windows\System32\igfxtray.exe - ok
23:35:33.0502 2112 [ 05EA520BFB1D3085CB12A4355598081D ] C:\Windows\System32\hccutils.dll
23:35:33.0502 2112 C:\Windows\System32\hccutils.dll - ok
23:35:33.0518 2112 [ 2F16207A65B62001FC73E6798D0B8F2A ] C:\Windows\System32\hkcmd.exe
23:35:33.0518 2112 C:\Windows\System32\hkcmd.exe - ok
23:35:33.0518 2112 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
23:35:33.0518 2112 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
23:35:33.0533 2112 [ 291AD82D0CA7F9DBEFF0E68A2EA7376B ] C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe
23:35:33.0533 2112 C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe - ok
23:35:33.0533 2112 [ B69A01794D44C769C2575AE75E2EB31F ] C:\Windows\System32\igfxpers.exe
23:35:33.0533 2112 C:\Windows\System32\igfxpers.exe - ok
23:35:33.0549 2112 [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
23:35:33.0549 2112 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
23:35:33.0549 2112 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
23:35:33.0549 2112 C:\Windows\SysWOW64\rasapi32.dll - ok
23:35:33.0564 2112 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\49629044.sys
23:35:33.0564 2112 C:\Windows\System32\drivers\49629044.sys - ok
23:35:33.0564 2112 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
23:35:33.0564 2112 C:\Windows\SysWOW64\comdlg32.dll - ok
23:35:33.0580 2112 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
23:35:33.0580 2112 C:\Windows\System32\thumbcache.dll - ok
23:35:33.0580 2112 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
23:35:33.0580 2112 C:\Windows\System32\networkexplorer.dll - ok
23:35:33.0596 2112 [ 88104CCBC329D185A881031A11259229 ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ccL90U.dll
23:35:33.0596 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ccL90U.dll - ok
23:35:33.0596 2112 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
23:35:33.0596 2112 C:\Windows\SysWOW64\rasman.dll - ok
23:35:33.0611 2112 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
23:35:33.0611 2112 C:\Windows\SysWOW64\winspool.drv - ok
23:35:33.0611 2112 [ 42135F2323AE6F0566A79DC44ECCF363 ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPKBDCTL.dll
23:35:33.0611 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPKBDCTL.dll - ok
23:35:33.0627 2112 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
23:35:33.0627 2112 C:\Windows\SysWOW64\rtutils.dll - ok
23:35:33.0627 2112 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
23:35:33.0627 2112 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
23:35:33.0642 2112 [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
23:35:33.0642 2112 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
23:35:33.0642 2112 [ AB351AAD2A9EC7FF88AD46E37C411025 ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ProdCbk.dll
23:35:33.0642 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ProdCbk.dll - ok
23:35:33.0658 2112 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
23:35:33.0658 2112 C:\Windows\SysWOW64\oledlg.dll - ok
23:35:33.0658 2112 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
23:35:33.0658 2112 C:\Windows\System32\oledlg.dll - ok
23:35:33.0674 2112 [ 703FFD301AB900B047337C5D40FD6F96 ] C:\Windows\SysWOW64\olepro32.dll
23:35:33.0674 2112 C:\Windows\SysWOW64\olepro32.dll - ok
23:35:33.0674 2112 [ 30E7CA4620500FE012EB464F0E1DE91E ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
23:35:33.0674 2112 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
23:35:33.0689 2112 [ 492B73A99CB47988F3D814B90B8FF0DD ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\cltLMSxi.dll
23:35:33.0689 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\cltLMSxi.dll - ok
23:35:33.0689 2112 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
23:35:33.0689 2112 C:\Windows\System32\opengl32.dll - ok
23:35:33.0705 2112 [ D890EDDD0528E04049C9D524FBA1C506 ] C:\Windows\System32\igfxsrvc.exe
23:35:33.0705 2112 C:\Windows\System32\igfxsrvc.exe - ok
23:35:33.0705 2112 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
23:35:33.0705 2112 C:\Windows\System32\glu32.dll - ok
23:35:33.0720 2112 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
23:35:33.0720 2112 C:\Windows\System32\ddraw.dll - ok
23:35:33.0720 2112 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
23:35:33.0720 2112 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
23:35:33.0736 2112 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
23:35:33.0736 2112 C:\Windows\System32\dciman32.dll - ok
23:35:33.0736 2112 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
23:35:33.0736 2112 C:\Windows\System32\dsound.dll - ok
23:35:33.0752 2112 [ AA89A847B99A8DAB8802DE367935238B ] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
23:35:33.0752 2112 C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe - ok
23:35:33.0752 2112 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
23:35:33.0752 2112 C:\Windows\System32\msimg32.dll - ok
23:35:33.0767 2112 [ E66532FD491AD5604C36916715FBA092 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
23:35:33.0767 2112 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe - ok
23:35:33.0767 2112 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
23:35:33.0767 2112 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
23:35:33.0783 2112 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
23:35:33.0783 2112 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
23:35:33.0783 2112 [ FA495814A54ACCA342AAC450C6A894A0 ] C:\Windows\System32\SynCOM.dll
23:35:33.0783 2112 C:\Windows\System32\SynCOM.dll - ok
23:35:33.0798 2112 [ 3A0647BDED81DBE0BCBB51D70B22C9E0 ] C:\Program Files (x86)\Java\jre6\bin\jusched.exe
23:35:33.0798 2112 C:\Program Files (x86)\Java\jre6\bin\jusched.exe - ok
23:35:33.0798 2112 [ C78A7189839DA35FC78FED6DE162983C ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe
23:35:33.0798 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalCheck.exe - ok
23:35:33.0814 2112 [ 3EC11F261F25F9BAB0C5484D49E9F6F5 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
23:35:33.0814 2112 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
23:35:33.0814 2112 [ DA4ED31DD43ABB0AF99888E236FFDB91 ] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
23:35:33.0814 2112 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - ok
23:35:33.0830 2112 [ 5516C26A6AF8EB4E2CAB48EC98A74398 ] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
23:35:33.0830 2112 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe - ok
23:35:33.0830 2112 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll
23:35:33.0830 2112 C:\Windows\System32\mscoree.dll - ok
23:35:33.0845 2112 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
23:35:33.0845 2112 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok
23:35:33.0845 2112 [ AE81A365D3E29B3E507191CB28A57591 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Cfg.dll
23:35:33.0845 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Cfg.dll - ok
23:35:33.0861 2112 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
23:35:33.0861 2112 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
23:35:33.0861 2112 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:35:33.0861 2112 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
23:35:33.0876 2112 [ 6AE858DFFBEE874FD988A6A647B71010 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32sn.dll
23:35:33.0876 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32sn.dll - ok
23:35:33.0876 2112 [ 0881A458781EC2FFBBC1BB900157226C ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Prod.dll
23:35:33.0892 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Prod.dll - ok
23:35:33.0892 2112 [ 09A06ECC3CE3048B17F25F75ACC63D14 ] C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ccIPC.dll
23:35:33.0892 2112 C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\ccIPC.dll - ok
23:35:33.0908 2112 [ 746D16AE9A54EA3C59801A9EF16C23EE ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Comm.dll
23:35:33.0908 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Comm.dll - ok
23:35:33.0908 2112 [ E948D1D42DC68923ABD75EEB5BCCD1D3 ] C:\Windows\System32\consent.exe
23:35:33.0908 2112 C:\Windows\System32\consent.exe - ok
23:35:33.0923 2112 [ EE7B8B084589CBCCC03A7890D69410B8 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalRemi.dll
23:35:33.0923 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\CalRemi.dll - ok
23:35:33.0923 2112 [ FADD9B111DFBA868820EC80D299CF6B1 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\PEBase.dll
23:35:33.0923 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\PEBase.dll - ok
23:35:33.0939 2112 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll
23:35:33.0939 2112 C:\Windows\SysWOW64\mfc42.dll - ok
23:35:33.0939 2112 [ 5046E55184021406C27E8D48A1B2C9D2 ] C:\Windows\System32\l3codeca.acm
23:35:33.0939 2112 C:\Windows\System32\l3codeca.acm - ok
23:35:33.0954 2112 [ 0B8652B5FC27947012EAF5316F0F69FF ] C:\Windows\System32\SynTPAPI.dll
23:35:33.0954 2112 C:\Windows\System32\SynTPAPI.dll - ok
23:35:33.0954 2112 [ 31A6D4B8803CCBA44271F05E08C4955A ] C:\Windows\System32\igfxsrvc.dll
23:35:33.0954 2112 C:\Windows\System32\igfxsrvc.dll - ok
23:35:33.0970 2112 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll
23:35:33.0970 2112 C:\Windows\SysWOW64\odbc32.dll - ok
23:35:33.0970 2112 [ 62C5B6A5965D89044933286EDA1D99E5 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32video.dll
23:35:33.0970 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32video.dll - ok
23:35:33.0986 2112 [ C335EC1182AC10B188705554E0BC1186 ] C:\Windows\SysWOW64\msvfw32.dll
23:35:33.0986 2112 C:\Windows\SysWOW64\msvfw32.dll - ok
23:35:33.0986 2112 [ 6E823983CB60283736FE6AD1685C2ECC ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Base.dll
23:35:33.0986 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Base.dll - ok
23:35:34.0001 2112 [ 35E9565D60C471DA6C45B31F222D5853 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Brows.dll
23:35:34.0001 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Brows.dll - ok
23:35:34.0001 2112 [ F63CF9E959AA98CBA889BC86A4CB8D65 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Misc.dll
23:35:34.0001 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32Misc.dll - ok
23:35:34.0017 2112 [ DB89EEE9FCB7B84E875829ECA665FBB4 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Vcvrt32.dll
23:35:34.0017 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Vcvrt32.dll - ok
23:35:34.0032 2112 [ D65390B71772BCDE27D1C3C4B5AC1D4F ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32cvt.dll
23:35:34.0032 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32cvt.dll - ok
23:35:34.0032 2112 [ C0FAAE8EC1B4760D3D04844F708DA0F0 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
23:35:34.0032 2112 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok
23:35:34.0048 2112 [ F51059EE3C543CB364A069CAFB252031 ] C:\Windows\System32\igfxdev.dll
23:35:34.0048 2112 C:\Windows\System32\igfxdev.dll - ok
23:35:34.0048 2112 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
23:35:34.0048 2112 C:\Windows\SysWOW64\sxs.dll - ok
23:35:34.0064 2112 [ 1C2BB63D25D9D4A28F388210248D7850 ] C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\VersionInfo.dll
23:35:34.0064 2112 C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\VersionInfo.dll - ok
23:35:34.0064 2112 [ 3D0025D63E1F65A7EFEFB67C1DE8F11A ] C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\mlutil.dll
23:35:34.0064 2112 C:\Program Files (x86)\X-OOM\DVD Player 3 Deluxe\mlutil.dll - ok
23:35:34.0079 2112 [ F7F2F299DD5019C67D9FDDB18E5D3916 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
23:35:34.0079 2112 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe - ok
23:35:34.0079 2112 [ 927F2AB1CB69C290D65F428C9E663CF3 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipp.dll
23:35:34.0079 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipp.dll - ok
23:35:34.0095 2112 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
23:35:34.0095 2112 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
23:35:34.0095 2112 [ 5B83BFA4F492F99AA167E11ED0AF2DEF ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Vepb40.dll
23:35:34.0095 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Vepb40.dll - ok
23:35:34.0110 2112 [ 70A7FD163E58835BDA58E22DB0223009 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32ccs.dll
23:35:34.0110 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32ccs.dll - ok
23:35:34.0110 2112 [ 7CE4A40C88A235FDEED6D206C13E0657 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvBase.dll
23:35:34.0110 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvBase.dll - ok
23:35:34.0126 2112 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\SysWOW64\quartz.dll
23:35:34.0126 2112 C:\Windows\SysWOW64\quartz.dll - ok
23:35:34.0142 2112 [ 7F9C912B2817076DC0C9C129C90D8914 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll
23:35:34.0142 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll - ok
23:35:34.0142 2112 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
23:35:34.0142 2112 C:\Windows\System32\SensApi.dll - ok
23:35:34.0157 2112 [ A756ECFAFB04A5D0FB5624A72E8682D9 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvPlay.dll
23:35:34.0157 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvPlay.dll - ok
23:35:34.0157 2112 [ 93F89D34179F5EAF4F725028C08CB28B ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32File.dll
23:35:34.0157 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\u32File.dll - ok
23:35:34.0173 2112 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll
23:35:34.0173 2112 C:\Windows\SysWOW64\odbcint.dll - ok
23:35:34.0173 2112 [ 352C7C2470C03AFD41889236D849D75C ] C:\Windows\System32\igfxrenu.lrc
23:35:34.0173 2112 C:\Windows\System32\igfxrenu.lrc - ok
23:35:34.0188 2112 [ C7F22545C0C424265E57AA1D220090C6 ] C:\Windows\System32\igfxress.dll
23:35:34.0188 2112 C:\Windows\System32\igfxress.dll - ok
23:35:34.0188 2112 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
23:35:34.0188 2112 C:\Windows\System32\stobject.dll - ok
23:35:34.0204 2112 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
23:35:34.0204 2112 C:\Windows\System32\batmeter.dll - ok
23:35:34.0204 2112 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
23:35:34.0204 2112 C:\Windows\System32\prnfldr.dll - ok
23:35:34.0220 2112 [ 6D137963730144698CBD10F202E9F251 ] C:\Windows\System32\wersvc.dll
23:35:34.0220 2112 C:\Windows\System32\wersvc.dll - ok
23:35:34.0220 2112 [ 391CD109EF28629644C267C855314DEE ] C:\Windows\System32\ieframe.dll
23:35:34.0220 2112 C:\Windows\System32\ieframe.dll - ok
23:35:34.0220 2112 [ DD515FF57CCE77FD6A13ECA7F2A98B1A ] C:\Windows\System32\RtkCfg64.dll
23:35:34.0220 2112 C:\Windows\System32\RtkCfg64.dll - ok
23:35:34.0235 2112 [ F152755F131ADFE452D534F4E9383590 ] C:\Windows\System32\Faultrep.dll
23:35:34.0235 2112 C:\Windows\System32\Faultrep.dll - ok
23:35:34.0251 2112 [ 392BBF8A6076760A9316EB4BB70B4DD6 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipl.dll
23:35:34.0251 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uvipl.dll - ok
23:35:34.0251 2112 [ 28130379C0C11A0614A85E8FECE3A461 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Cpuinf32.dll
23:35:34.0251 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\Cpuinf32.dll - ok
23:35:34.0266 2112 [ 5A9AC2E4C5BD9168E52F8522A78B14D7 ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uviplA6.dll
23:35:34.0266 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\uviplA6.dll - ok
23:35:34.0266 2112 [ 1FD66488812B6D580D94B52A5559579D ] C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\ipeConst.dll
23:35:34.0266 2112 C:\Program Files (x86)\Nova Development\Photo Explosion Deluxe 3.0\ipeConst.dll - ok
23:35:34.0282 2112 [ 8784236EED5079493DA9FC95B28B89F8 ] C:\Windows\System32\WerFault.exe
23:35:34.0282 2112 C:\Windows\System32\WerFault.exe - ok
23:35:34.0282 2112 [ 990EA3103E06D68CE0E755A9C3D70107 ] C:\Windows\System32\dbgeng.dll
23:35:34.0282 2112 C:\Windows\System32\dbgeng.dll - ok
23:35:34.0298 2112 [ FB4045578F5180BDB1963AB352B78548 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
23:35:34.0298 2112 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
23:35:34.0298 2112 [ 9108540E866F75C7AF2B91DD921A8091 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
23:35:34.0298 2112 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
23:35:34.0313 2112 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
23:35:34.0313 2112 C:\Windows\System32\DXP.dll - ok
23:35:34.0313 2112 [ 75838AB28CC1318345DA62B6C339068C ] C:\Windows\System32\GfxUI.exe
23:35:34.0313 2112 C:\Windows\System32\GfxUI.exe - ok
23:35:34.0329 2112 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
23:35:34.0329 2112 C:\Windows\System32\Syncreg.dll - ok
23:35:34.0329 2112 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
23:35:34.0329 2112 C:\Windows\ehome\ehSSO.dll - ok
23:35:34.0344 2112 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
23:35:34.0344 2112 C:\Windows\SysWOW64\riched20.dll - ok
23:35:34.0344 2112 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
23:35:34.0344 2112 C:\Windows\System32\netshell.dll - ok
23:35:34.0360 2112 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
23:35:34.0360 2112 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
23:35:34.0360 2112 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
23:35:34.0360 2112 C:\Windows\System32\AltTab.dll - ok
23:35:34.0376 2112 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
23:35:34.0376 2112 C:\Windows\SysWOW64\duser.dll - ok
23:35:34.0376 2112 [ 75EB974222F293159427F9A77A5F3C6A ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
23:35:34.0376 2112 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll - ok
23:35:34.0391 2112 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
23:35:34.0391 2112 C:\Windows\System32\WPDShServiceObj.dll - ok
23:35:34.0391 2112 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
23:35:34.0391 2112 C:\Windows\SysWOW64\dui70.dll - ok
23:35:34.0407 2112 [ EDF4DEC1041EEAF78A0B1E16C1BB4CC4 ] C:\Windows\System32\fthsvc.dll
23:35:34.0407 2112 C:\Windows\System32\fthsvc.dll - ok
23:35:34.0407 2112 [ A8C05DD686FD7521914AAE742DECB0DA ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
23:35:34.0407 2112 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll - ok
23:35:34.0422 2112 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
23:35:34.0422 2112 C:\Windows\System32\pnidui.dll - ok
23:35:34.0422 2112 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
23:35:34.0422 2112 C:\Windows\System32\QUTIL.DLL - ok
23:35:34.0438 2112 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
23:35:34.0438 2112 C:\Windows\System32\SearchIndexer.exe - ok
23:35:34.0438 2112 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
23:35:34.0438 2112 C:\Windows\System32\srchadmin.dll - ok
23:35:34.0454 2112 [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
23:35:34.0454 2112 C:\Windows\System32\UIAnimation.dll - ok
23:35:34.0454 2112 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
23:35:34.0454 2112 C:\Windows\System32\ActionCenter.dll - ok
23:35:34.0469 2112 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
23:35:34.0469 2112 C:\Windows\System32\bthprops.cpl - ok
23:35:34.0469 2112 [ 20ECAC7791DCBA69121631CB627E5A96 ] C:\Windows\System32\mf.dll
23:35:34.0469 2112 C:\Windows\System32\mf.dll - ok
23:35:34.0485 2112 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
23:35:34.0485 2112 C:\Windows\System32\tquery.dll - ok
23:35:34.0485 2112 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
23:35:34.0485 2112 C:\Windows\System32\mssrch.dll - ok
23:35:34.0500 2112 [ 3BDCBB29D727C49DC3E3256253467281 ] C:\Windows\System32\wmdrmsdk.dll
23:35:34.0500 2112 C:\Windows\System32\wmdrmsdk.dll - ok
23:35:34.0500 2112 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
23:35:34.0500 2112 C:\Windows\System32\msidle.dll - ok
23:35:34.0516 2112 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
23:35:34.0516 2112 C:\Windows\System32\netman.dll - ok
23:35:34.0516 2112 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
23:35:34.0516 2112 C:\Windows\System32\mssprxy.dll - ok
23:35:34.0532 2112 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
23:35:34.0532 2112 C:\Windows\System32\en-US\tquery.dll.mui - ok
23:35:34.0532 2112 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
23:35:34.0532 2112 C:\Windows\System32\rasdlg.dll - ok
23:35:34.0547 2112 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
23:35:34.0547 2112 C:\Windows\System32\dot3api.dll - ok
23:35:34.0547 2112 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
23:35:34.0547 2112 C:\Windows\System32\wlanapi.dll - ok
23:35:34.0563 2112 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
23:35:34.0563 2112 C:\Windows\System32\wlanhlp.dll - ok
23:35:34.0563 2112 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
23:35:34.0563 2112 C:\Windows\System32\WWanAPI.dll - ok
23:35:34.0578 2112 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
23:35:34.0578 2112 C:\Windows\System32\wwapi.dll - ok
23:35:34.0578 2112 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
23:35:34.0578 2112 C:\Windows\System32\QAGENT.DLL - ok
23:35:34.0594 2112 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
23:35:34.0594 2112 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok
23:35:34.0594 2112 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
23:35:34.0594 2112 C:\Windows\System32\riched20.dll - ok
23:35:34.0610 2112 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
23:35:34.0610 2112 C:\Windows\System32\FXSST.dll - ok
23:35:34.0610 2112 [ 1B1431D9520C7578AD5633ED2A70625F ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
23:35:34.0610 2112 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok
23:35:34.0625 2112 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
23:35:34.0625 2112 C:\Windows\System32\FXSAPI.dll - ok
23:35:34.0625 2112 [ 32C06C7E4EDB8E2D9DC8BE4AE875C10B ] C:\Program Files\Hewlett-Packard\HP Quick Launch\Beats.exe
23:35:34.0625 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\Beats.exe - ok
23:35:34.0641 2112 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
23:35:34.0641 2112 C:\Windows\System32\FXSRESM.dll - ok
23:35:34.0641 2112 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
23:35:34.0641 2112 C:\Windows\System32\FXSSVC.exe - ok
23:35:34.0656 2112 [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll
23:35:34.0656 2112 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok
23:35:34.0656 2112 [ 1A9B2D01C0307558C548A548ED5E3562 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6fa18e5d118c3aaffe0e379bf4b8eb08\System.ni.dll
23:35:34.0656 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\6fa18e5d118c3aaffe0e379bf4b8eb08\System.ni.dll - ok
23:35:34.0672 2112 [ 19B9523698137566DAA8B80C62CE4AAD ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1b21a532b2c54f825b7e916a7f1c8c54\System.Drawing.ni.dll
23:35:34.0672 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\1b21a532b2c54f825b7e916a7f1c8c54\System.Drawing.ni.dll - ok
23:35:34.0672 2112 [ 0AA95948577DACD879620C7A79497618 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\e09553751d29c3411d6fb664fc0e3efb\WindowsBase.ni.dll
23:35:34.0672 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\e09553751d29c3411d6fb664fc0e3efb\WindowsBase.ni.dll - ok
23:35:34.0688 2112 [ A810D010A5695D3256F7DD289B281DCA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\edc3fe8d35c7683e937991391e16e1d0\System.Windows.Forms.ni.dll
23:35:34.0688 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\edc3fe8d35c7683e937991391e16e1d0\System.Windows.Forms.ni.dll - ok
23:35:34.0688 2112 [ 736A93850CBAEF3D50480A5849C06F04 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\c9b5aa77c9281a3ab53b057cc3d80bf8\PresentationCore.ni.dll
23:35:34.0688 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\c9b5aa77c9281a3ab53b057cc3d80bf8\PresentationCore.ni.dll - ok
23:35:34.0703 2112 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll
23:35:34.0703 2112 C:\Windows\System32\shfolder.dll - ok
23:35:34.0703 2112 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll
23:35:34.0703 2112 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok
23:35:34.0719 2112 [ 9473D8FC514C61F3858F7C4FF8DCE30F ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\516b7cd414dc5665728b15afb8d7fdf6\System.Management.ni.dll
23:35:34.0719 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\516b7cd414dc5665728b15afb8d7fdf6\System.Management.ni.dll - ok
23:35:34.0719 2112 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:35:34.0719 2112 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe - ok
23:35:34.0734 2112 [ BDC23CD692B3F54CC40B3A40D3DDA152 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\44198f4092c57a75f76d69deae46dfd1\PresentationFramework.ni.dll
23:35:34.0734 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\44198f4092c57a75f76d69deae46dfd1\PresentationFramework.ni.dll - ok
23:35:34.0734 2112 [ AE098D9D3BD83440C59A0C3386F4F5DD ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
23:35:34.0734 2112 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
23:35:34.0750 2112 [ 6E656C325A5519A3A9D951709958CF6F ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
23:35:34.0750 2112 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok
23:35:34.0750 2112 [ 0EC4190B22A0E37010CC69371432FC0C ] C:\Windows\System32\gfxSrvc.dll
23:35:34.0750 2112 C:\Windows\System32\gfxSrvc.dll - ok
23:35:34.0766 2112 [ 58957A04853F47B791D68B960258043C ] C:\Windows\System32\IGFXDEVLib.dll
23:35:34.0766 2112 C:\Windows\System32\IGFXDEVLib.dll - ok
23:35:34.0766 2112 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll
23:35:34.0766 2112 C:\Windows\System32\d3d9.dll - ok
23:35:34.0781 2112 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll
23:35:34.0781 2112 C:\Windows\System32\d3d8thk.dll - ok
23:35:34.0781 2112 [ 9C253164E7016B42591F08BEB90FB494 ] C:\Windows\System32\igdumd64.dll
23:35:34.0781 2112 C:\Windows\System32\igdumd64.dll - ok
23:35:34.0797 2112 [ 2BC6D8AE2D2150053016AC58B72EF60C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\68b969603e53c94e256a15cc8ba6ce78\System.Xml.ni.dll
23:35:34.0797 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\68b969603e53c94e256a15cc8ba6ce78\System.Xml.ni.dll - ok
23:35:34.0797 2112 [ 2AACCCFC5068CC176233493CC780BFDE ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\b8a65735553ba5386ed76783daa73ccc\System.Configuration.ni.dll
23:35:34.0797 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\b8a65735553ba5386ed76783daa73ccc\System.Configuration.ni.dll - ok
23:35:34.0812 2112 [ F1C19F0AA151B90A7416FA1D50DDB582 ] C:\Windows\System32\WindowsCodecsExt.dll
23:35:34.0812 2112 C:\Windows\System32\WindowsCodecsExt.dll - ok
23:35:34.0812 2112 [ 1D296F090ED401967B30BD2B970DC306 ] C:\Windows\System32\icm32.dll
23:35:34.0812 2112 C:\Windows\System32\icm32.dll - ok
23:35:34.0937 2112 [ 9530CA667B0576470A2E0FB30B2B649C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\1cb941fc2fe2e4748939e933673381b2\WindowsFormsIntegration.ni.dll
23:35:34.0937 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\1cb941fc2fe2e4748939e933673381b2\WindowsFormsIntegration.ni.dll - ok
23:35:34.0953 2112 [ 7AD0860F6C04AD34492A6EDFA81ECAC2 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\56d7206478a1eb28089a8efbdf921bf2\PresentationFramework.Aero.ni.dll
23:35:34.0953 2112 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\56d7206478a1eb28089a8efbdf921bf2\PresentationFramework.Aero.ni.dll - ok
23:35:34.0968 2112 [ 698C8D12111171FFCF9331025BE7BC3C ] C:\Program Files\Hewlett-Packard\HP Quick Launch\cNBToaster.dll
23:35:34.0968 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\cNBToaster.dll - ok
23:35:34.0984 2112 [ F02776DAC07B50A2D32F8758836807EB ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPSCRCTL.exe
23:35:34.0984 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPSCRCTL.exe - ok
23:35:35.0000 2112 [ 0C63AB2C602C757CAF2202653DBFD090 ] C:\Program Files\Hewlett-Packard\HP Quick Launch\hpSmartAdapterHelp.exe
23:35:35.0000 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\hpSmartAdapterHelp.exe - ok
23:35:35.0000 2112 [ DB1F69F14450A8B96B71933B1C607AF7 ] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPUSRMSG.exe
23:35:35.0000 2112 C:\Program Files\Hewlett-Packard\HP Quick Launch\HPUSRMSG.exe - ok
23:35:35.0015 2112 [ 41DF7355A5A907E2C1D7804EC028965D ] C:\Windows\System32\wermgr.exe
23:35:35.0015 2112 C:\Windows\System32\wermgr.exe - ok
23:35:35.0015 2112 [ 0819EF7DB96DAB8AC3DACE567ED1B99E ] C:\Windows\System32\werui.dll
23:35:35.0015 2112 C:\Windows\System32\werui.dll - ok
23:35:35.0031 2112 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
23:35:35.0031 2112 C:\Windows\System32\NapiNSP.dll - ok
23:35:35.0031 2112 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
23:35:35.0031 2112 C:\Windows\System32\pnrpnsp.dll - ok
23:35:35.0046 2112 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
23:35:35.0046 2112 C:\Windows\System32\winrnr.dll - ok
23:35:35.0046 2112 [ BC0D4AFBE94D8E1F81C8926D805C3366 ] C:\Windows\System32\webcheck.dll
23:35:35.0046 2112 C:\Windows\System32\webcheck.dll - ok
23:35:35.0062 2112 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
23:35:35.0062 2112 C:\Windows\System32\mlang.dll - ok
23:35:35.0062 2112 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
23:35:35.0062 2112 C:\Windows\System32\SyncCenter.dll - ok
23:35:35.0062 2112 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
23:35:35.0062 2112 C:\Windows\System32\imapi2.dll - ok
23:35:35.0078 2112 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
23:35:35.0078 2112 C:\Windows\System32\hgcpl.dll - ok
23:35:35.0078 2112 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe
23:35:35.0078 2112 C:\Windows\System32\SearchProtocolHost.exe - ok
23:35:35.0093 2112 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll
23:35:35.0093 2112 C:\Windows\System32\msshooks.dll - ok
23:35:35.0093 2112 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
23:35:35.0093 2112 C:\Windows\System32\SearchFilterHost.exe - ok
23:35:35.0109 2112 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll
23:35:35.0109 2112 C:\Windows\System32\mssph.dll - ok
23:35:35.0109 2112 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll
23:35:35.0109 2112 C:\Windows\System32\mapi32.dll - ok
23:35:35.0124 2112 ============================================================
23:35:35.0124 2112 Scan finished
23:35:35.0124 2112 ============================================================
23:35:35.0140 3048 Detected object count: 2
23:35:35.0140 3048 Actual detected object count: 2
23:36:07.0728 3048 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:07.0728 3048 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:36:07.0728 3048 HPWMISVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:07.0728 3048 HPWMISVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

[godawgs]

Hello,

OTL did it's thing. AdwCleaner and JRT removed more rubbish. The TDSSKiller scan is clean so there's no evidence of any rootkits. Let's check for any residual malware files. Tell me if any issues remain after this run.


Step-1.

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here and save it to the desktop.

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

• Right Click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.
• When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
• When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
  NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  
  
  
• On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
  
  
  
• When the scan is finished a message box will appear as shown in the image below.
  
  
  
  You should click on the OK button to close the message box and continue with the removal process.
  
• You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
• A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
  
  
  
• Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.
  
  
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  
  

  Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
  When prompted double click on the icon on the desktop.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Uncheck the box beside Remove Found Threats
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.

When The Scan is Complete:

• If No Threats Were Found:
  • Put a checkmark in "Uninstall application on close"
  • Close the program
  • Report to me that nothing was found
• If Threats Were Found:
  • Click on "list of threats found"
  • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
  • Click on Finish
  • Close the program
  • Copy and paste the report here

Note: Do not forget to re-enable your Anti-Virus application and any screen saver after running the above scans!


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.

• Double click the SecurityCheck icon to run the application.
• Right click the SecurityCheck icon and click Run as Administrator to run the application. Allow any UAC warnings.
• Follow the onscreen instructions inside of the black box.
  
  
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just let me know
3. The checkup.txt log
4. How is the computer running now?

[doubled1990]

Thank you. See below for the MalwayBytes log and the ESET scan log. I couldn't attach Security Check log as I got an "AutoIt Error" that said "Line -1: Error: Variable must be of type "Object" during the initial scan process (never got passed the "Preparing screen). Also, my Internet Explorer (IE) 10 is very very sluggish. Copying/pasting is also slow. I'm debating to uninstall the current IE and see if this makes a difference, but I'm not sure if I should wait until the below items are cleared first.

=================
MalwareBytes log
=================


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Messy Family :: MFAMILY-PC [administrator]

Protection: Disabled

8/8/2013 10:39:57 PM
mbam-log-2013-08-08 (22-39-57).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444430
Time elapsed: 2 hour(s), 8 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Trojan.Ransom.LS) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\FRST\Quarantine\ghamel.dll (Trojan.Tracur.s) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\googleupdate.exe (Trojan.Ransom.LS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\jucheck.exe (Trojan.Agent.rf) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\midefender.exe (Trojan.FakeAV.gen) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\skype.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\skype.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\teamviewer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\uatjyhgl.dll (Trojan.RKAgent) -> Quarantined and deleted successfully.
C:\Users\Messy Family\Desktop\easy games\Desktop Tools.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
C:\Users\Messy Family\Desktop\lazy file\Popcap\Alchemy\Alchemy_v12_patch.zip (Trojan.Bancos) -> Quarantined and deleted successfully.
C:\Users\Messy Family\Desktop\lazy file\Popcap\TipTop\TipTop_v11_patch.zip (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Messy Family\Documents\word docs 11-2010\CAF\easy games\Desktop Tools.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
C:\Users\Messy Family\Pictures\pics 11-2010\Pictures\My Pictures\2007\07 pagent\easy games\Desktop Tools.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\16FC.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\2494.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\4B62.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\7E34.tmp (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\8557.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\fibhcrn\fibhcrn.dll (Trojan.Tracur.s) -> Quarantined and deleted successfully.

(end)

=================
ESET scan log
=================

C:\FRST\Quarantine\WINB70C.exe Win32/Agent.PQF trojan
C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Users\cdmdgnieknkjdhbmgfhjcjgcglmmlcch\cs.js Win32/TrojanDownloader.Tracur.AD trojan
C:\Users\Messy Family\Desktop\ZipOpenerSetup.exe Win32/InstallCore.BN application
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\1SKKKKKKK.exe Win32/TrojanDownloader.Agent.RXI trojan
C:\_OTL\MovedFiles\08072013_224631\C_Users\Messy Family\AppData\Local\Temp\6729.exe Win32/Agent.PQF trojan

[godawgs]

Thanks for the logs.

I couldn't attach Security Check log as I got an "AutoIt Error" that said "Line -1: Error: Variable must be of type "Object" during the initial scan process (never got passed the "Preparing screen).

Please delete the SecurityCheck.exe file on the desktop and use Firefox to download a fresh copy. Then close the browser and all open windows and run the program using the instructions in post #6 above.

Also, my Internet Explorer (IE) 10 is very very sluggish. Copying/pasting is also slow. I'm debating to uninstall the current IE and see if this makes a difference, but I'm not sure if I should wait until the below items are cleared first.

Please Do Not uninstall IE until we have finished the malware removal and then we will see if we can do anything to speed it up.

Most of the stuff that MBAM and ESET found had already been quarantined by FRST and OTL but there are a couple of things that we will remove.


Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-1.

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Users\cdmdgnieknkjdhbmgfhjcjgcglmmlcch\cs.js
C:\Users\Messy Family\Desktop\ZipOpenerSetup.exe

:COMMANDS
[emptytemp]

Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open on your desktop. To do that:

• Vista and 7 users: Right click the icon and click Run as Administrator

3. Place the mouse pointer inside the textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The checkup.txt log

[doubled1990]

See below for the OTL fix log. I downloaded and installed Firefox and attempted the SecurityFix install once more (a new download), but I was still unsuccessful with the same AutoIt error message. I did, however, apply the Microsoft patch for the Windows Sidebar and Gadgets and this completed. Thank you.

=================
OTL Fix Log
=================

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== FILES ==========
C:\Users\Messy Family\AppData\Local\Google\Chrome\User Data\Default\Users\cdmdgnieknkjdhbmgfhjcjgcglmmlcch\cs.js moved successfully.
C:\Users\Messy Family\Desktop\ZipOpenerSetup.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Messy Family
->Temp folder emptied: 2280416 bytes
->Temporary Internet Files folder emptied: 13854336 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16527717 bytes
->Google Chrome cache emptied: 7355862 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525222 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 39.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08112013_121058

Files\Folders moved on Reboot...
C:\Users\Messy Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Messy Family\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\TMP000000016B4881B80FA40F80 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[godawgs]

Thanks for the OTL log.

I downloaded and installed Firefox and attempted the SecurityFix install once more (a new download), but I was still unsuccessful with the same AutoIt error message.

I just noticed in the instructions to run SecurityCheck that I asked you to double click the Securitycheck.exe file and right click the file. If you did both of those please just double click on the file and see if it runs.

[doubled1990]

Hi godawgs,

As you had me for the most part "run as admin." I did that during the occasions I attempted SecurityCheck. I just tried the double clicking technique, but I still get the AutoIt error message.

[godawgs]

Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  
  
  
  
• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The ComboFix.txt log

[doubled1990]

Hi godawgs,

I attempted the Combofix as suggested last night, but the running process took too long and I eventually had to close the window (the AutoScan went all the way to "Stage 48" and never went further for the remainder 3+ or so hours). Although I never clicked anywhere inside the Combofix's AutoScan window I had to eventually during the process go to my control panel and alter my "sleep mode" settings as the scan was taking a very long time (overall my computer was idle with the process for a good 7 to 8 hours). I don't think this action should have done anything to disrupt/stall the scanning process, but just letting you know. Please let me know if you want me to retry the Combofix process.

[godawgs]

You were so close. ComboFix runs through 50 stages. I've never seen it take that long but it's possible.
See if there was a log file named Combofix.txt created in the C:\ directory (the root directory). If there was, please post it.
NOTE: If you don't know how to find the root directory just click the Start Orb and in the Start Search box type Combofix.txt and see it the search finds it.

If there wasn't let's run ComboFix again. But this time we will turn off Norton Internet Security first.

Turn off Norton Internet Security

NOTE: You must be logged in to an account with Administrator privileges.

• Click to the Start Orb, click All Programs
• Click the Norton Internet Security folder and click on Norton Internet Security in the menu again.
• Click on Status & Settings in the left-hand section of Norton Internet Security and select Security.
• Click Turn Off and close the window.

Turn the computer's sleep mode off and run ComboFix again using the instructions in my post above (except for the part about downloading the program).

Post the ComboFix.txt log in your next reply.

[doubled1990]

I tried once more and left this running a bit longer. I was finally successful. Note despite what you see of Norton this is actually not running (when going through the start menu/orb this is asking me to register/activate now). See below for the log.

=================
ComboFix Log
=================

ComboFix 13-08-14.02 - Messy Family 08/16/2013 17:57:14.2.1 - x64
Running from: c:\users\Messy Family\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-07-17 to 2013-08-17 )))))))))))))))))))))))))))))))
.
.
2013-08-17 10:42 . 2013-08-17 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-17 06:07 . 2013-08-17 06:07 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D85AF99D-4290-497D-A4DF-C89839075D54}\offreg.dll
2013-08-11 18:19 . 2013-08-11 18:19 -------- d-----w- c:\users\Messy Family\AppData\Local\Mozilla
2013-08-11 18:18 . 2013-08-11 18:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-08-09 05:35 . 2013-08-09 05:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-09 05:35 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-09 05:28 . 2013-08-09 05:28 -------- d-----w- c:\users\Messy Family\AppData\Roaming\Malwarebytes
2013-08-09 05:26 . 2013-08-09 05:26 -------- d-----w- c:\programdata\Malwarebytes
2013-08-09 05:24 . 2013-08-09 05:24 -------- d-----w- c:\users\Messy Family\AppData\Local\Programs
2013-08-08 06:13 . 2013-08-08 06:13 -------- d-----w- c:\windows\ERUNT
2013-08-08 05:46 . 2013-08-08 05:46 -------- d-----w- C:\_OTL
2013-08-06 04:01 . 2013-08-06 04:01 -------- d-----w- c:\programdata\Recovery
2013-08-04 18:55 . 2013-08-04 18:55 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-02 08:34 . 2013-07-16 06:40 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D85AF99D-4290-497D-A4DF-C89839075D54}\mpengine.dll
2013-06-12 05:50 . 2012-11-27 05:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 05:50 . 2012-02-28 18:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-13 16:31 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-13 16:31 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-13 16:31 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-13 16:31 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-13 16:31 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-13 16:31 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-13 16:31 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-13 16:31 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-13 16:31 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-13 16:31 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-13 16:31 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-13 16:31 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-13 16:31 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-13 16:31 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-13 16:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-13 16:31 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-13 16:31 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-13 16:31 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-13 16:31 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-13 16:31 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 14:06 . 2013-06-07 14:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-07 14:06 . 2013-06-07 14:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-07 14:06 . 2013-06-07 14:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-07 14:06 . 2013-06-07 14:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-07 14:06 . 2013-06-07 14:06 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-07 14:06 . 2013-06-07 14:06 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-07 14:06 . 2013-06-07 14:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-07 14:06 . 2013-06-07 14:06 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-07 14:06 . 2013-06-07 14:06 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-07 14:06 . 2013-06-07 14:06 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-07 14:06 . 2013-06-07 14:06 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-07 14:06 . 2013-06-07 14:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-07 14:06 . 2013-06-07 14:06 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-07 14:06 . 2013-06-07 14:06 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-07 14:06 . 2013-06-07 14:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-07 14:06 . 2013-06-07 14:06 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-07 14:06 . 2013-06-07 14:06 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-07 14:06 . 2013-06-07 14:06 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-07 14:06 . 2013-06-07 14:06 441856 ----a-w- c:\windows\system32\html.iec
2013-06-07 14:06 . 2013-06-07 14:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-07 14:06 . 2013-06-07 14:06 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-07 14:06 . 2013-06-07 14:06 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-07 14:06 . 2013-06-07 14:06 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-07 14:06 . 2013-06-07 14:06 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-07 14:06 . 2013-06-07 14:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-07 14:06 . 2013-06-07 14:06 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-07 14:06 . 2013-06-07 14:06 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-07 14:06 . 2013-06-07 14:06 235008 ----a-w- c:\windows\system32\url.dll
2013-06-07 14:06 . 2013-06-07 14:06 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-07 14:06 . 2013-06-07 14:06 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-07 14:06 . 2013-06-07 14:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-07 14:06 . 2013-06-07 14:06 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-07 14:06 . 2013-06-07 14:06 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 14:06 . 2013-06-07 14:06 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-07 14:06 . 2013-06-07 14:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-07 14:06 . 2013-06-07 14:06 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-07 14:06 . 2013-06-07 14:06 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-07 14:06 . 2013-06-07 14:06 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-07 14:06 . 2013-06-07 14:06 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-07 14:06 . 2013-06-07 14:06 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-07 14:06 . 2013-06-07 14:06 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-07 14:06 . 2013-06-07 14:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-07 14:06 . 2013-06-07 14:06 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-07 14:06 . 2013-06-07 14:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-07 14:06 . 2013-06-07 14:06 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-07 14:06 . 2013-06-07 14:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-07 14:06 . 2013-06-07 14:06 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-07 14:06 . 2013-06-07 14:06 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-07 14:06 . 2013-06-07 14:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-07 13:56 . 2013-06-07 13:56 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-07 13:56 . 2013-06-07 13:56 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-07 13:56 . 2013-06-07 13:56 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-07 13:56 . 2013-06-07 13:56 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-07 13:56 . 2013-06-07 13:56 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-07 13:56 . 2013-06-07 13:56 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-07 13:56 . 2013-06-07 13:56 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-07 13:56 . 2013-06-07 13:56 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-07 13:56 . 2013-06-07 13:56 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-07 13:56 . 2013-06-07 13:56 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-07 13:56 . 2013-06-07 13:56 363008 ----a-w- c:\windows\system32\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlazeServoTool"="c:\program files (x86)\X-OOM\DVD Player 3 Deluxe\MediaDetector.exe" [2006-01-04 270336]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-03-24 149280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"PhotoExplosionCalCheck"="c:\program files (x86)\Nova Development\Photo Explosion Deluxe 3.0\calcheck.exe" [2006-05-10 69632]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 07:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 05:50]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 18:02]
.
2013-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 18:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Messy Family\AppData\Roaming\Mozilla\Firefox\Profiles\wqng53bs.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-16968151.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Origin - c:\program files (x86)\Origin\OriginUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.0.0.136\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-17 04:10:20
ComboFix-quarantined-files.txt 2013-08-17 11:10
.
Pre-Run: 111,420,264,448 bytes free
Post-Run: 111,257,874,432 bytes free
.
- - End Of File - - 0051705E04847046E2536D65ECBE64F1
E2A9C3A524E2AFE3D0EC7B71691F43CB